Splunk Search

Community Activity

How do you compare multiple events to filter out the same host with different field values? I have alert logs coming in from an AV tool and when a tech is working on an alert assigned it to themselves, it gene... by RyanDonnelly22 Explorer in Splunk Search 08-09-2019 0 4	0	4
Can I use the same search but divide the results of one time frame with another? How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percen... by mcram52 New Member in Splunk Search 08-09-2019 0 1	0	1
How to extract only the first three octets of the IP address instead of the whole address? I have the below command to extract the top 100 IP addresses. How can I modify the search to extract only the first ... by samble Path Finder in Splunk Search 08-09-2019 0 5	0	5
Search for daily indexing rate per sourcetype and list the specific indexes Hello all, I just came onto a new job and we're trying to figure out the daily indexing rate broken down by sourcety... by mpham07 Path Finder in Splunk Search 08-09-2019 0 2	0	2
ldap seach with a wildcard I have a search below that works fine, but I would like to add a wildcard to it. This search works \| ldapsearch doma... by chadman Path Finder in Splunk Search 08-09-2019 0 8	0	8
How to read and write data to CSV lookup? Hi, I must write and read data from lookup files. Example: cn,srcip,destip,owner "Canada","207.188.75.136","192.1.1... by sbimizry Engager in Splunk Search 08-09-2019 0 3	0	3
Splunk rex field extraction issue Hi Guys, I have to extract one field from the below log and i tried this regex in https://rubular.com/ "(?<... by dineshCool New Member in Splunk Search 08-09-2019 0 1	0	1
Timechart duration, with values rolling into next span I am running the below search to get a sum of starvation per 15 minute period. The problem I am having, is that durat... by ALXWBR Path Finder in Splunk Search 08-09-2019 0 17	0	17
intermediate storing of the results Hello, I have a dbxquery, that returns a table, where I am interested in one column, let us say c1. Then in my searc... by damucka Builder in Splunk Search 08-09-2019 0 4	0	4
How to configure indexer, search head, deployment Hello, I am new to splunk and learning it . My question is when we install splunk what are things to be done if need... by funlearning321 New Member in Splunk Search 08-08-2019 0 3	0	3
Optimize Nested Search This search is slow (our dns logs are large). index=winlogs sourcetype=dns \| eval dottedquestion=replace(replace(que... by antb Path Finder in Splunk Search 08-08-2019 0 4	0	4
How to group a list per Index/object? Hi, I would like to ask for help in grouping a list per Index/object. I have tried using tables but the values are ... by yomixxxmx New Member in Splunk Search 08-08-2019 0 6	0	6
Get the roles from rest API and set to field in search I need to get the roles assigned to current logged in user and set the value to filed in search. Anybody has any ide... by bhupalbobbadi Path Finder in Splunk Search 08-08-2019 0 4	0	4
Compare Current Field Value to 24 Hour Average So I am currently trying to compare the average value of a field is using 7 days of events to what the value is curre... by mcg_connor Path Finder in Splunk Search 08-08-2019 0 2	0	2
How to create a regex that extracts date and time from the description field? I have 1000 of text entities under the description field, and I want to write a regex for it and put to a different e... by mayank101 New Member in Splunk Search 08-08-2019 0 7	0	7
see results of a rex command i have this rex code to extract the string from an event field: \| rex "(?\d{1,2})\s+hours?\s+ago" \| eval process=c... by owie6466 Explorer in Splunk Search 08-08-2019 0 4	0	4
Eval Statement for today plus 7 days? All, Quick one I am stuck on. I want an EVAL statement that takes _indexedtime and adds 7 days to it and creates a ... by daniel333 Builder in Splunk Search 08-08-2019 0 1	0	1
Query to get results from multiple indexes? I've 2 indexes "abc" and "def". There is a field "account_number" in index "abc" and a field "Emp_nummber" in index "... by amaurya1 Explorer in Splunk Search 08-08-2019 0 1	0	1
error: 'lookup-table-files': File is binary and not gzipped Hi, I am trying to add a new lookup table using the GUI and get the above error. I looked at the file with a hex edit... by yonahol Explorer in Splunk Search 08-08-2019 1 17	1	17
SPL query to replace ALL values in a field with "Hello World" I'm trying to write a simple query to replace all of the values in a field (let's call this field my_field) with a si... by brinley Path Finder in Splunk Search 08-08-2019 0 8	0	8
Help with count of specific string value of all the row and all the fields in table Hi Team, I With reference to the screenshot, the part of the table which is highlighted in yellow is what I have an... by ashish9433 Communicator in Splunk Search 08-08-2019 0 6	0	6
statement optimization because the link is the same for more condition. I like to use or operator how can i optimize this statement : <condition field="title"> <link> <![CDATA[/app/webs... by w044f New Member in Splunk Search 08-08-2019 0 1	0	1
Calculate total and average and display the results in single column Having the following search result, I need to calculate total for few rows and average for few rows and both results ... by Rajik31 New Member in Splunk Search 08-08-2019 0 2	0	2
Extracting words in a string with regular expressions Hi, I'm struggling to get a regular expression for characters in a string. https://status.aws.amazon.com/rss/#elb-u... by pipipipi Path Finder in Splunk Search 08-08-2019 0 8	0	8
How can we convert a time from EST to UTC in Splunk search? A user tells us - -- I need to convert time value from EST to UTC in Splunk search. Is there any function available... by danielbb Motivator in Splunk Search 08-08-2019 0 6	0	6