Splunk Search

Community Activity

Transactions not showing any data after clicking on "show lines" Hey guys, My transaction gives me the option to "show 10 lines", but when clicked on it nothing shows up and the labe... by pkol Explorer in Splunk Search 09-01-2019 0 1	0	1
user!=xxx user!=yyy VS. NOT user IN (xxx yyy) Hi, when building queries I'm all for their clean look and readability - of course performance always matters more. ... by fedejko Explorer in Splunk Search 09-01-2019 0 1	0	1
How to parse a log file with multiple types of records? I have a log file with multiple line patterns. Something like this: [name] [surname] [address] ... by vtsco New Member in Splunk Search 09-01-2019 0 1	0	1
Using the Splunk Tutorial data, how to find the number of hits and top 20 category and top 20 domain? How to find the number of hits and top 20 category and top 20 domain using the tutorial data on Splunk. Please help, ... by rishabh4 New Member in Splunk Search 08-31-2019 0 4	0	4
Regex error, exceeded configured match_limit Hi Splunkers, I'm running Splunk 7.0.1 and having some problems to parse variables using regex in a search. This is... by prsepulv Explorer in Splunk Search 08-31-2019 0 2	0	2
How to improve the performance of our Splunk search query? We have indexed access logs into index="mpsapp", When we do a stats search or filter any records for these data for a... by dhavamanis Builder in Splunk Search 08-31-2019 2 7	2	7
How to get results for how often each alarm type occurs in percentage I have uploaded alarm logs into Splunk. I would like to be able to show results for how often each alarm type occurs ... by marenastrauss New Member in Splunk Search 08-30-2019 0 3	0	3
How to compare single value field from index 1 with that of multivalue field in index 2 and display the results? Hi, I am trying to correlate two security indexes and display the output. Index 1 has a CVE_Id and index 2 also has... by Navanitha Path Finder in Splunk Search 08-30-2019 0 3	0	3
How to create field from one to many fields of a certain format? Here is my data (linux_audit): type=EXECVE msg=audit(1567181894.530:909): argc=2 a0="cat" a1="audit.log" type=EXECVE... by ejwade Contributor in Splunk Search 08-30-2019 0 2	0	2
timechart not using correct _time timeframe I have a dashboard with 2 columns of panels, each containing the same 5 panels, 5 on the left and 5 on the right. th... by weidertc Contributor in Splunk Search 08-30-2019 0 9	0	9
To identify unused/unsearches data in Splunk Is there a way to find unused/unsearched data in Splunk? Example: In an Index=XYZ we are ingesting 100GB of data on ... by rahulhoney New Member in Splunk Search 08-30-2019 0 3	0	3
How to detect trending or spike for given timespan How to detect trending or spike for given timespan. So we column of users and activities column. How do we detect ... by duenguyen Explorer in Splunk Search 08-30-2019 0 1	0	1
Trying to search a Workday index for direct deposit change requests from unknown addressess We use Workday as our payroll system and have a Workday add-on with logs in an index called dmc_workday_index. I want... by blmclaws Engager in Splunk Search 08-30-2019 0 2	0	2
How to join two searches, consider first and not second (subsearch)? I tried to use the NOT command to get the events from the first search but not in the second (subsearch) but in the r... by rodrigobortolon New Member in Splunk Search 08-30-2019 0 7	0	7
How to access a property on the last element in an array,accessing last element in json array? Hi I have json events that have an array with objects and i want to extract a property from it Some pseudo search co... by marcovdlinden New Member in Splunk Search 08-30-2019 0 2	0	2
Why is search not executing? Hello I am using Splunk to analyze results from Qualys Vulnerability Scanning I have noticed that one of my searche... by mmor New Member in Splunk Search 08-30-2019 0 3	0	3
How to round down time to nearest 10th minute Hi, I want to convert my now() time to round down to nearest 10th minute. For e.g. If now returns 10:02 I want it t... by sammyshinde14 New Member in Splunk Search 08-30-2019 0 3	0	3
splunk command to repair buckets hi, can i please know the splunk command to rebuild the buckets in a directory . I used splunk rebuild directory_nam... by kteng2024 Path Finder in Splunk Search 08-30-2019 0 4	0	4
Check if IP address from search not in list of IP address I am still learning Splunk and trying to understand best way to find if IP addresses in my search results are NOT in ... by ashishmgupta Explorer in Splunk Search 08-29-2019 0 2	0	2
How to access the raw data collected by Splunk? I want to access the log files from Web servers, Micro Services, by protocol (HTTP, SOAP, FTP, etc.) or Databases. Wh... by sc2019 New Member in Splunk Search 08-29-2019 0 2	0	2
How to get match to work with two sources Okay so here's the problem, 2 sources and I have to rex out a file name and match it to a field within another file i... by rossparfect Path Finder in Splunk Search 08-29-2019 0 13	0	13
How to get percentage of values for a field based on total number from different search Hi, I have been pulling my hair to get this to work, but couldn't, and any help would be very much appreciated. I h... by fullstackdev New Member in Splunk Search 08-29-2019 0 4	0	4
Events with Tab Delimited values Hi All, I have some logs which are mostly tab delimited I used props and transforms to set up the delimited extracti... by akshatj2 Path Finder in Splunk Search 08-29-2019 0 3	0	3
How to search result in data and put it in a table I need to create a table from the results in the query below. where the utilization is greater than or equal to .7. ... by codedtech Path Finder in Splunk Search 08-29-2019 0 5	0	5
EVAL Total Duration in Minutes Across 2 Indexes ive created a table with monitoring in for our daily checks However I still need to do an eval to get the Total Dura... by lavster Path Finder in Splunk Search 08-29-2019 0 5	0	5