Splunk Search

Community Activity

Feasibility of regex to keep specific events and discard the rest I want to keep specific events which contains few strings in event but around 30 OR statement I have to write in rege... by ips_mandar Builder in Splunk Search 07-27-2019 0 6	0	6
Help with eval division calculation Hey all, I need an eval expression for the below output: _time minutes bminutes 2019-06-01 1349511.54 105472800 2... by splunkuseradmin Path Finder in Splunk Search 07-27-2019 0 3	0	3
whats preventing me to get the desired output Hi Team, I am not able to get the values for SLA Time and time_diff_epoch. when i am running two queirs indviduall... by pench2k19 Explorer in Splunk Search 07-26-2019 0 3	0	3
CWE-610, CWE-918 vulnerabilities? Hello, my red team just did an engagement against Splunk and among their findings is a SSRF vulnerability and so far,... by dajjohns Engager in Splunk Search 07-26-2019 0 0	0	0
Can we include OR/AND operator in a transaction I have the following log sets, one for success case and one for the failure case Success: id=11111 msg=Begin process... by amunag439 Explorer in Splunk Search 07-26-2019 1 4	1	4
How to use the INPUTLOOKUP command on Splunk Cloud Hi Everyone, So we are using SPlunk Cloud and I have created a dashboard that searches for the top 100 most reoccurri... by paksan32 New Member in Splunk Search 07-26-2019 0 4	0	4
eval if(X,Y,Z) always returns Z whether X matches or not https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/ConditionalFunctions#if.28X.2CY.2CZ.29 I'm trying... by cblanton Communicator in Splunk Search 07-26-2019 0 5	0	5
Use makemv on all fields I have quite a bit of single-value fields in my dataset which really should be multi-value fields. They are all forma... by brinley Path Finder in Splunk Search 07-26-2019 0 2	0	2
Age calculation based on Date Hi, I have a field in my data that is called "date". This "date" is when a vulnerability was seen the first time. I ... by mbasharat Builder in Splunk Search 07-26-2019 0 1	0	1
How to rename column values when making a chart I have a table which has a store_id, a shopper_id. For example (1, 5231). Each store_id corresponds to a the store na... by sakeebhossain Explorer in Splunk Search 07-26-2019 1 3	1	3
How to regex the raw data? hi all, I am trying to extract field from Splunk "extract more fields" feature, its not showing as the logs in events... by splunkuseradmin Path Finder in Splunk Search 07-26-2019 0 2	0	2
Is it possible to parse daily log file to report the time between OffHook and OnHook event Did a little bit of searching, but didn't really find what I needed, but I also don't know if I'm even searching the ... by evilrsa New Member in Splunk Search 07-26-2019 0 1	0	1
What is the best way to find searches without sourcetype or index defined? I know that indexed fields accelerate search performance. Many searches take advantage of this with host, source, and... by sloshburch Ultra Champion in Splunk Search 07-26-2019 1 14	1	14
Issue with stats count with multiple fields I am using the stats count function to get a count of unique events. as part of the list I am want to show additional... by a238574 Path Finder in Splunk Search 07-26-2019 0 3	0	3
Use saved search (reports) as lookup I have a savedsearch (reports) that i want to use as lookup, it is possible? Should i use it as subsearch? by splunk6161 Path Finder in Splunk Search 07-26-2019 0 4	0	4
How can we show all fields, including rare ones? I'm running - index=<indexname> \| fields or index=<indexname> \| fieldsummary They don't show the fields which ... by danielbb Motivator in Splunk Search 07-26-2019 0 5	0	5
compare a time in a log file to time now Hello splunk communitie, i am trying to make a comparison between the time in a event named Account_Expires against ... by jeroenborger Explorer in Splunk Search 07-26-2019 0 8	0	8
How do I filter Event Log with blacklists in inputs.conf I'm trying to create a blacklist for several Event IDs to exclude any events with multiple user accounts. For example... by alexrivero New Member in Splunk Search 07-26-2019 0 3	0	3
column in search needs to be populated by another search I have a search that tells me if an index hasn't received data from a log on a server. This allows me to monitor the ... by jcgever Explorer in Splunk Search 07-26-2019 0 0	0	0
Help in writing eval I have a string like ABC:BOOT3RDSUNMONTH_MAINT2_sadasdczxc1and I want to put the jobs which have boot in their string... by mayank101 New Member in Splunk Search 07-25-2019 0 1	0	1
Duration between first occurence of one event and occurence of another event I want to get the duration between two different events. In a simplified structure my events have a timestamp and a s... by ikey Engager in Splunk Search 07-25-2019 0 2	0	2
How to drilldown in pie chart based on the selection made Hi , I have a pie chart with different dataservices and its size percentage. I am trying setup drilldown for each of... by sangs8788 Communicator in Splunk Search 07-25-2019 0 8	0	8
Same Column Value Difference C1 C2 A 12 A 120 B 45 B 78 C 98 C 90 D 0 D 86 how to find difference in values of C2 for every same C1 value by reverse Contributor in Splunk Search 07-25-2019 0 8	0	8
Conditional find and replace Hello, I have a question on a conditional find and replace. I have a query that calculates a mean for the different ... by willemjongeneel Communicator in Splunk Search 07-25-2019 0 2	0	2
Want to display count as zero in statistics when there is no events for a IP. index=bc cs_host="collector" NOT 10.xx,xxx.121 c_ip=10.xx.xxx.233 OR c_ip=10.xx.xxx.234 OR c_ip=10.xx.xxx.248 OR c_i... by sathiyasun Explorer in Splunk Search 07-25-2019 1 1	1	1