Splunk Search

Community Activity

How do we invoke a sub search with parameters from the parent search? We have a parent search that looks like - index=os_linux * \| eval length = len(process) \| where length = 7 \| sea... by danielbb Motivator in Splunk Search 09-23-2019 0 6	0	6
Force python3 on custom commands Hi all, I´ve a custom command but it requieres python3 for launch properly. Errors on job inspector: 09-17-2019 13:... by cpm003 Path Finder in Splunk Search 09-23-2019 0 4	0	4
How to compare output of a search to a lookup file? Hello, I have a lookup filled with hostnames. I want to compare the hostnames with the host field in the index. If... by mkamal18 New Member in Splunk Search 09-23-2019 0 3	0	3
How can I set timechart span=2h count for a day to start plotting from midnight? Hi, Could anyone know how to start plotting from midnight when time range is something like earliest=-1d@d latest=@d... by melonman Motivator in Splunk Search 09-23-2019 2 5	2	5
Help creating a search that involves an IF statement and JOIN There are three different events. Each event has the same fields. The fields I am focusing are "NumberOfRecords" and ... by tyhopping1 Engager in Splunk Search 09-23-2019 0 2	0	2
Help putting a condition match for a search with three possible results to show/hide either both or one of two panels I'm trying to either hide or show two panels depending on a search result from a different panel which will have 3 op... by jaffar20 Explorer in Splunk Search 09-23-2019 0 1	0	1
Search not giving correct results (Join,Append,Union) Hello All, I am working the below search - When I am running these two main which joined using join command are givi... by punyanit Path Finder in Splunk Search 09-23-2019 0 8	0	8
How to speed up my search? I am trying to show the count of events where any external IP is attempting to connect to port 136-139, 445 from diff... by bayman Path Finder in Splunk Search 09-23-2019 0 9	0	9
Timechart not displaying for some selections despite having results. It's invisible for some reason, but shows when it edit mode I have a timechart dependent on a dropdown at the top of the dashboard that selects the customer to show the results ... by jaffar20 Explorer in Splunk Search 09-23-2019 0 2	0	2
How to get sum of field based on it's value? Hi, I would be grateful for any help. In my fields we are having two fields which are: data.user_id and data.confi... by swdowiarz Path Finder in Splunk Search 09-23-2019 0 6	0	6
Time difference by grouping identical events Suppose I have the following events. 2019-09-20 01:40:09 INFO Listener processing event with message key A1:B1:C1... by peeeeeeeeeeter Engager in Splunk Search 09-23-2019 0 1	0	1
Field extract and zip them. (product=X Phone , 512 ГБ, золотой,shipMethodCode=E3,qty=1,deliveryType=STH,partNumber=MRU/A,deliveryDate=4 Окт - 11 ... by sandeepmakkena Contributor in Splunk Search 09-22-2019 0 4	0	4
Append the columns of a search onto the results of another search many times [lookup, but for a search] Search A returns many events for each ID. Search B returns a single event for each ID. My end result is a table wit... by ccunov New Member in Splunk Search 09-22-2019 0 6	0	6
Find the date on max value I have a table below, how can I find the date I have the most income? Thanks. date Income 9/18/2019 20... by jgan New Member in Splunk Search 09-22-2019 0 2	0	2
custom generating command 'Command xxx appears to be statically configured for search command protocol version 1' I am attempting to use custom generating command protocol version 2, but my command seems to be detected as version 1... by pmeyerson Path Finder in Splunk Search 09-21-2019 0 0	0	0
eval, if, len, substr to produce specific results So far, I've had success with the following command: eval Port=if(len(Port)>=22,substr(Port,1,len(Port)-2),Port) ... by noob4now New Member in Splunk Search 09-21-2019 0 1	0	1
Account Lockouts Report for Active Directory Hello, I'm running the following search that gives me accounts that get locked out and targets the specific domain c... by brookshelpdesk Engager in Splunk Search 09-20-2019 0 3	0	3
How to remove certain values from table column? I have a extracted a field, which has mutiple values applname = app1, app2 , app3 when i form a table with applnam... by ashanka Explorer in Splunk Search 09-20-2019 0 1	0	1
How to extract latest event for unique account numbers? Hello, I'm trying to extract some fields for the latest event based on unique account numbers. I've tried using late... by srive326 Explorer in Splunk Search 09-20-2019 0 3	0	3
Most recent event per host ( \| Head 1)? So I need to pull only the most recent event from each of 60+ hosts, and put them in a table. I'm thinking something ... by marquiselee Path Finder in Splunk Search 09-20-2019 1 5	1	5
Config Documentation Sites Not Opening When one searches a config on Google, e.g. props.conf, the first result is almost always the page you'd want. However... by morethanyell Builder in Splunk Search 09-20-2019 0 6	0	6
Eval Calculate fields with null values Hello, I am attempting to run the search below which works when all values are present "One, Two, Three, Four" but wh... by cooperjaram Engager in Splunk Search 09-20-2019 0 4	0	4
splunk pager duty integration How can I troubleshoot why this is not working? I'm seeing the alert firing in Splunk and a log event showing that it... by Prakash493 Communicator in Splunk Search 09-20-2019 0 1	0	1
Alternative to Join Subsearch to avoid 50k results limit I can use the following search to get 1 day worth of data, but anything longer causes the subsearch to hit its limit.... by mjhermansky New Member in Splunk Search 09-20-2019 0 3	0	3
Stats aggregation with potentially a eval-where clause is ideal I am trying to work a set of data that looks like this: I want to display it like so: My problem is getting the ... by thulasikrishnan Path Finder in Splunk Search 09-20-2019 0 4	0	4