Splunk Search

Community Activity

How to field extract one or more times to the same field? I am using a CDN and have obtained my DNS logs. Some of the DNS logs have multiple values for the field response ID ... by DEAD_BEEF Builder in Splunk Search 08-27-2019 0 1	0	1
Add To Search Returns No Results I have an index in Splunk enterprise named "my_index". When I search for data using index="my_index" for the last 24 ... by lynmar Explorer in Splunk Search 08-27-2019 0 5	0	5
How to use a table as input for a new search Hi all. I'm trying to write a search that will list users with more than 5 failed logins in the past 8 hours and the... by bobstoll New Member in Splunk Search 08-27-2019 0 1	0	1
Track License Usage Cumulatively, Comparing Last 7 Days I would like to chart license usage throughout the day cumulatively, meaning, the results are added and charts every ... by aferone Builder in Splunk Search 08-27-2019 0 8	0	8
How to set earliest time based on current time I am ingesting data at 6AM, 2PM, 7PM, 10PM (CST) Is there anyway I could have my query check the time and set earlies... by JoshuaJohn Contributor in Splunk Search 08-27-2019 0 3	0	3
How to make column timechart that can drill down to the clicked column time value? Hi, I've got a timechart which lays out the average response count for multiple groups over the last hour with a col... by pepper_seattle Path Finder in Splunk Search 08-27-2019 3 7	3	7
How do I write the regex to extract information within parenthesis? Hey there, I have been banging my head over this issue. Basically, I am searching a sourcetype for, let's call it, "... by BC88 New Member in Splunk Search 08-27-2019 0 2	0	2
Count the three different value from one response message I have the following response : Message=Login failed for user 'testuser_FSQ5'. Reason: Failed to open the explicitly ... by JyotiP Path Finder in Splunk Search 08-27-2019 0 6	0	6
Extract field that might be surrounded by quotes I am working to extract a field that at times is surrounded by quotes. This means I have either; operation or "operat... by aohls Contributor in Splunk Search 08-27-2019 0 6	0	6
Breaking an event with occasionally repeating fields, or use multikv? We have a very simple space delimited input, but the results occasionally instantiate per event: INFO_TYPE 2019-08-... by tlay Explorer in Splunk Search 08-27-2019 0 0	0	0
How to rename unknown field names from inputlookup file I want to merge multiple fields from multiple lookup tables into a single field/column. I only know the name of the f... by cjohnk Explorer in Splunk Search 08-27-2019 0 3	0	3
Powershell Script to get Splunk UF info from DC's Afternoon All, I have been tasked to get a list of information from Splunk UF's that are installed on 31 Domain Cont... by brewster88 New Member in Splunk Search 08-27-2019 0 0	0	0
Need Count of values in multivalued field, grouped by another field in json data hi everyone, I need count of "id" field against the sequence field parentRecord sequence ... by rajeshku348 New Member in Splunk Search 08-27-2019 0 2	0	2
Maximum number of events displayed in an "events list" visualization? I have a dashboard in Splunk 7.3.0 with the following HTML viz definition: <html depends="$eventCount$,$duration$,$s... by Graham_Hanningt Builder in Splunk Search 08-27-2019 0 0	0	0
Group events by last occurance of status field value I want to group events with last occurance of notnull field value ex. I am grouping events which startswith:logon and... by ips_mandar Builder in Splunk Search 08-26-2019 0 6	0	6
Issue with importing 3rd party library into Splunk. Hello, We are trying to import a third party library party library "go.js" to bring in custom visualization into sp... by johnsasikumar Path Finder in Splunk Search 08-26-2019 0 0	0	0
How to correlate across events, then aggregate by a different event? Something like, DEBUG traceid=123 user=john DEBUG traceid=123 result=200 DEBUG traceid=456 user=john DEBUG traceid=4... by toehser1 New Member in Splunk Search 08-26-2019 0 1	0	1
How to get the latencycount by each Api using stats I am just trying to get the latency count of API by taking the AVG responsetime of the API and using the avg as thres... by tarunreddy_anth New Member in Splunk Search 08-26-2019 0 9	0	9
Splunk Status Indicator - Awesome Font Library - Icons missing I just loaded the app Splunk Status Indicator on Splunk Enterprise 7.2.6, and just finished reading the online docume... by dcondliffe Engager in Splunk Search 08-26-2019 0 0	0	0
Default value for `stats count` or `top` This should be a trivial thing, but I'm having a hard time figuring out how to do it in Splunk: how do I use a defaul... by shulmaniel New Member in Splunk Search 08-26-2019 0 3	0	3
Search SPL to show messages menu Can someone tell me the Splunk query to match the contents of the "Messages" menu item? As an example, i see the fol... by awmorris Path Finder in Splunk Search 08-26-2019 0 2	0	2
How to split up multiple values within a field (mvexpand) Hi, The output of both systems is written to the same index and differ by the component contained in the event. e.g... by mklhs Path Finder in Splunk Search 08-26-2019 0 4	0	4
How to extract fields from log I'm trying to extract fields from a log and failing miserably. In my first attempt I used a props.conf to specify th... by insert_regex_he Explorer in Splunk Search 08-26-2019 0 8	0	8
Is there a way to tell if a "specific" lookup file is in use on a dashboard, report, or alert without manually checking each of these searches? found the answer to getting all lookup files in use on a dashboard, report or alert. Looking for a way to tell if on... by owie6466 Explorer in Splunk Search 08-26-2019 1 4	1	4
SPL to find first time account access To find the user first time login in PCI compilance - what is the SPL query ? I am using the query as below : \| fro... by corecomputetool New Member in Splunk Search 08-26-2019 0 1	0	1