Splunk Search

Community Activity

How to determine if a group is not used ? Hi all, Here is my problem: on the one hand, I have a lookup which is a list of group names. On the other hand, I ha... by ckieken Engager in Splunk Search 09-17-2019 0 2	0	2
Specific Application Search I am trying to write a query that searches for a particular "application" that is installed to a number of machines. ... by willadams Contributor in Splunk Search 09-16-2019 0 1	0	1
Regex working in Regex101 and not Splunk Hello, I've put together two Regex expressions to capture specific words from a syslog entry. First Regex is to capt... by danielkhouri Engager in Splunk Search 09-16-2019 0 5	0	5
Convert string to command, for dynamic union search TL;DR - Is there a way (without custom scripts or commands) to run a command from a string in the format of a union t... by jlr Explorer in Splunk Search 09-16-2019 0 2	0	2
How to extract fields from the below log and craete a cloumn in a tabular form so that i can create a report?? [2019-09-14 23:55:22,499] [INFO] [goldilocks-Process Finished Successfully Hello All, From the above log I want t... by abhi5803 New Member in Splunk Search 09-16-2019 0 0	0	0
Why is there a delay in applying field extraction updates? Whenever I update a field extraction, both from the search head UI field extraction helper, and via props.conf or tra... by phemmer Path Finder in Splunk Search 09-16-2019 2 10	2	10
order result High to Low I have a simple query, listing event codes by host: index=wineventlog sourcetype=WinEventLog:Security Stats count by... by sdewar83 Path Finder in Splunk Search 09-16-2019 0 2	0	2
How to compare search result for first 15 min and last 45 min? Following is the result we got Action_ Name Time Count ABC 1:15 AM 100 ABC 1:30 AM 200... by salavilli0611 New Member in Splunk Search 09-16-2019 0 2	0	2
Search head core network, Free Disk, CPU used, memory free %... which index I use there are index =os and index=_internal . Index=os, where there all info about OS performance data of servers (host),... by htramtran83 Explorer in Splunk Search 09-16-2019 0 1	0	1
How to get total count of events excluding specific time range for certain days? Can anyone please help? I want to display the total count of events occurred in a week (but excluding specific day/t... by sahil237888 Path Finder in Splunk Search 09-16-2019 0 2	0	2
How to make column headers multi-lined I wish to have a chart where column headers are broken into three lines and row ones into two base search\| \|eval sep... by ChrisCLewis Communicator in Splunk Search 09-16-2019 0 0	0	0
How to count the numbers of occurrence for two value I have the following search: sourcetype="placingOrder" Code=504 host="localhost*" \| stats count by Path The output... by JyotiP Path Finder in Splunk Search 09-16-2019 0 7	0	7
Force users to always use "optional" field with built-in SPL command I'd like to ensure that all users on my search head are forced to include a specific field (along with a specific val... by brinley Path Finder in Splunk Search 09-16-2019 1 0	1	0
RegEx Help Needed Hi guys, I'm a complete newbie when it comes to RegEx, but I was wondering if someone could please advise on how I c... by danfinan Explorer in Splunk Search 09-16-2019 0 6	0	6
Dynamic trim of field at both start and end Hi, i have a field that i need to trim. The field can have a number of different strings, for which i want to trim ev... by ramgnisiv Path Finder in Splunk Search 09-16-2019 0 2	0	2
How to produce a table visualization that spans time? The following SPL returns data for all returns for a day. How can I just return the maximum return for the day? Exam... by sjlaplac Loves-to-Learn Lots in Splunk Search 09-16-2019 0 3	0	3
Total Account lockouts > 2 within 30mins Hi There, I am trying to find where total account lockouts that are greater than 2 within the time frame of 30 mins.... by siddh01r New Member in Splunk Search 09-16-2019 0 4	0	4
regex in lookup file I want to match a reg ex pattern (e.g. "aaa\s+:\d\d") from a lookup file. pattern,output_value "aaa\s+:\d\d:", 2 "aa... by ankitarath2011 Path Finder in Splunk Search 09-16-2019 0 2	0	2
Splunk Query Help- Summary index - Compare all data of - solutionType=* Hi Team, I am using the below command to get the last 4 weeks of data solutionType=EML. index=sample1 "com.URL.con... by harkirat9712 Explorer in Splunk Search 09-15-2019 0 0	0	0
How to search only sourcetypes that began ingestion in last 7 days Hi, I'm very much a Splunk novice, but I've been playing around with trying to do some health checks for Splunk so w... by sdewar83 Path Finder in Splunk Search 09-15-2019 0 2	0	2
Same query run multiple times returns different results I got a different result count when I executed this query a week before, and when I executed it today. The first time... by rey123 Path Finder in Splunk Search 09-15-2019 0 5	0	5
Field extraction gauge="ProcessorResponse.Country[US]Processor[ApgProcessor]PaymentType[VISA] DECLINE" is one of the field. I am tryin... by sandeepmakkena Contributor in Splunk Search 09-15-2019 0 3	0	3
pattern based indexing is not working for some events I am using pattern base indexing like below that is if i have splunk_send and app host in event i m trying to discard... by vasanthi77 Explorer in Splunk Search 09-15-2019 0 2	0	2
How to create radial gauges for each channel from this query ? Hi, I know that we can create radial gauges using aggregate values but I've selected the radial gauge visualization ... by lsy9891 Engager in Splunk Search 09-15-2019 0 1	0	1
Inconsistent number of results I have a search that generates different number of results and I can't figure out why.. Here's my search: sourcety... by gelica Communicator in Splunk Search 09-14-2019 2 12	2	12