Splunk Search

Community Activity

What end of anchor parameter to use for the Symantec event? I am trying to figure out what end of the anchor parameter to use for the Symantec event. Here is a snippet of the ... by jwalzerpitt Influencer in Splunk Search 07-29-2019 0 3	0	3
Creating an alert with field value count within a transaction I am trying to create an alert for the below search that would go off if within the event there are 10 times where Ev... by mcg_connor Path Finder in Splunk Search 07-29-2019 0 2	0	2
Create custom search command in windows environment I created a custom search command on windows, but the following error message is displayed and I can not execute it. ... by ketaka Explorer in Splunk Search 07-29-2019 0 4	0	4
Splunk combine timechart result from two queries Have the following queries query 1 - cf_org_name="xxx" cf_space_name="yyy" cf_app_name=zzz index=123* msg= "Transact... by officialsubho New Member in Splunk Search 07-29-2019 0 3	0	3
Real-time table in dashboard is not real-time, until you sort it Hi there, I have a real-time table in one of my dashboards that doesn't update when you first load the page. If you ... by nick405060 Motivator in Splunk Search 07-29-2019 0 9	0	9
CRL logs not being properly displayed I'm running CRL expiration checks and using splunk to read the logs to track the last check run and when they are nex... by espengler Engager in Splunk Search 07-29-2019 0 8	0	8
How to write "\| stats count" to field? How to I must a write result from stats count to field? Example ideas... \| inputlookup lookup \| stats count(eval(fi... by sbimizry Engager in Splunk Search 07-29-2019 0 6	0	6
How to get total and sub search total per unique field value? I'm trying to chart the exception rate of various apps that we run, and would ideally be generating a table that look... by watersd Engager in Splunk Search 07-29-2019 0 5	0	5
How to avoid changing timezone to get proper results? Hi all, Generating some calls logs from different timezones America , ASIA, UK and so on. So I am running a search w... by splunkuseradmin Path Finder in Splunk Search 07-29-2019 0 3	0	3
How to use tokens in same search query? Hello, I'm trying to pass values of field to other field. Is there a best way to do it? Query: index=alerts stat... by knalla Path Finder in Splunk Search 07-29-2019 0 1	0	1
Getting Search Results using Java REST API Am i right to say that the results derived from the Splunk search is returned as XML by default? I was using the Java... by misteryuku Communicator in Splunk Search 07-29-2019 0 2	0	2
How to run a search and retrieve elements from a Splunk API in java Hi. I am trying to run a search from a Splunk API in java, store the results with fields host, sourcetype, source in ... by kalyani1184 New Member in Splunk Search 07-29-2019 0 18	0	18
How to clear SearchManager results once processed with on('data') I have a modal dialog that pops up and shows a table of results. When I click OK on that, I do some processing on the... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 0	0	0
Field search needs unnecessary wildcard character * I am doing search on data coming from fluentd k8s. On top of that data , I wanted to filter on basis of field. A... by bibekmantree New Member in Splunk Search 07-29-2019 0 5	0	5
Join a search by field across indexes I have two different indexes, with the common field being username. One index that contains phishing history data. ... by aarichow Explorer in Splunk Search 07-28-2019 3 5	3	5
Fields extraction from TXT file with fixed position varrying event formats in each line I need to monitor a text file. Each line in this file is considered an event. There are three different types of even... by mbasharat Builder in Splunk Search 07-28-2019 0 11	0	11
How to create static baseline on chart without showing data for baseline I created a baseline by adding eval field as shown below: \| eval BaseLine=1000\|fields _time, ResponeTime, BaseLine ... by arusoft Communicator in Splunk Search 07-28-2019 0 2	0	2
Help with eval and wildcards Hi, I'm trying to use eval for hosts, and need to use wildcards. I tried the following, but it's not working. How... by a212830 Champion in Splunk Search 07-28-2019 0 4	0	4
How to combine multiple queries and then use the final result in one final query? DON'T GET INTIMIDATED BY THE LENGTH OF THE QUESTION. I'm getting account numbers from the first three queries. I wan... by amaurya1 Explorer in Splunk Search 07-28-2019 0 6	0	6
group by from fields I have events similar to these: component, technology, mydate silva, java, 06/20/2019 souza, java, 06/20/2019 silva,... by andreyglauzer New Member in Splunk Search 07-28-2019 0 6	0	6
lookup value based on current search results New to Splunk and having a difficult time returning the correct results. The below query works... meaning that it con... by lbrhyne Path Finder in Splunk Search 07-28-2019 0 4	0	4
Case and Match do not retrieve the right results I have the following logs where the output can be from application or database or from third party source. id=11111 ... by amunag439 Explorer in Splunk Search 07-28-2019 0 2	0	2
error in timechart graph Hi all, We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a sin... by ayushmaan Explorer in Splunk Search 07-28-2019 0 2	0	2
Two searches with different source and producing results in form of filename in column A and B respectively. There are 2 searches from 2 different sources that are fetching file name details in column A and B respectively. We... by guptap2 New Member in Splunk Search 07-28-2019 0 6	0	6
Not able to generate timechart from a multivalue field I am getting my input in json format like below, {"message":{"SID":"DEV","TIMESTAMP":1563095600,"PARAMS":[{"PROC_COD... by twh1 Communicator in Splunk Search 07-27-2019 0 12	0	12