Splunk Search

Community Activity

refresh for sub set of admin role @MuS I would like to give access to some user to do refresh, i know they need admin role. However admin has 99 capa... by robertlynch2020 Influencer in Splunk Search 11-28-2019 1 2	1	2
index syntax question Within Splunk cloud 7.2.6 - If I run a search without specifying index or sourcetype it will search the main index b... by trojan_81 Path Finder in Splunk Search 11-28-2019 0 4	0	4
legacy notation: populating search for populating a tickbox input. I have the following bit of code that does a search. The results of that search populates a tickbox input. I wrote it... by HattrickNZ Motivator in Splunk Search 11-28-2019 0 3	0	3
duplicate values causing conflict Hi, Im getting this error although I do not have any duplicate values. Below is the screenshot and my xml: <form> ... by sarnagar Contributor in Splunk Search 11-28-2019 9 4	9	4
Drop-down error "Duplicate values causing conflict" - Dedup not working? Hi everyone, I'm trying to dynamically populate a dropdown menu with error codes. Obviously, I don't want duplicat... by Svill321 Path Finder in Splunk Search 11-28-2019 1 6	1	6
Searching for percentage of total count grouped into buckets I have a list of article IDs and their corresponding article view counts for a given day. I want to see what percen... by tmtcollins Explorer in Splunk Search 11-28-2019 0 3	0	3
question about vulnerability? Greetings!! I would like to ask about this vulnerability : https://www.bleepingcomputer.com/news/security/splunk-fac... by pacifikn Communicator in Splunk Search 11-28-2019 0 1	0	1
Is it possible to launch a connector in Splunkbase? Hi All, We have a prediction platform and we have developed a connector that can explore Splunk SDK for search and d... by abhilashr New Member in Splunk Search 11-28-2019 0 4	0	4
help to filter data after a loadjob command hi I use the scheduled search below `winevent` (sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" AND... by jip31 Motivator in Splunk Search 11-27-2019 1 9	1	9
[indexer1] The lookup table 'XXX' does not exist. It is referenced by configuration 'YYY'. I've been investigating this error which is appearing 6 times per search (1 for each indexer in the cluster) for a wh... by stepheneardley Path Finder in Splunk Search 11-27-2019 0 7	0	7
How can I show a list of devices that have been offline for more than a week? New to Splunk and trying to learn it: sorry for the dumb question. So I am trying to filter out a list of POS device... by kourbeh New Member in Splunk Search 11-27-2019 0 1	0	1
Require splunk query to get list of processes running in web server I used sourcetype-perfmon:process and i could get fields - counter/instance/object which refers process name by jeniemmanuel New Member in Splunk Search 11-27-2019 0 2	0	2
Event breaking help with props.conf I have a sourcetype that I'm working with and trying to break up the events by any line that says "Job start time: yy... by joesrepsolc Communicator in Splunk Search 11-27-2019 0 5	0	5
Any way to break this row into two columns? I am setting up a dashboard that monitors count of events on a daily basis and a previous 30 day average by customer.... by bhavlik Path Finder in Splunk Search 11-27-2019 0 5	0	5
iam receiving a message unbalanced quotes , i tried using back slash \| eval e="$time_token.earliest$", l=$time_token.latest$"\| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true... by pavanraghav Explorer in Splunk Search 11-27-2019 0 4	0	4
Creating a custom SourceType with multiple delimiters (35 fields) Hi all, I've searched around a bit and I can't seem to find the answer after failing to figure it out myself. The d... by whitehaven Explorer in Splunk Search 11-27-2019 0 7	0	7
query running using KV store is taking logn time Hi , I have a scenario where i am using KV store to get the events generated. But my query is taking 5hr to run whi... by vikashperiwal Path Finder in Splunk Search 11-27-2019 0 4	0	4
Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"? In my query before, I was using the outputcsv search command, and then I had a monitoring input stanza to upload it t... by ben_leung Builder in Splunk Search 11-27-2019 0 7	0	7
Is it Possible to create the Scatter_Line Chart in Splunk? We have the Actual Generation Data from the Machine and also having the Set Points of the Particular Parameter. we n... by vengat4043 Path Finder in Splunk Search 11-27-2019 0 4	0	4
Splunk platform release notes I was going through the Release note which was updated into Splunk Docs recently. https://docs.splunk.com/Documentati... by akarivaratharaj Communicator in Splunk Search 11-27-2019 0 1	0	1
how to extract all values separately suing rex command hi, i have a string like: AAA TEST BBB 1000 CCC DDD EEE FFF GG 11111 i need to extract all the values separa... by Puvi New Member in Splunk Search 11-27-2019 0 1	0	1
Problem to indexer a multivalue field too longer Hi everybody Trying to index a multivalue field with more than 6000 characters approx. With the same sourcetype we ha... by adolfus1982 New Member in Splunk Search 11-26-2019 0 2	0	2
crud in lookup Hi all, I am trying to do crud of a lookup. I ahve been following this link:- https://www.hurricanelabs.com/splunk-t... by test4u Path Finder in Splunk Search 11-26-2019 0 5	0	5
Why is multiline regex blacklisting all events for specifically 4656 only? Hi All, I cant seem to get this right. I am trying to use regex to blacklist 4656 events where: The account name en... by geraldcontreras Path Finder in Splunk Search 11-26-2019 0 2	0	2
Regex by ID removing duplicates Hello everyone. I have a code below where each event is determined by the line break. I am wanting to take the value... by leandromatperei Path Finder in Splunk Search 11-26-2019 0 3	0	3