Splunk Search

Community Activity

How to compare two user lists and find number of distinct users who have successful/failed login events I need some help in formulating a complex search command. The requirement is to take one list (list2) of users and se... by adam_ali_syd New Member in Splunk Search 11-09-2019 0 3	0	3
Help with a nested search not returning any data I am running a nested search but does not return any data. However, when I run the search separately it does. The f... by lamelendrez Loves-to-Learn Lots in Splunk Search 11-09-2019 0 3	0	3
how to make column from Multivalues field Hi Splunker, Please find below the data of 2 events below where i have to change the result in tabular form.so that ... by m7787579 New Member in Splunk Search 11-09-2019 0 13	0	13
How to change column order created by chart I create a search: ...my search... \| chart values(duration) over TimeGap by Process The table shows duration used ... by halloweening New Member in Splunk Search 11-09-2019 0 2	0	2
How to Chart a value vs another value? (Not Time!) Possibly a stupid question but I've trying various things. If I google, all the results are people looking to chart v... by bellstephen41 New Member in Splunk Search 11-09-2019 0 4	0	4
How to update existing lookup csv I am sure someone must have achieved this I have an existing lookup table .It has 4 columns and it has values like b... by vikas_gopal Builder in Splunk Search 11-09-2019 0 6	0	6
How to get STATS or CHART result values as headers in table by _time I have seen several posts that seem to dance around this use case. I'm writing into a summary index (si_sum_data), s... by lostbeatnik01 Explorer in Splunk Search 11-09-2019 0 1	0	1
Splunk indexer for sonicwall firewall logs. Hi all, in our network environment to capture the logs and analyze that logs generated by SonicWall firewall we have ... by captainjak New Member in Splunk Search 11-08-2019 0 1	0	1
Comparing current hour to previous day's hour. index=XYZ trunkgroup\| stats count(_raw) as Total_Calls, count(eval(Sip_Resp=="200")) as Completed_Calls by OTG \| sea... by philgopaul New Member in Splunk Search 11-08-2019 0 4	0	4
Search in eval if I want to do something like ...base search \| eval Mod=if(Module=Excel OR Module=Word, [search extension=xls OR exten... by pranaynanda Path Finder in Splunk Search 11-08-2019 0 11	0	11
time compare Hi Guys, We have a scheduled PowerShell script which will give the output in a log file which will have a status of “... by chaitup New Member in Splunk Search 11-08-2019 0 2	0	2
Field splitting on structured data Hi All, I'm struggling with a data input from the EMC Recoverpoint devices. I may be making things hard for myself,... by cdstealer Contributor in Splunk Search 11-08-2019 0 9	0	9
How to use rex command to extract two fields and chart the count for both in one search query? I have a log statement like 2017-06-21 12:53:48,426 INFO transaction.TransactionManager.Info:181 -{"message":{"Trans... by anuarora Engager in Splunk Search 11-08-2019 0 6	0	6
Multiple Values for One Tag - Only Want to Display One Hi, I've tagged my data by location, and I am now trying to run stats on it. Problem is a location can be Manual or... by alylanchester Explorer in Splunk Search 11-08-2019 0 5	0	5
How to create a field value from a group of values in the same field? I m trying to create a table were I want to display the 3 biggest values (count) from a field and the existing remain... by diabinho Explorer in Splunk Search 11-08-2019 0 5	0	5
How to compare IP and Username in Logs with Lookup File Hello, I am trying to compare IP,user field in a log and then compare it with a lookup file(having only IP and usern... by gozdeyildiz New Member in Splunk Search 11-08-2019 0 1	0	1
Help with passing search result to eval failing I'm trying you create a variable out of a search result using eval. This works fine, I get a single row, and a colu... by dhivyamu Explorer in Splunk Search 11-08-2019 0 3	0	3
Weighted Sum Hi, I'm new to splunk and am hoping to get some advice and help. I'm trying to do a addcoltotals but with differen... by cafan New Member in Splunk Search 11-08-2019 0 4	0	4
Defining all values in a tables column as a global token to use anytime... I been looking for a while now for an answer , I have read just about everything but I am not getting what I am looki... by onegame999 Explorer in Splunk Search 11-08-2019 0 7	0	7
help on join subsearch Hello The first part of the search below (before join) works fine and the second part (after join) works fine too But... by jip31 Motivator in Splunk Search 11-08-2019 0 3	0	3
understanding Localize command Hi all, Can someone explain localize command with a usecase i am not able to understand it through documentation. Al... by test4u Path Finder in Splunk Search 11-07-2019 0 0	0	0
Receiving search error by CLI error searching on remote host I'm trying to search my remote Splunk instance as detailed here: https://docs.splunk.com/Documentation/Splunk/8.0.0/A... by brendanbmw417 New Member in Splunk Search 11-07-2019 0 1	0	1
renaming search results... index=MyApp \| stats count by supportGroup, severity That search provides me a list of events and the severity associ... by DTERM Contributor in Splunk Search 11-07-2019 1 3	1	3
How to show results of multiple pie charts into one single table? Hi , I have multiple pie charts showing count of completed and pending on some filter. Now want to show the results ... by avni26 Explorer in Splunk Search 11-07-2019 0 8	0	8
How to input value prefix/suffix and delimiter per value in a text token? Is it possible to add a per value prefix and suffix, and then divide by a delimiter to multiple values pasted into a ... by donovanw Engager in Splunk Search 11-07-2019 0 5	0	5