Splunk Search

Community Activity

Reading Event Counts for all indexes and then reading their corresponding Count for threshold Check Specified in the lookup File Can Please anyone help me in building the query for my alert so that It takes the index name and its corresponding th... by bapun18 Communicator in Splunk Search 09-06-2019 0 3	0	3
I want to use an 'or' argument in my search is this possible? So I have a search query which returns registrations for a website called CXI. See below: sourcetype=applog Successf... by a123537 New Member in Splunk Search 09-06-2019 0 5	0	5
How to display a live map from a website into dashboard Hello everyone, I'm a newbie and I did build my own dashboard in Splunk. I was able to create different charts and I... by tcalvillo Engager in Splunk Search 09-06-2019 0 5	0	5
how do i use the variable name1 in the table command later? ... \|rename General.SetupViews as Modes\|eval mode=split(Modes," ")\|eval name1=mvindex(mode,0) \| eval name2=mvindex(mo... by pratyushd New Member in Splunk Search 09-06-2019 0 4	0	4
how to fix " app not found" issue Hi, Whenever log into the splunk , i am getting " app not found" error . can i please know how to keep "searching an... by kteng2024 Path Finder in Splunk Search 09-06-2019 0 4	0	4
How to write query for creating alert using lookup Hi Splunkers, I have the events getting ingested as below: timestamp patch_version hostname Now,I want to crea... by Arpmjdr Explorer in Splunk Search 09-06-2019 0 5	0	5
How to separate the fields AppDomainName and ApplicationSource in timechart? Hi I have this query that counts the number of errors for two applications but I get the application names from diff... by lsy9891 Engager in Splunk Search 09-06-2019 0 1	0	1
how to extract only numeric values from field into table ? it fetching the non field values too from. for example: dport=86 pattern: 0 tcp && dst port 86 && dst 345 here dport is field and pattern is non field value. i... by salmanbpc New Member in Splunk Search 09-06-2019 0 1	0	1
help on subsearch in order to match a common field between 2 lookup files hi In a first lookup (host.csv), I have a field "host" In a second lookup (toto.csv), I have also a field "host" Is ... by jip31 Motivator in Splunk Search 09-06-2019 0 2	0	2
search using the Splunk API to get back a single result(not streaming) without using a saved search or SID? can we run a search using the Splunk API to get back a single result(not streaming) without using a saved search or S... by vasanthi77 Explorer in Splunk Search 09-06-2019 0 4	0	4
How to display the max value per day My search calculate the number of events of a field per hour per day. In my chart result I only want to see the max o... by faribole Path Finder in Splunk Search 09-06-2019 0 2	0	2
how to transform a search into a csv file in order to query the csv instead the index hello I have done a saved search scheduled one time per day from the query below index=toto sourcetype="tutu" h... by jip31 Motivator in Splunk Search 09-05-2019 0 4	0	4
Search to export structured CSV from Splunk Hi, Using Splunk on a raw log file I get the total templates (clusters) of logs using something like: host="my_host... by psychogyiokosta New Member in Splunk Search 09-05-2019 0 1	0	1
Splunk query OR condition Trying to parse the following line: newCount 20 OldCount 10 The following is my splunk query: index="server" \| re... by balash1979 Path Finder in Splunk Search 09-05-2019 0 1	0	1
300 events are seen with the same Source IP and different Destination IP in 1 hour Translating Qradar rules to SPL and stocked with setting thresholds 300 events are seen with the same Source IP and ... by dzejsonborn New Member in Splunk Search 09-05-2019 0 3	0	3
Pass the hash detection Hello. Has anyone built a detection for pass the hash? I have windows local event logs and AD logs at my disposal... by johann2017 Explorer in Splunk Search 09-05-2019 1 2	1	2
How to get sum stats from pair of values Hi! I am looking for help for, I think, a simple statistic but I can't figure out how to do this simply. Here's an ... by maellebrown New Member in Splunk Search 09-05-2019 0 7	0	7
Search for anomalous file names based on entropy? Can anyone recommend a way to search for file names based on entropy? I'd like to run a search that looks for funky/a... by jwalzerpitt Influencer in Splunk Search 09-05-2019 0 0	0	0
Lookup query not working All, I am running Splunk 7.2.6 under Debian 9.9. I am searching using index = main and picking the top 5 http stat... by snappersdad New Member in Splunk Search 09-05-2019 0 3	0	3
Index count on a single Indexer Hi , We are running apps in docker world and looking at docker log growth - app / engineering team wants to adapt a... by rashi83 Path Finder in Splunk Search 09-05-2019 0 1	0	1
How can I find out whether the time is within working hours? We would like to know whether the event time is within working hours and a developer came up with the following. Does... by danielbb Motivator in Splunk Search 09-05-2019 0 8	0	8
Regex field values to look for a specific character Splunk Search Hi guys I'm looking to extract a value from a field using regex, the field contain different types of data such as Id... by marktechuk New Member in Splunk Search 09-05-2019 0 1	0	1
Help with putting a conditional in my search Hi, Someone was kind enough to help me with this yesterday: link text And it worked fine, until I realized that th... by a212830 Champion in Splunk Search 09-05-2019 0 3	0	3
Prevent query autoformat from deleting empty lines It can enhance query readability to separate large queries into their logical components using empty lines: index =... by d_o_c New Member in Splunk Search 09-05-2019 0 1	0	1
How to create a drilldown Hello everyone, I am trying to create a simple hiding drill down panel. With below search: index=_internal \|stats d... by jsuryaprakash Path Finder in Splunk Search 09-05-2019 0 5	0	5