Splunk Search

Community Activity

What is the best way to find all current best practices about a particular topic? Is there a good way to find validated best practices, ones that are expected to be current, tied to a specific featur... by mdonnelly_splun Splunk Employee in Splunk Search 09-05-2019 0 1	0	1
can we use addtotals command in geostats map? after using addtotals with geostats command, map is not showing correct location. Please help me to resolve this iss... by abhilasha2410 New Member in Splunk Search 09-05-2019 0 1	0	1
Need to sort macOS versions I imported data from jamf cloud into splunk and one of the fields being returned is the operating system version. It... by jbandautrgv Engager in Splunk Search 09-05-2019 0 2	0	2
KV_MODE=json sometimes skips a particular JSON field? We have a log file with multiple lines of JSON similar to this: { "foo": "bar","foo1":"foo2","userEmail":"foo@bar.co... by zanglang Engager in Splunk Search 09-05-2019 0 6	0	6
How to pass input variable to dbxquery Hi Experts, I am struggling to pass inputs to my dbxquery. My intention is to display all EMPID and Employer name by... by manunairadavakk Path Finder in Splunk Search 09-05-2019 1 29	1	29
How to get the on time and off time over a category with place Hi Splukers, @niketnilay I have table with 4 fields. I created the status with eval command with index=XXX sourc... by SathyaNarayanan Path Finder in Splunk Search 09-05-2019 0 11	0	11
Join if one of two fields match a lookup Hi there, many thanks for reading this far and for any insights you can give. I have a base search which returns a n... by ChrisCLewis Communicator in Splunk Search 09-05-2019 0 4	0	4
Calculate the average of count per day I am fetching production data like the number of completed for the last 7 days for different procustion customer and ... by JyotiP Path Finder in Splunk Search 09-05-2019 0 3	0	3
Issue with database table name with spaces in map dbxquery search Hi Splunk experts, Please help on the below issue. When i am running a query directly with dbxquery, the table name ... by manunairadavakk Path Finder in Splunk Search 09-04-2019 0 4	0	4
How to find the oldest log indexed in the indexer instances ? Hi All, Currently we are running out of space in our indexer instance and we wanted to remove the oldest data that is... by Hemnaath Motivator in Splunk Search 09-04-2019 0 8	0	8
I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also fine I have a inputlookup which have fields like index and count need to create an alert which should trigger when count o... by bapun18 Communicator in Splunk Search 09-04-2019 0 8	0	8
Can I do a timewrap and use partial=false (part of timechartt command) when setting latest time to now =+Xdays@d my search looks like this ... \| fields _time fieldname \| eval wday = strftime(_time, "%a") \| where wday = ... by HattrickNZ Motivator in Splunk Search 09-04-2019 0 0	0	0
How to count the events from domain controller server hosts per hour using tstats? I want to count the events from dc server hosts by hour using tstats: \| tstats count where host="srvdc" by host GR... by landen99 Motivator in Splunk Search 09-04-2019 0 6	0	6
Hunting for duplicate event data to find suspicious activities I am trying to determine the right SPL to dig through a financial data set and look for duplicate entries. The data g... by uhaba Explorer in Splunk Search 09-04-2019 0 1	0	1
How to Split multi valued row in to different rows I have a below query which shows the recent windows patches installed in the servers, So most of the servers got inst... by vinaykataaig Explorer in Splunk Search 09-04-2019 0 2	0	2
how to filter the logs when a username field ends with "-TEST" The following are my transforms.conf and props.conf in my cluster master which are sending all the logs for the below... by pavanae Builder in Splunk Search 09-04-2019 0 4	0	4
Tally field by value and source and divide by total source count Hello, all. I'm looking for the best method to tally a particular field by value and source and then run division wi... by reigerourich Engager in Splunk Search 09-04-2019 0 2	0	2
Pulling 1-day old records Hi, Let say I have field lastTime (sample value lastTime = 09/01/2019 11:52:31). There are records with lastTime re... by vnguyen46 Contributor in Splunk Search 09-04-2019 0 7	0	7
Trying to match a field with multiple values against a lookuptable I trying to search a lookup table for matching field=user the field contains multiple values for example user=ID, na... by marktechuk New Member in Splunk Search 09-04-2019 0 1	0	1
Search two lookup tables for matching field values Hi trying to search two lookup tables for matching fields values, both tables have the same fields. Just looking to c... by marktechuk New Member in Splunk Search 09-04-2019 0 3	0	3
Wildcard lookup returns more than one value So I have a regex: rex field=requestUrl "^\w+:\/\/[^\/]+\/(?<uri>.+)$" And then I use the value of that in a looku... by bciancio New Member in Splunk Search 09-04-2019 0 1	0	1
Regex not working as expected For one of the Security usecase, we need to extract Group Memberships from the Domain. The trickier part is some of ... by cyber_castle Path Finder in Splunk Search 09-04-2019 0 5	0	5
Item count not including quality. Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE", "app... by sandeepmakkena Contributor in Splunk Search 09-04-2019 0 3	0	3
Admin Passwords Across Clusters Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster? by jaxjohnny2000 Builder in Splunk Search 09-04-2019 0 5	0	5
use inputlookup with field index and count as sub search I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when ... by bapun18 Communicator in Splunk Search 09-04-2019 0 1	0	1