Splunk Search

Community Activity

One field and multiple custom values and get percentages Hi, I need hep to create table, which shows multiple custom values / field count / % example, how it need to look: by pudanelilita Explorer in Splunk Search 08-29-2019 0 2	0	2
How to troubleshoot error "Search process did not exit cleanly, exit_code=-1, description="exited with code -1"."? I'm getting the following error. How do I troubleshoot? Search process did not exit cleanly, exit_code=-1, descript... by mrtolu6 Path Finder in Splunk Search 08-29-2019 0 6	0	6
Save results of saved search back into an index. Can we save results of a saved search/ search back into splunk. Something similar to a view in SQL database. Splunk q... by johnsasikumar Path Finder in Splunk Search 08-28-2019 0 1	0	1
Is the Enterprise Security 'ECSU - Remote Desktop Network Bruteforce - Rule' correlation search incorrect? Hi Splunkers, I was wading through some of the Enterprise Security correlation searches and I noticed that the Remot... by grashupfer Engager in Splunk Search 08-28-2019 0 0	0	0
How to filter out inline result Hello, After my query my result is: <ns2:OriginCountry>RUS</ns2:OriginCountry><ns2:MessageValues><ns2:MessageValu... by alivesince92 Engager in Splunk Search 08-28-2019 0 11	0	11
Array possibility in Splunk Hello, I am new to Splunk and wanted to create a dashboard. I have 8 ORs coming through log but the problem is if an... by vishal9023 New Member in Splunk Search 08-28-2019 0 7	0	7
Why does fieldformat not work if field is renamed? I have reviewed https://answers.splunk.com/answers/63730/using-fieldformat-and-rename.html?utm_source=typeahead&utm_m... by seomaniv Explorer in Splunk Search 08-28-2019 0 3	0	3
Index vs Sourcetype - What's faster I am curious, does including an index help the search any when writing a search? This comes about as me and a frien... by chandlercr New Member in Splunk Search 08-28-2019 0 2	0	2
How to extract trailing numbers from a string with rex I'm trying to extract a string (alphabets and underscore) from a given string which can contain any number of numeric... by hmbisht Explorer in Splunk Search 08-28-2019 0 3	0	3
How to get all sets of response time from user to agent in the entire log In the above log User(Saj) to Agent(Rohi) Response for all the conversations in the log should be captured: In the ab... by rajaguru2790 Explorer in Splunk Search 08-28-2019 0 0	0	0
Need to return second line's agent response time as a separate field using Regex by finding the agent using system message "online for chatting" in the first line Rohi is the agent and Saj is the user. Using system message we can find the . Then we need to matc h the next line of... by rajaguru2790 Explorer in Splunk Search 08-28-2019 0 14	0	14
percentage i have a field called application_name it is indexing to Splunk for every 5 min. so if i run top command for getting ... by srinivasmanikan Engager in Splunk Search 08-28-2019 0 11	0	11
How to find certain field values and change the value into another field If the vulnerability column has a certain value then a new column called ‘Software_Affected’ has a corresponding valu... by ajdyer2000 Path Finder in Splunk Search 08-28-2019 0 3	0	3
How to convert time from an inputlookup Hi, I need help in converting the time provided by a lookup. \| inputlookup AD_User_LDAP_list \| search cn=jon1 \| fiel... by cip1 Engager in Splunk Search 08-28-2019 0 3	0	3
Need to run a transaction search based on the extracted value of another field. I run a search to find all events relating to a particular transaction number i.e. index=myindex searchstring \| tran... by sheloaha Path Finder in Splunk Search 08-28-2019 0 6	0	6
How to show side by side two tables of same field depending on value of another field For example, I have events that contain a Version field and also a timeTaken field. I want to display two tables of ... by elvistitus New Member in Splunk Search 08-28-2019 0 2	0	2
How to identify the average time taken to process an item? I am trying to create a pareto chart. I have already done that portion of the work. I have been asked to identify a n... by rwills2 New Member in Splunk Search 08-28-2019 0 2	0	2
help me in writing Regex for the below data <37>Aug 27 10:52:59 DC1TPSMS02 CEF:0\|TippingPoint\|UnityOne\|1.0.0.17\|7611\|Suspicious Country Blacklist\|1\|app=IP cnt=1 ... by vikram1583 Explorer in Splunk Search 08-28-2019 0 21	0	21
rex multiple matches in single event Hi, I using a query : index=abc source="unknown.log" "192.0.44.13" \| rex "Value 0: (?<device>.*)" \| rex "Value 1: (... by surekhasplunk Communicator in Splunk Search 08-28-2019 0 5	0	5
Field extractions for my app not showing up in search I have a custom set of logs where I wrote out the regex to parse it. I then created a field extraction via the searc... by DEAD_BEEF Builder in Splunk Search 08-28-2019 0 3	0	3
How to sort search and get rid of the count from LAST_MODIFIED_DATE and have them shown by ACTUAL_START_DATE? I have a problem regarding sorting in Splunk. I want to make automated reports and I want to sort in a calendar the a... by theodorel Engager in Splunk Search 08-28-2019 0 2	0	2
Eval total duration in minutes i've created a table from a project run that displays the time a run started, ended and what time files have been cre... by lavster Path Finder in Splunk Search 08-28-2019 0 2	0	2
how to replace \ with \\ in eval statement i expect var1="d:\test\data.csv" but i got it shows mismatch or missing closing parenthesis var="d:\test\data.csv... by reney44 Engager in Splunk Search 08-28-2019 0 2	0	2
count condition I'm having trouble writing a search statement that sets the count to 0 when the service is normally. This is my data... by subachu New Member in Splunk Search 08-27-2019 0 4	0	4
What are the differences between append, appendcols, and join search commands? Hello all, I need to know all differences between append, appendcols, and join when being used with pipe while searc... by Amirahussein Path Finder in Splunk Search 08-27-2019 5 2	5	2