Splunk Search

Community Activity

Help with regex to extract words before column" Events: com.texh.servers.policy.assertion.ServerAuditDetailAssertion: 9879: com.texh.log.custom.Applications: 99... by snallam123 Path Finder in Splunk Search 10-10-2019 0 2	0	2
How to use self join Hi All, I have table in which I have columns such as name, id, type, business group etc type field has 2 values 'user... by shugup2923 Path Finder in Splunk Search 10-10-2019 1 6	1	6
largest single day result in a 90 day period I have a search to find total ingest into splunk, which i can run for a day or against a longer period by using the t... by sdewar83 Path Finder in Splunk Search 10-10-2019 0 3	0	3
Field extraction based on position of character Hi, I have field that gives me NETBOS of a Host. Sample Host Name: 123456W12345678 The 7th character makes the ide... by mbasharat Builder in Splunk Search 10-10-2019 0 2	0	2
How to pass values from previous search into map search Hello all, my search is below: index=tcxelevate_webpos registerType=kioskBridge registerNbr=* countryCode=US tagName... by rlippincott Explorer in Splunk Search 10-10-2019 0 2	0	2
Help creating a search for events when a field value changes Is there a Splunk search idiom that I can use to get all the events in a dataset whenever a particular field value A ... by twotimepad Engager in Splunk Search 10-10-2019 0 5	0	5
Splunk regex error: Missing terminating ] for character class Hey Splunkers, Noob. Trying to only retrieve the log names (ex. utility.log) after the last slash blah\blah\blah\lo... by spluzer Communicator in Splunk Search 10-10-2019 0 9	0	9
Can I pass a time/date into the "latest" time modifier I have a search created that alerts when a user has used remote desktop to log into a domain controller. It works spl... by iomega311 Explorer in Splunk Search 10-10-2019 0 1	0	1
Typing and Index queue shows 100% I have noticed that Splunk is running relatively slow as of recently and found that the typing queue and indexing que... by mavilla Explorer in Splunk Search 10-10-2019 0 3	0	3
How to reduce the width of bars in column chart? I have plotted a column chart. I need to reduce the width of bars. I have tried with "columnSpacing" and "param". Bot... by harinivgr Explorer in Splunk Search 10-10-2019 1 0	1	0
can we give colors in Geostats based on ranges of some value? Hi. Can we use rangemaps to give colors to the charts in the geostats map. I am having some range values. they shoul... by SanthoshSreshta Contributor in Splunk Search 10-10-2019 0 16	0	16
Cannot sum two numbers I have the following problem: I have a variable "number_of_past_events" which comes from a "\| inputlookup file.csv" a... by veromihaiu Path Finder in Splunk Search 10-10-2019 0 11	0	11
Using span option with timechart causes incorrect column names. Splunk Ver : I tested in 7.3.0 and 6.6.12. Timezone : I don't know if it’s relevant to this problem, but it is JST I... by yutaka1005 Builder in Splunk Search 10-10-2019 0 3	0	3
Using timechart earliest/latest with lookup files Hi all, I've created a _time field and timechart works for me, but the earliest/latest command does not. Here is my ... by lewisgrantevans Explorer in Splunk Search 10-10-2019 0 2	0	2
How to reduce the width of bars in column chart? I have plotted column chart. I need to reduce the width f bars. I have tried with "columnspacing" ,"param". Both are ... by hariniramesh New Member in Splunk Search 10-09-2019 0 0	0	0
How do you find the percent of each srcip within a stats command? base search \| stats values(srcip) as Source count by catdesc Above is my search. The results now yield each category... by bobbychanthongp Explorer in Splunk Search 10-09-2019 0 3	0	3
help on if condition for results = 0 hello In a panel table, I need to display every key_path even if the key_path result = 0 I have done an if condition... by jip31 Motivator in Splunk Search 10-09-2019 0 3	0	3
search on variable I have a dashboard where I select the type of item I want to look for in an IIS log. What I look for is a regular ex... by scottfoley Explorer in Splunk Search 10-09-2019 0 3	0	3
how to display a line in a table panel even if there is no results hi I need that the stats command below display a line with 0 if there is no results How can I do please?? index=... by jip31 Motivator in Splunk Search 10-09-2019 0 11	0	11
passing a query string as token how to extract the query stored in form of a key value pair in a lookup and execute the query in a single go in searc... by ManishVilla7 Explorer in Splunk Search 10-09-2019 1 1	1	1
Receiving error in search to compare two fields Where is the error? (index=paloalto sourcetype="pan:threat" action=allowed severity=critical src_interface="etherne... by gustavobrgyn New Member in Splunk Search 10-09-2019 0 2	0	2
Do splunk commands send output to stdout? When you run ‘splunk status’ or ‘splunk start’ etc., is the output sent to stdout? I’m working with an automations s... by tsheets13 Communicator in Splunk Search 10-09-2019 0 2	0	2
How to build a chart on unique field I am trying to achieve building multiple area graph on one chart where my input is: foo=blue foo=purple foo=red foo=... by wish2hate New Member in Splunk Search 10-09-2019 0 1	0	1
How to Calculate Splunk User Password Age Greetings, I use Splunk local authentication mode and have enabled password policy. I want to calculate the password... by marcus_santos_s Path Finder in Splunk Search 10-09-2019 0 5	0	5
eliminate some value in fields in stats count. index=* \| spath msg.uri \| rename msg.uri as url \| rex field=url "shop(?<ex_url>[a-zA-Z\/\-0-9\.]+)" \| rex field=ex... by sandeepmakkena Contributor in Splunk Search 10-09-2019 0 2	0	2