Splunk Search

Community Activity

	How to Split multi valued row in to different rows I have a below query which shows the recent windows patches installed in the servers, So most of the servers got inst... by vinaykataaig Explorer in Splunk Search 09-04-2019 0 2	0	2
	how to filter the logs when a username field ends with "-TEST" The following are my transforms.conf and props.conf in my cluster master which are sending all the logs for the below... by pavanae Builder in Splunk Search 09-04-2019 0 4	0	4
	Tally field by value and source and divide by total source count Hello, all. I'm looking for the best method to tally a particular field by value and source and then run division wi... by reigerourich Engager in Splunk Search 09-04-2019 0 2	0	2
	Pulling 1-day old records Hi, Let say I have field lastTime (sample value lastTime = 09/01/2019 11:52:31). There are records with lastTime re... by vnguyen46 Contributor in Splunk Search 09-04-2019 0 7	0	7
	Trying to match a field with multiple values against a lookuptable I trying to search a lookup table for matching field=user the field contains multiple values for example user=ID, na... by marktechuk New Member in Splunk Search 09-04-2019 0 1	0	1
	Search two lookup tables for matching field values Hi trying to search two lookup tables for matching fields values, both tables have the same fields. Just looking to c... by marktechuk New Member in Splunk Search 09-04-2019 0 3	0	3
	Wildcard lookup returns more than one value So I have a regex: rex field=requestUrl "^\w+:\/\/[^\/]+\/(?<uri>.+)$" And then I use the value of that in a looku... by bciancio New Member in Splunk Search 09-04-2019 0 1	0	1
	Regex not working as expected For one of the Security usecase, we need to extract Group Memberships from the Domain. The trickier part is some of ... by cyber_castle Path Finder in Splunk Search 09-04-2019 0 5	0	5
	Item count not including quality. Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE", "app... by sandeepmakkena Contributor in Splunk Search 09-04-2019 0 3	0	3
	Admin Passwords Across Clusters Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster? by jaxjohnny2000 Builder in Splunk Search 09-04-2019 0 5	0	5
	use inputlookup with field index and count as sub search I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when ... by bapun18 Communicator in Splunk Search 09-04-2019 0 1	0	1
	how to avoid auto extraction in quotes? I have logs like msg="some string here method=aaaa" method=bbbb splunk may extract method=aaaa out of the quoted st... by yasein Engager in Splunk Search 09-04-2019 0 3	0	3
	Index time extracted field unable to search I am extracting one field at index time from source field using regex and while searching field value sometime I am u... by ips_mandar Builder in Splunk Search 09-04-2019 0 2	0	2
	How to update a field only if there was a change or delta in the subsearch? Hi, I have a sample CSV called original.csv. Each day, a search is ran and saved to new.csv. What search to do I need... by russell120 Communicator in Splunk Search 09-04-2019 0 3	0	3
	How to whitelist multiple IP addresses from datamodel search? (no need to use lookups)? Hi Guys, Can you please tell me how to exclude/whitelist multiple ip adresses from the datamodel search here is the... by dzejsonborn New Member in Splunk Search 09-04-2019 0 6	0	6
	What is the correct syntax of applying NOT operator in transforms.conf? The following is the regex I am working on and what I'm trying to do is exclude any username events that ends with "Z... by pavanae Builder in Splunk Search 09-04-2019 0 2	0	2
	How do i get a % of page hits off the total users who accessed a set of pages. index=app sourcetype=accesslog uri="some uri" user!="-" (context="display" OR context="pages") earliest=-7d \| rex fi... by abhijitd New Member in Splunk Search 09-04-2019 0 2	0	2
	search result issue by users Same SPL result is different by user A and admin SPL-> index=xxx when I do search with userA's userid "interestin... by moonyoungjung New Member in Splunk Search 09-04-2019 0 5	0	5
	How to search events generated by TA. Hello, I am using Splunk enterprise and splunk enterprise security. I have windows IIS TA configured as well.How to ... by Arpmjdr Explorer in Splunk Search 09-04-2019 0 1	0	1
	PDF generation removes X-axis labels if there are too many units. Can I fix it without increase the width value in the pdfgen_chart.py? I don't want to modify the pdfgen_chart.py, is there any other way? and when I use 'https://localhost:8089/services/p... by duyuzhuo Explorer in Splunk Search 09-04-2019 0 0	0	0
	Compare fields with similar names I feed my index with many totals and actual use values. Each of those fields are in the following event: { [-] ... by adrien_dereumau Path Finder in Splunk Search 09-04-2019 0 10	0	10
	how to make a simple table with raw data fields and non fields data in Splunk enterprise? Hello Everyone. im trying to make a simple table for the log file which i have uploded in Splunk. i can able to get ... by salmanbpc New Member in Splunk Search 09-04-2019 0 3	0	3
	Chart command. index=aos_transaction \| chart count by payments, geo \| addtotals col=t \| sort -Total \| head 10 I want to display onl... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 2	0	2
	How to get rid of white spaces in the column names when working on DB.? Hi when I am trying to get the results from the DB (SQL Server), there are some column names as "Show Room Code". ... by SanthoshSreshta Contributor in Splunk Search 09-03-2019 0 3	0	3
	Drop off count in website. I am working on website sales data where n number of different services are called like CartService, OrderBuildServic... by sandeepmakkena Contributor in Splunk Search 09-03-2019 0 3	0	3