Splunk Search

Community Activity

	How to find the oldest log indexed in the indexer instances ? Hi All, Currently we are running out of space in our indexer instance and we wanted to remove the oldest data that is... by Hemnaath Motivator in Splunk Search 09-04-2019 0 8	0	8
	I have a inputlookup which have fields like index and count need to create an alert which should trigger when count of indexes given will be exceed given count in lookup, use of sub search will also fine I have a inputlookup which have fields like index and count need to create an alert which should trigger when count o... by bapun18 Communicator in Splunk Search 09-04-2019 0 8	0	8
	Can I do a timewrap and use partial=false (part of timechartt command) when setting latest time to now =+Xdays@d my search looks like this ... \| fields _time fieldname \| eval wday = strftime(_time, "%a") \| where wday = ... by HattrickNZ Motivator in Splunk Search 09-04-2019 0 0	0	0
	How to count the events from domain controller server hosts per hour using tstats? I want to count the events from dc server hosts by hour using tstats: \| tstats count where host="srvdc" by host GR... by landen99 Motivator in Splunk Search 09-04-2019 0 6	0	6
	Hunting for duplicate event data to find suspicious activities I am trying to determine the right SPL to dig through a financial data set and look for duplicate entries. The data g... by uhaba Explorer in Splunk Search 09-04-2019 0 1	0	1
	How to Split multi valued row in to different rows I have a below query which shows the recent windows patches installed in the servers, So most of the servers got inst... by vinaykataaig Explorer in Splunk Search 09-04-2019 0 2	0	2
	how to filter the logs when a username field ends with "-TEST" The following are my transforms.conf and props.conf in my cluster master which are sending all the logs for the below... by pavanae Builder in Splunk Search 09-04-2019 0 4	0	4
	Tally field by value and source and divide by total source count Hello, all. I'm looking for the best method to tally a particular field by value and source and then run division wi... by reigerourich Engager in Splunk Search 09-04-2019 0 2	0	2
	Pulling 1-day old records Hi, Let say I have field lastTime (sample value lastTime = 09/01/2019 11:52:31). There are records with lastTime re... by vnguyen46 Contributor in Splunk Search 09-04-2019 0 7	0	7
	Trying to match a field with multiple values against a lookuptable I trying to search a lookup table for matching field=user the field contains multiple values for example user=ID, na... by marktechuk New Member in Splunk Search 09-04-2019 0 1	0	1
	Search two lookup tables for matching field values Hi trying to search two lookup tables for matching fields values, both tables have the same fields. Just looking to c... by marktechuk New Member in Splunk Search 09-04-2019 0 3	0	3
	Wildcard lookup returns more than one value So I have a regex: rex field=requestUrl "^\w+:\/\/[^\/]+\/(?<uri>.+)$" And then I use the value of that in a looku... by bciancio New Member in Splunk Search 09-04-2019 0 1	0	1
	Regex not working as expected For one of the Security usecase, we need to extract Group Memberships from the Domain. The trickier part is some of ... by cyber_castle Path Finder in Splunk Search 09-04-2019 0 5	0	5
	Item count not including quality. Here is the sample log I want a timechart. {"dtm":"2019-09-04 07:17:39.129 PDT", "logger":".WEB_ORDER_RELEASE", "app... by sandeepmakkena Contributor in Splunk Search 09-04-2019 0 3	0	3
	Admin Passwords Across Clusters Just to be sure, does the admin password need to be the same for each component in the Search Head or Index Cluster? by jaxjohnny2000 Builder in Splunk Search 09-04-2019 0 5	0	5
	use inputlookup with field index and count as sub search I have an inputlookup which have 2 fields index and count, I need to create an alert so that alert will trigger when ... by bapun18 Communicator in Splunk Search 09-04-2019 0 1	0	1
	how to avoid auto extraction in quotes? I have logs like msg="some string here method=aaaa" method=bbbb splunk may extract method=aaaa out of the quoted st... by yasein Engager in Splunk Search 09-04-2019 0 3	0	3
	Index time extracted field unable to search I am extracting one field at index time from source field using regex and while searching field value sometime I am u... by ips_mandar Builder in Splunk Search 09-04-2019 0 2	0	2
	How to update a field only if there was a change or delta in the subsearch? Hi, I have a sample CSV called original.csv. Each day, a search is ran and saved to new.csv. What search to do I need... by russell120 Communicator in Splunk Search 09-04-2019 0 3	0	3
	How to whitelist multiple IP addresses from datamodel search? (no need to use lookups)? Hi Guys, Can you please tell me how to exclude/whitelist multiple ip adresses from the datamodel search here is the... by dzejsonborn New Member in Splunk Search 09-04-2019 0 6	0	6
	What is the correct syntax of applying NOT operator in transforms.conf? The following is the regex I am working on and what I'm trying to do is exclude any username events that ends with "Z... by pavanae Builder in Splunk Search 09-04-2019 0 2	0	2
	How do i get a % of page hits off the total users who accessed a set of pages. index=app sourcetype=accesslog uri="some uri" user!="-" (context="display" OR context="pages") earliest=-7d \| rex fi... by abhijitd New Member in Splunk Search 09-04-2019 0 2	0	2
	search result issue by users Same SPL result is different by user A and admin SPL-> index=xxx when I do search with userA's userid "interestin... by moonyoungjung New Member in Splunk Search 09-04-2019 0 5	0	5
	How to search events generated by TA. Hello, I am using Splunk enterprise and splunk enterprise security. I have windows IIS TA configured as well.How to ... by Arpmjdr Explorer in Splunk Search 09-04-2019 0 1	0	1
	PDF generation removes X-axis labels if there are too many units. Can I fix it without increase the width value in the pdfgen_chart.py? I don't want to modify the pdfgen_chart.py, is there any other way? and when I use 'https://localhost:8089/services/p... by duyuzhuo Explorer in Splunk Search 09-04-2019 0 0	0	0