Splunk Search

Community Activity

How to create a search to find offline event that does not have a corresponding succeeding online event Hello, I have a sourcetype which has data telling me if something goes offline and then when it comes online. I am ... by dglass0215 Path Finder in Splunk Search 11-16-2019 0 4	0	4
simple table to count monthly and yearly Hi together i have some events like: date product count_soled_today 2019-01-06 bike ... by fklink New Member in Splunk Search 11-16-2019 0 4	0	4
using greater than comparison on a property is not working I am trying to filter my results on a property that is greater than a certain value and it is not returning any resul... by 47024 New Member in Splunk Search 11-15-2019 0 6	0	6
How to display the values in search result as fields? I have a search which return below results: status total_user passed 7 failed 3 unknown 14 How ... by cycheng Path Finder in Splunk Search 11-15-2019 0 3	0	3
Lookup/join from another index Hi there i am looking to join information from 2 separate indexes but due to performance constraints i am not able t... by eddy_liao Engager in Splunk Search 11-15-2019 0 1	0	1
when set no_priority_stripping = true the host change Hi, when I set no_priority_stripping = true the host change from IP Address to Host name when performing a search in... by matoulas Path Finder in Splunk Search 11-15-2019 0 0	0	0
Network_Traffic DM Splunk - Bytes Out/In are not going into Network_Traffic Data Model correctly. How would I troubleshoot to find the... by Jacobgruen81 Loves-to-Learn Everything in Splunk Search 11-15-2019 0 2	0	2
Replacing part of the field value eval name=replace(dependency_name,"GET /getreadinesscheck","GET") trying to replace GET /getreadinesscheck with Get i... by splunkbobba New Member in Splunk Search 11-15-2019 0 1	0	1
What makes a CIDR lookup? We are meeting with the vendor for a demo and they asked that we fix a CIDR lookup. What should be in a CIDR lookup? by danielbb Motivator in Splunk Search 11-15-2019 0 1	0	1
paychex/Splunk.Conf19 Cover Your Assets (CYA): Export error with fields tagged.abcd=efgh I get the following error for the export search example (CYA_Export_For_Core_Splunk_Query). Seems to be due to fields... by JykkeDaMan Path Finder in Splunk Search 11-15-2019 0 5	0	5
help me on how i can create lookup file in lookup editor Greetings!! help me on how i can create lookup file in lookup editor I use to see a field called host that is iden... by pacifikn Communicator in Splunk Search 11-15-2019 0 4	0	4
Splunk eval if ELSE or case Hi All, Im working on windows AD data and gathering info from various eventIds. i have grouped the eventIds and eac... by kranthimutyala Path Finder in Splunk Search 11-15-2019 0 4	0	4
How to search for "" (asterisk) values in a field? Hi, I have TYPE field, that have a value of , , . When I'm trying to \|search TYPE="" (all of the events will... by kendelar Engager in Splunk Search 11-15-2019 2 4	2	4
Check for event that has not changed for X days Hello. I'm struggling with a query. We want to search Windows Event logs for accounts whose passwords have not been ... by Branden Builder in Splunk Search 11-15-2019 0 4	0	4
How to get percentage of null vs not-null values grouped by each day? Hi, I've written a query to get percentage of null vs not-null values of a particular field (i.e. billValue). Howeve... by pratik0807ray Explorer in Splunk Search 11-15-2019 1 5	1	5
How to get timechart to work in a search with multiple calculations Hello, I am trying to make a timechart for my field "finalProfit" in the search below. I have tried doing timechart ... by Tylerdygert Path Finder in Splunk Search 11-15-2019 0 4	0	4
timecharting 2 seperate data sources with a case statement. What about this makes it so it will never get the label "msad", EVER Something about this search makes it so we absolutely never get into the case that would label the column "msad". I h... by clozach Path Finder in Splunk Search 11-15-2019 1 2	1	2
Use Date String in Search Background I have a date string that I want to use in a search, but I don't know how. Log I have this text (called... by pedroma Engager in Splunk Search 11-15-2019 0 2	0	2
How to extract the protocol, Device_IP, transaction sequence number and the message type with regex I have a field called File_Name that I've generate by trimming the filepath off of my source from a local data input.... by cb046891 New Member in Splunk Search 11-15-2019 0 6	0	6
How can i run some script (python or powershell) if i receive some particular log ?? How can i run some script (python or powershell) if i receive some particular log ?? either in search or in alert ?? by raja8220 New Member in Splunk Search 11-15-2019 0 1	0	1
conditional search I've read other answers related to conditional searches, still cannot find an answer to my problem. The situation is ... by mmasalas Explorer in Splunk Search 11-15-2019 0 1	0	1
Assigning a row value for arthimetic calculation I have a table output like Date Title Product Count ... by Gowtham0809 New Member in Splunk Search 11-15-2019 0 4	0	4
How do I convert duration to minutes index=main host=10.247.82.1 user=* \| rex field=duration "((?\d+)h:)?(?\d+)m:(?\d+)s" \| eval duration=duration_second... by gill1723 Engager in Splunk Search 11-15-2019 0 9	0	9
Combine Values into one event then search if one of the values are contained Hi, Thanks in advance This is hard one to put well in the title Basically i have sets of data which contain Student... by geraldcontreras Path Finder in Splunk Search 11-15-2019 0 2	0	2
How to join fields that have different values I need to join two searches that do not have a common fields. First search has a field FileName=Test.json Second sea... by gravi Explorer in Splunk Search 11-15-2019 0 4	0	4