Splunk Search

Community Activity

Search to export structured CSV from Splunk Hi, Using Splunk on a raw log file I get the total templates (clusters) of logs using something like: host="my_host... by psychogyiokosta New Member in Splunk Search 09-05-2019 0 1	0	1
Splunk query OR condition Trying to parse the following line: newCount 20 OldCount 10 The following is my splunk query: index="server" \| re... by balash1979 Path Finder in Splunk Search 09-05-2019 0 1	0	1
300 events are seen with the same Source IP and different Destination IP in 1 hour Translating Qradar rules to SPL and stocked with setting thresholds 300 events are seen with the same Source IP and ... by dzejsonborn New Member in Splunk Search 09-05-2019 0 3	0	3
Pass the hash detection Hello. Has anyone built a detection for pass the hash? I have windows local event logs and AD logs at my disposal... by johann2017 Explorer in Splunk Search 09-05-2019 1 2	1	2
How to get sum stats from pair of values Hi! I am looking for help for, I think, a simple statistic but I can't figure out how to do this simply. Here's an ... by maellebrown New Member in Splunk Search 09-05-2019 0 7	0	7
Search for anomalous file names based on entropy? Can anyone recommend a way to search for file names based on entropy? I'd like to run a search that looks for funky/a... by jwalzerpitt Influencer in Splunk Search 09-05-2019 0 0	0	0
Lookup query not working All, I am running Splunk 7.2.6 under Debian 9.9. I am searching using index = main and picking the top 5 http stat... by snappersdad New Member in Splunk Search 09-05-2019 0 3	0	3
Index count on a single Indexer Hi , We are running apps in docker world and looking at docker log growth - app / engineering team wants to adapt a... by rashi83 Path Finder in Splunk Search 09-05-2019 0 1	0	1
How can I find out whether the time is within working hours? We would like to know whether the event time is within working hours and a developer came up with the following. Does... by danielbb Motivator in Splunk Search 09-05-2019 0 8	0	8
Regex field values to look for a specific character Splunk Search Hi guys I'm looking to extract a value from a field using regex, the field contain different types of data such as Id... by marktechuk New Member in Splunk Search 09-05-2019 0 1	0	1
Help with putting a conditional in my search Hi, Someone was kind enough to help me with this yesterday: link text And it worked fine, until I realized that th... by a212830 Champion in Splunk Search 09-05-2019 0 3	0	3
Prevent query autoformat from deleting empty lines It can enhance query readability to separate large queries into their logical components using empty lines: index =... by d_o_c New Member in Splunk Search 09-05-2019 0 1	0	1
How to create a drilldown Hello everyone, I am trying to create a simple hiding drill down panel. With below search: index=_internal \|stats d... by jsuryaprakash Path Finder in Splunk Search 09-05-2019 0 5	0	5
What is the best way to find all current best practices about a particular topic? Is there a good way to find validated best practices, ones that are expected to be current, tied to a specific featur... by mdonnelly_splun Splunk Employee in Splunk Search 09-05-2019 0 1	0	1
can we use addtotals command in geostats map? after using addtotals with geostats command, map is not showing correct location. Please help me to resolve this iss... by abhilasha2410 New Member in Splunk Search 09-05-2019 0 1	0	1
Need to sort macOS versions I imported data from jamf cloud into splunk and one of the fields being returned is the operating system version. It... by jbandautrgv Engager in Splunk Search 09-05-2019 0 2	0	2
KV_MODE=json sometimes skips a particular JSON field? We have a log file with multiple lines of JSON similar to this: { "foo": "bar","foo1":"foo2","userEmail":"foo@bar.co... by zanglang Engager in Splunk Search 09-05-2019 0 6	0	6
How to pass input variable to dbxquery Hi Experts, I am struggling to pass inputs to my dbxquery. My intention is to display all EMPID and Employer name by... by manunairadavakk Path Finder in Splunk Search 09-05-2019 1 29	1	29
How to get the on time and off time over a category with place Hi Splukers, @niketnilay I have table with 4 fields. I created the status with eval command with index=XXX sourc... by SathyaNarayanan Path Finder in Splunk Search 09-05-2019 0 11	0	11
Join if one of two fields match a lookup Hi there, many thanks for reading this far and for any insights you can give. I have a base search which returns a n... by ChrisCLewis Communicator in Splunk Search 09-05-2019 0 4	0	4
Calculate the average of count per day I am fetching production data like the number of completed for the last 7 days for different procustion customer and ... by JyotiP Path Finder in Splunk Search 09-05-2019 0 3	0	3
Issue with database table name with spaces in map dbxquery search Hi Splunk experts, Please help on the below issue. When i am running a query directly with dbxquery, the table name ... by manunairadavakk Path Finder in Splunk Search 09-04-2019 0 4	0	4
How to find the oldest log indexed in the indexer instances ? Hi All, Currently we are running out of space in our indexer instance and we wanted to remove the oldest data that is... by Hemnaath Motivator in Splunk Search 09-04-2019 0 8	0	8
I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also fine I have a inputlookup which have fields like index and count need to create an alert which should trigger when count o... by bapun18 Communicator in Splunk Search 09-04-2019 0 8	0	8
Can I do a timewrap and use partial=false (part of timechartt command) when setting latest time to now =+Xdays@d my search looks like this ... \| fields _time fieldname \| eval wday = strftime(_time, "%a") \| where wday = ... by HattrickNZ Motivator in Splunk Search 09-04-2019 0 0	0	0