Splunk Search

Community Activity

How to find certain field values and change the value into another field If the vulnerability column has a certain value then a new column called ‘Software_Affected’ has a corresponding valu... by ajdyer2000 Path Finder in Splunk Search 08-28-2019 0 3	0	3
How to convert time from an inputlookup Hi, I need help in converting the time provided by a lookup. \| inputlookup AD_User_LDAP_list \| search cn=jon1 \| fiel... by cip1 Engager in Splunk Search 08-28-2019 0 3	0	3
Need to run a transaction search based on the extracted value of another field. I run a search to find all events relating to a particular transaction number i.e. index=myindex searchstring \| tran... by sheloaha Path Finder in Splunk Search 08-28-2019 0 6	0	6
How to show side by side two tables of same field depending on value of another field For example, I have events that contain a Version field and also a timeTaken field. I want to display two tables of ... by elvistitus New Member in Splunk Search 08-28-2019 0 2	0	2
How to identify the average time taken to process an item? I am trying to create a pareto chart. I have already done that portion of the work. I have been asked to identify a n... by rwills2 New Member in Splunk Search 08-28-2019 0 2	0	2
help me in writing Regex for the below data <37>Aug 27 10:52:59 DC1TPSMS02 CEF:0\|TippingPoint\|UnityOne\|1.0.0.17\|7611\|Suspicious Country Blacklist\|1\|app=IP cnt=1 ... by vikram1583 Explorer in Splunk Search 08-28-2019 0 21	0	21
rex multiple matches in single event Hi, I using a query : index=abc source="unknown.log" "192.0.44.13" \| rex "Value 0: (?<device>.*)" \| rex "Value 1: (... by surekhasplunk Communicator in Splunk Search 08-28-2019 0 5	0	5
Field extractions for my app not showing up in search I have a custom set of logs where I wrote out the regex to parse it. I then created a field extraction via the searc... by DEAD_BEEF Builder in Splunk Search 08-28-2019 0 3	0	3
How to sort search and get rid of the count from LAST_MODIFIED_DATE and have them shown by ACTUAL_START_DATE? I have a problem regarding sorting in Splunk. I want to make automated reports and I want to sort in a calendar the a... by theodorel Engager in Splunk Search 08-28-2019 0 2	0	2
Eval total duration in minutes i've created a table from a project run that displays the time a run started, ended and what time files have been cre... by lavster Path Finder in Splunk Search 08-28-2019 0 2	0	2
how to replace \ with \\ in eval statement i expect var1="d:\test\data.csv" but i got it shows mismatch or missing closing parenthesis var="d:\test\data.csv... by reney44 Engager in Splunk Search 08-28-2019 0 2	0	2
count condition I'm having trouble writing a search statement that sets the count to 0 when the service is normally. This is my data... by subachu New Member in Splunk Search 08-27-2019 0 4	0	4
What are the differences between append, appendcols, and join search commands? Hello all, I need to know all differences between append, appendcols, and join when being used with pipe while searc... by Amirahussein Path Finder in Splunk Search 08-27-2019 5 2	5	2
How to create a DNS regex for our sample DNS logs to make them more meaningful? HI Experts, I am a fresh guy in SPLUNK Searching. Recently, my team leader needed us to create a DNS regex and make ... by jackywsy Explorer in Splunk Search 08-27-2019 0 4	0	4
Active Directory DNS debug logs extract domain name props.conf [win_dns] SEDCMD-win_dns = s/(\d+)/./g SEDCMD-domainname = s/(\(\d\))/./g EXTRACT-dns_name = (?i)] \w+\s+(... by splunkranger Path Finder in Splunk Search 08-27-2019 0 7	0	7
How to field extract one or more times to the same field? I am using a CDN and have obtained my DNS logs. Some of the DNS logs have multiple values for the field response ID ... by DEAD_BEEF Builder in Splunk Search 08-27-2019 0 1	0	1
Add To Search Returns No Results I have an index in Splunk enterprise named "my_index". When I search for data using index="my_index" for the last 24 ... by lynmar Explorer in Splunk Search 08-27-2019 0 5	0	5
How to use a table as input for a new search Hi all. I'm trying to write a search that will list users with more than 5 failed logins in the past 8 hours and the... by bobstoll New Member in Splunk Search 08-27-2019 0 1	0	1
Track License Usage Cumulatively, Comparing Last 7 Days I would like to chart license usage throughout the day cumulatively, meaning, the results are added and charts every ... by aferone Builder in Splunk Search 08-27-2019 0 8	0	8
How to set earliest time based on current time I am ingesting data at 6AM, 2PM, 7PM, 10PM (CST) Is there anyway I could have my query check the time and set earlies... by JoshuaJohn Contributor in Splunk Search 08-27-2019 0 3	0	3
How to make column timechart that can drill down to the clicked column time value? Hi, I've got a timechart which lays out the average response count for multiple groups over the last hour with a col... by pepper_seattle Path Finder in Splunk Search 08-27-2019 3 7	3	7
How do I write the regex to extract information within parenthesis? Hey there, I have been banging my head over this issue. Basically, I am searching a sourcetype for, let's call it, "... by BC88 New Member in Splunk Search 08-27-2019 0 2	0	2
Count the three different value from one response message I have the following response : Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly ... by JyotiP Path Finder in Splunk Search 08-27-2019 0 6	0	6
Extract field that might be surrounded by quotes I am working to extract a field that at times is surrounded by quotes. This means I have either; operation or "operat... by aohls Contributor in Splunk Search 08-27-2019 0 6	0	6
Breaking an event with occasionally repeating fields, or use multikv? We have a very simple space delimited input, but the results occasionally instantiate per event: INFO_TYPE 2019-08-... by tlay Explorer in Splunk Search 08-27-2019 0 0	0	0