Splunk Search

Community Activity

Regex not working as expected For one of the Security usecase, we need to extract Group Memberships from the Domain. The trickier part is some of ... by cyber_castle Path Finder in Splunk Search 09-04-2019 0 5	0	5
Item count not including quality. Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE", "app... by sandeepmakkena Contributor in Splunk Search 09-04-2019 0 3	0	3
Admin Passwords Across Clusters Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster? by jaxjohnny2000 Builder in Splunk Search 09-04-2019 0 5	0	5
use inputlookup with field index and count as sub search I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when ... by bapun18 Communicator in Splunk Search 09-04-2019 0 1	0	1
how to avoid auto extraction in quotes? I have logs like msg="some string here method=aaaa" method=bbbb splunk may extract method=aaaa out of the quoted st... by yasein Engager in Splunk Search 09-04-2019 0 3	0	3
Index time extracted field unable to search I am extracting one field at index time from source field using regex and while searching field value sometime I am u... by ips_mandar Builder in Splunk Search 09-04-2019 0 2	0	2
How to update a field only if there was a change or delta in the subsearch? Hi, I have a sample CSV called original.csv. Each day, a search is ran and saved to new.csv. What search to do I need... by russell120 Communicator in Splunk Search 09-04-2019 0 3	0	3
How to whitelist multiple IP addresses from datamodel search? (no need to use lookups)? Hi Guys, Can you please tell me how to exclude/whitelist multiple ip adresses from the datamodel search here is the... by dzejsonborn New Member in Splunk Search 09-04-2019 0 6	0	6
What is the correct syntax of applying NOT operator in transforms.conf? The following is the regex I am working on and what I'm trying to do is exclude any username events that ends with "Z... by pavanae Builder in Splunk Search 09-04-2019 0 2	0	2
How do i get a % of page hits off the total users who accessed a set of pages. index=app sourcetype=accesslog uri="some uri" user!="-" (context="display" OR context="pages") earliest=-7d \| rex fi... by abhijitd New Member in Splunk Search 09-04-2019 0 2	0	2
search result issue by users Same SPL result is different by user A and admin SPL-> index=xxx when I do search with userA's userid "interestin... by moonyoungjung New Member in Splunk Search 09-04-2019 0 5	0	5
How to search events generated by TA. Hello, I am using Splunk enterprise and splunk enterprise security. I have windows IIS TA configured as well.How to ... by Arpmjdr Explorer in Splunk Search 09-04-2019 0 1	0	1
PDF generation removes X-axis labels if there are too many units. Can I fix it without increase the width value in the pdfgen_chart.py? I don't want to modify the pdfgen_chart.py, is there any other way? and when I use 'https://localhost:8089/services/p... by duyuzhuo Explorer in Splunk Search 09-04-2019 0 0	0	0
Compare fields with similar names I feed my index with many totals and actual use values. Each of those fields are in the following event: { [-] ... by adrien_dereumau Path Finder in Splunk Search 09-04-2019 0 10	0	10
how to make a simple table with raw data fields and non fields data in Splunk enterprise? Hello Everyone. im trying to make a simple table for the log file which i have uploded in Splunk. i can able to get ... by salmanbpc New Member in Splunk Search 09-04-2019 0 3	0	3
Chart command. index=aos_transaction \| chart count by payments, geo \| addtotals col=t \| sort -Total \| head 10 I want to display onl... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 2	0	2
How to get rid of white spaces in the column names when working on DB.? Hi when I am trying to get the results from the DB (SQL Server), there are some column names as "Show Room Code". ... by SanthoshSreshta Contributor in Splunk Search 09-03-2019 0 3	0	3
Drop off count in website. I am working on website sales data where n number of different services are called like CartService, OrderBuildServic... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 3	0	3
How to modify search text with Javascript I'm using Splunk Enterprise Version: 7.3.0 I'm trying to make a chrome extension that will allow me to toggle line-c... by d_o_c New Member in Splunk Search 09-03-2019 0 0	0	0
Correlation search for Interactive Login with Service Account and Interactive Login with Local Administrator Offense Name: Interactive Login with Service Account Rule: Service accounts typically start with svc* Offense Name: ... by vikram1583 Explorer in Splunk Search 09-03-2019 0 0	0	0
Why does convert num NOT follow a universal typecasting paradigm and NOT trim leading zeroes? I guess the question is a bit facetious But, I would still like to know what the (flawed) logic is behind this? It's... by nick405060 Motivator in Splunk Search 09-03-2019 3 5	3	5
Why is the rex capture not working? Hi All, I am trying to capture line starting with a number, I have created a regex and tested it in regex101 site and... by nareshkumar1985 Engager in Splunk Search 09-03-2019 0 4	0	4
How to include double quotes in Switch Case Hi All, How can I do switch case for below values {"XXX":["ABC"]} == ABC {"XXX":[]} == NULL . \| eval Name=ca... by Anantha123 Communicator in Splunk Search 09-03-2019 0 2	0	2
Better search query way in terms of performance I have below search criteria so let me know best way for this. base search (which have output in table format) [tabl... by N92 Path Finder in Splunk Search 09-03-2019 0 5	0	5
How to get the number of errors for each application ? Hi, I'm new to Splunk and so far I've managed to get the number of errors but I do not know for which application? I... by lsy9891 Engager in Splunk Search 09-03-2019 0 7	0	7