Splunk Search

Community Activity

Adjusting quotes from subquery using format I'd like to (1) use a subquery to extract a list of deviceId's then (2) search the same index for all events containi... by alancalvitti Path Finder in Splunk Search 12-11-2019 0 4	0	4
How to limit transactions to only correlate events on same domain I am searching for AD accounts that are created and deleted in a short period, but we have a multiple forest environm... by rvalley New Member in Splunk Search 12-11-2019 0 5	0	5
Splunk Y2K-type bug arriving on September 13, 2020 Edit 2019-11-28: Splunk has released a better fix-it app than the one below. Edit 2019-11-25: I didn't notice the mo... by satyenshah Path Finder in Splunk Search 12-11-2019 2 9	2	9
How to table/chart over a period of time trying to calculate groupings of VMs capacity growth over time but a chart or table looks to be the best answer if yo... by clintla Contributor in Splunk Search 12-11-2019 0 23	0	23
Help creating a search that monitors after hour employee login Hello, I had requested for anyone to provide me with a good search to monitor after hour employee login and I was pro... by essibong1 New Member in Splunk Search 12-11-2019 0 1	0	1
System login after hours Hello, I had requested help with a "search language that could determine system logins after core hours" and one of t... by essibong1 New Member in Splunk Search 12-11-2019 0 3	0	3
Help with rex to search logs for deleting user context I know I am missing something simple here, but I cannot seem to figure this out. I am trying to search my logs for t... by gtidd Explorer in Splunk Search 12-11-2019 0 5	0	5
field extraction between brackets I have log file like this: A[1020/09/09] B[1013/09/09] C[05-07-00000000-000-A-B-C] want to extract field of A, B, ... by indeed_2000 Motivator in Splunk Search 12-11-2019 0 5	0	5
eval / rex a field and change its output hello all, I have a lookup with two fields sourcetype and interval ( like below) ..some of the intervals are in seco... by spluzer Communicator in Splunk Search 12-11-2019 0 4	0	4
What are THE most important SPL commands? I get asked some form of this question often and I know what my answer is but I am curious about others. What is you... by woodcock Esteemed Legend in Splunk Search 12-11-2019 1 8	1	8
Filtering WinHostMon with transforms/props so it doesn't index the status of a particular service. Hello, I am trying to use transforms/props to filter a service from being indexed This is what I have: /etc/system... by jospina2 Explorer in Splunk Search 12-11-2019 1 2	1	2
How to download existing lookup file? and how to add new row and modify existing lookup file table? How to download existing lookup file? and how to add new row and modify existing lookup file table? by pacifikn Communicator in Splunk Search 12-11-2019 1 2	1	2
Why is search not returning result when using map? Hello, My following search results records for Account: index="X" AND (sourcetype="A:Proxy" OR sourcetype="A:orderpu... by sheikhazad New Member in Splunk Search 12-11-2019 0 13	0	13
Add additional events to transaction by field Hi, I need to group events where the first event begins with "Receive message" and grouped by thread id. But then nee... by idzjuba Engager in Splunk Search 12-11-2019 0 4	0	4
How to dynamically remove a field from search & how to dynamically use threshold from lookup file and change color based on it? Hi All, Hope you all are doing good. I am stuck with 2 questions may be due to my Splunk query knowledge, hope you ... by niks987 Explorer in Splunk Search 12-11-2019 0 0	0	0
How to find license usage based on the all the indexes When I run the below search I can see 94 indexes available. \| eventcount summarize=false index=* index=_*\| dedup ind... by whitewolf332512 New Member in Splunk Search 12-10-2019 0 3	0	3
Field extraction /data/scripts/esx/output_crc/dc1-ch1-esxi05.dca.com-vmnic0-20191211-10:40:40.txt I need to extract the field "dc1-ch... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 1	0	1
field extraction /data/scripts/esx/outfile/dc1-ch1-esxi05.dca.com-vmnic0.txt I need to extract the dc1-ch1-esxi05.dca.com-vmnic0 fro... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 3	0	3
How to change bar chart color and the legend label How do I change a bar chart color base on the syslog severity level. Example: Informational to blue color, warning to... by matoulas Path Finder in Splunk Search 12-10-2019 0 4	0	4
How to rename timechart legend static names with variable names Hello, I have a timechart search (search code snippet below), everything works great. The chart shows up and the le... by wti Engager in Splunk Search 12-10-2019 0 1	0	1
Field Extraction And Evaluation From the screenshot, i would like to achieve the below; LCU04 = 500 x 00000 LCU03 = 500 x 01985 LCU02 = 500 x 01985 ... by rhugo Observer in Splunk Search 12-10-2019 0 3	0	3
Track growth on new items within a time range using a timechart I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ... by clintla Contributor in Splunk Search 12-10-2019 0 8	0	8
How to show all the field values (including duplicates) in table Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows ... by gravi Explorer in Splunk Search 12-10-2019 0 2	0	2
Lookups missing and receiving error message Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occurre... by bullbo Engager in Splunk Search 12-10-2019 0 1	0	1
Number of fields occurrence in json data I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Fi... by govindparashar1 New Member in Splunk Search 12-10-2019 0 2	0	2