Splunk Search

Community Activity

How can I pass a list of parameters to a custom Generating command to iterate over and generate events? I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d... by umairahmad3985 Path Finder in Splunk Search 12-10-2019 0 0	0	0
Problem with Geospatial lookup and geom command Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's b... by badrinath_itrs Communicator in Splunk Search 12-10-2019 1 2	1	2
Clarification about appendcols needed Hello, My alert looks as follows: \|inputcsv anomalies_ls5923.txt \| where like(ANOMALY_ID, "iA%")\| tail 1 \|rename co... by damucka Builder in Splunk Search 12-10-2019 0 1	0	1
struggle with RegEx field extraction on a Windows Event log Hey - I'm taking my first steps on extracting fields with RegEx and can't seem to get this one working .. any help wo... by feichinger Path Finder in Splunk Search 12-10-2019 0 5	0	5
Minutes and seconds formating I have a field that sends time in Min&sec in the format 3m7s I want it to be in the format 3.07 Tried using the bel... by gravi Explorer in Splunk Search 12-10-2019 0 5	0	5
Which events has been searching for Hi all! Need some help with a serach that showing which events has been searching for, last 90 days. by amirarsalan Explorer in Splunk Search 12-10-2019 0 1	0	1
Need to populate recent time value at the column left and oldest time towards right using chart command Hello Experts, We had created splunk dashboard for monitoring automation tests which is triggered at Jenkins. Below ... by arunrajamani New Member in Splunk Search 12-10-2019 0 7	0	7
merge a string in a list relatively to another string Hello everyone, I want to add a string in a list which is in a field compared to another string which also is in ano... by amir_bnp Explorer in Splunk Search 12-10-2019 0 13	0	13
Total Results With All Fields Showing I am trying to build an alert for when the total results for my search is greater than 9. I have it working, except t... by johann2017 Explorer in Splunk Search 12-10-2019 0 6	0	6
Lookup not working, it is generating a "NOT ()" query for some reason. lookup contains 3 columns DeviceId, host, and storeNumber splunk events contain a Properties.DeviceName field that m... by Cuyose Builder in Splunk Search 12-09-2019 0 4	0	4
correct TIME_FORMAT for time stamp Hello, I'm having trouble extracting the following timestamp for one source, is there someone here that can recommend... by Melstrathdee Path Finder in Splunk Search 12-09-2019 0 2	0	2
How to extract and create multiple fields for the same log line If I have the log line: WEB 1.1.1.1/2.2.2.2/3.3.3.3 and I want to use extract fields to map: WEB -> field1 1.1.1.1/2... by vnarapuram Explorer in Splunk Search 12-09-2019 0 8	0	8
count eval, error using AND Hello, I'd like to count events from Windows Logs in my search that include both EventCode="4624" as well as Account_... by nataliamur New Member in Splunk Search 12-09-2019 0 2	0	2
Conversion of epoch time in rex extracted field Hey All, Need some assistance with extracting/converting the epoch timestamps on index buckets from a search that I ... by adalbor Builder in Splunk Search 12-09-2019 0 5	0	5
Can stats be in the subject of an alert-generated e-mail? We have an alert, that checks for a particular condition (Oracle-errors) across multiple indexes: (index=HOP OR inde... by unitedmarsupial Path Finder in Splunk Search 12-09-2019 0 4	0	4
Error with eval expression using eventstats command in Splunk Datamodel Hi, I want to create below search using splunk DataModel: index="oqa_pub" sourcetype="idesk_db_inc" \|search RESOLVE... by mogoe2 New Member in Splunk Search 12-09-2019 0 5	0	5
Can we run the query for 100 or so hosts? We have the following that runs nicely for one host - index=<index name> host=<host name> source=<source name> sour... by danielbb Motivator in Splunk Search 12-09-2019 0 1	0	1
How to evaluate multiple fields and replace field output with new string I have an issue where events are displaying incorrect information for a particular field in my search. Example: ... by garciajbg Explorer in Splunk Search 12-09-2019 0 4	0	4
After obtaining the Time difference of two time/date fields, if the time greater than a hr create a alert. Im pretty new to splunk, so my approach may be incorrect. However, At this time my query is as below: search query \|... by dcephas Engager in Splunk Search 12-09-2019 0 2	0	2
Cisco CDR: How to remove two columns in report extraction I need to remove these two columns in the report extraction, I already removed the values in the "search" for these c... by fiveitsplunk Explorer in Splunk Search 12-09-2019 0 6	0	6
help with regex needed Hello, I have the following content in the variable $result.LINE$ in my alert, coming as a DB SQL result: Below wor... by damucka Builder in Splunk Search 12-09-2019 0 3	0	3
Command to free disk space My instance of Splunk currently has 9.4 TB of disk for indexing. We have 360GB per day being indexed and I can't incr... by erlindemberg Explorer in Splunk Search 12-09-2019 0 4	0	4
Change time zone in log indexing Hi, I have a log that it has the format below, I need his GMT to be -3h. That is, in the log file the time is (2019... by leandromatperei Path Finder in Splunk Search 12-09-2019 0 2	0	2
Regular Expression to extract the below values Hi, One of my value in table is being passed as an Boolean expression as below (assignment_group = 1213App_Developme... by aswin_asok Explorer in Splunk Search 12-09-2019 1 5	1	5
Rex field to extract dot net module Hi i currently have the following line in my search that search for system.net.webclient: \|rex max_match=0 "(?<modul... by totaro Explorer in Splunk Search 12-08-2019 0 3	0	3