Splunk Search

Community Activity

question about vulnerability? Greetings!! I would like to ask about this vulnerability : https://www.bleepingcomputer.com/news/security/splunk-fac... by pacifikn Communicator in Splunk Search 11-28-2019 0 1	0	1
Is it possible to launch a connector in Splunkbase? Hi All, We have a prediction platform and we have developed a connector that can explore Splunk SDK for search and d... by abhilashr New Member in Splunk Search 11-28-2019 0 4	0	4
help to filter data after a loadjob command hi I use the scheduled search below `winevent` (sourcetype="XmlWinEventLog:Microsoft-Windows-Sysmon/Operational" AND... by jip31 Motivator in Splunk Search 11-27-2019 1 9	1	9
[indexer1] The lookup table 'XXX' does not exist. It is referenced by configuration 'YYY'. I've been investigating this error which is appearing 6 times per search (1 for each indexer in the cluster) for a wh... by stepheneardley Path Finder in Splunk Search 11-27-2019 0 7	0	7
How can I show a list of devices that have been offline for more than a week? New to Splunk and trying to learn it: sorry for the dumb question. So I am trying to filter out a list of POS device... by kourbeh New Member in Splunk Search 11-27-2019 0 1	0	1
Require splunk query to get list of processes running in web server I used sourcetype-perfmon:process and i could get fields - counter/instance/object which refers process name by jeniemmanuel New Member in Splunk Search 11-27-2019 0 2	0	2
Event breaking help with props.conf I have a sourcetype that I'm working with and trying to break up the events by any line that says "Job start time: yy... by joesrepsolc Communicator in Splunk Search 11-27-2019 0 5	0	5
Any way to break this row into two columns? I am setting up a dashboard that monitors count of events on a daily basis and a previous 30 day average by customer.... by bhavlik Path Finder in Splunk Search 11-27-2019 0 5	0	5
iam receiving a message unbalanced quotes , i tried using back slash \| eval e="$time_token.earliest$", l=$time_token.latest$"\| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true... by pavanraghav Explorer in Splunk Search 11-27-2019 0 4	0	4
Creating a custom SourceType with multiple delimiters (35 fields) Hi all, I've searched around a bit and I can't seem to find the answer after failing to figure it out myself. The d... by whitehaven Explorer in Splunk Search 11-27-2019 0 7	0	7
query running using KV store is taking logn time Hi , I have a scenario where i am using KV store to get the events generated. But my query is taking 5hr to run whi... by vikashperiwal Path Finder in Splunk Search 11-27-2019 0 4	0	4
Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"? In my query before, I was using the outputcsv search command, and then I had a monitoring input stanza to upload it t... by ben_leung Builder in Splunk Search 11-27-2019 0 7	0	7
Is it Possible to create the Scatter_Line Chart in Splunk? We have the Actual Generation Data from the Machine and also having the Set Points of the Particular Parameter. we n... by vengat4043 Path Finder in Splunk Search 11-27-2019 0 4	0	4
Splunk platform release notes I was going through the Release note which was updated into Splunk Docs recently. https://docs.splunk.com/Documentati... by akarivaratharaj Communicator in Splunk Search 11-27-2019 0 1	0	1
how to extract all values separately suing rex command hi, i have a string like: AAA TEST BBB 1000 CCC DDD EEE FFF GG 11111 i need to extract all the values separa... by Puvi New Member in Splunk Search 11-27-2019 0 1	0	1
Problem to indexer a multivalue field too longer Hi everybody Trying to index a multivalue field with more than 6000 characters approx. With the same sourcetype we ha... by adolfus1982 New Member in Splunk Search 11-26-2019 0 2	0	2
crud in lookup Hi all, I am trying to do crud of a lookup. I ahve been following this link:- https://www.hurricanelabs.com/splunk-t... by test4u Path Finder in Splunk Search 11-26-2019 0 5	0	5
Why is multiline regex blacklisting all events for specifically 4656 only? Hi All, I cant seem to get this right. I am trying to use regex to blacklist 4656 events where: The account name en... by geraldcontreras Path Finder in Splunk Search 11-26-2019 0 2	0	2
Regex by ID removing duplicates Hello everyone. I have a code below where each event is determined by the line break. I am wanting to take the value... by leandromatperei Path Finder in Splunk Search 11-26-2019 0 3	0	3
How to search syntax to exclude dhost or URL New to Splunk here. Trying to run a search for user BLAHBLAH that does NOT contain dhost of api.drift.com Would someo... by trojan_81 Path Finder in Splunk Search 11-26-2019 0 1	0	1
How to adjust search to include names that are also hyphenated We ingest patient records into Splunk and some compliance users need to search to see if an employee accessed records... by dougsummersett New Member in Splunk Search 11-26-2019 0 5	0	5
How to find a follow-up event after certain interval Say, when a user connects his VPN, it will do policy checking (event--> policy_checking) and within 5 minutes will be... by cyber_castle Path Finder in Splunk Search 11-26-2019 1 8	1	8
Searching in multiple indexes I am trying to create a search to do the following: 1) Look in a table where information is tagged in a certain way ... by willadams Contributor in Splunk Search 11-26-2019 1 2	1	2
How to combine duplicate Latitude and longitude values in the stats tale of a cluster map I just want to clean up my search of 'noise'as my stats table gets populated by duplicate values from the save latitu... by schalkrust Engager in Splunk Search 11-26-2019 0 2	0	2
Generate percentage and filter based on it from events with count in them (so I cannot use "top")? Hi Experts, I need to create a alert , if HTTPCode_Target_5XX_Count is greater than 5% of Total count then i need t... by arun_kant_sharm Path Finder in Splunk Search 11-26-2019 0 4	0	4