Splunk Search

Community Activity

Field search needs unnecessary wildcard character * I am doing search on data coming from fluentd k8s. On top of that data , I wanted to filter on basis of field. A... by bibekmantree New Member in Splunk Search 07-29-2019 0 5	0	5
Join a search by field across indexes I have two different indexes, with the common field being username. One index that contains phishing history data. ... by aarichow Explorer in Splunk Search 07-28-2019 3 5	3	5
Fields extraction from TXT file with fixed position varrying event formats in each line I need to monitor a text file. Each line in this file is considered an event. There are three different types of even... by mbasharat Builder in Splunk Search 07-28-2019 0 11	0	11
How to create static baseline on chart without showing data for baseline I created a baseline by adding eval field as shown below: \| eval BaseLine=1000\|fields _time, ResponeTime, BaseLine ... by arusoft Communicator in Splunk Search 07-28-2019 0 2	0	2
Help with eval and wildcards Hi, I'm trying to use eval for hosts, and need to use wildcards. I tried the following, but it's not working. How... by a212830 Champion in Splunk Search 07-28-2019 0 4	0	4
How to combine multiple queries and then use the final result in one final query? DON'T GET INTIMIDATED BY THE LENGTH OF THE QUESTION. I'm getting account numbers from the first three queries. I wan... by amaurya1 Explorer in Splunk Search 07-28-2019 0 6	0	6
group by from fields I have events similar to these: component, technology, mydate silva, java, 06/20/2019 souza, java, 06/20/2019 silva,... by andreyglauzer New Member in Splunk Search 07-28-2019 0 6	0	6
lookup value based on current search results New to Splunk and having a difficult time returning the correct results. The below query works... meaning that it con... by lbrhyne Path Finder in Splunk Search 07-28-2019 0 4	0	4
Case and Match do not retrieve the right results I have the following logs where the output can be from application or database or from third party source. id=11111 ... by amunag439 Explorer in Splunk Search 07-28-2019 0 2	0	2
error in timechart graph Hi all, We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a sin... by ayushmaan Explorer in Splunk Search 07-28-2019 0 2	0	2
Two searches with different source and producing results in form of filename in column A and B respectively. There are 2 searches from 2 different sources that are fetching file name details in column A and B respectively. We... by guptap2 New Member in Splunk Search 07-28-2019 0 6	0	6
Not able to generate timechart from a multivalue field I am getting my input in json format like below, {"message":{"SID":"DEV","TIMESTAMP":1563095600,"PARAMS":[{"PROC_COD... by twh1 Communicator in Splunk Search 07-27-2019 0 12	0	12
Feasibility of regex to keep specific events and discard the rest I want to keep specific events which contains few strings in event but around 30 OR statement I have to write in rege... by ips_mandar Builder in Splunk Search 07-27-2019 0 6	0	6
Help with eval division calculation Hey all, I need an eval expression for the below output: _time minutes bminutes 2019-06-01 1349511.54 105472800 2... by splunkuseradmin Path Finder in Splunk Search 07-27-2019 0 3	0	3
whats preventing me to get the desired output Hi Team, I am not able to get the values for SLA Time and time_diff_epoch. when i am running two queirs indviduall... by pench2k19 Explorer in Splunk Search 07-26-2019 0 3	0	3
CWE-610, CWE-918 vulnerabilities? Hello, my red team just did an engagement against Splunk and among their findings is a SSRF vulnerability and so far,... by dajjohns Engager in Splunk Search 07-26-2019 0 0	0	0
Can we include OR/AND operator in a transaction I have the following log sets, one for success case and one for the failure case Success: id=11111 msg=Begin process... by amunag439 Explorer in Splunk Search 07-26-2019 1 4	1	4
How to use the INPUTLOOKUP command on Splunk Cloud Hi Everyone, So we are using SPlunk Cloud and I have created a dashboard that searches for the top 100 most reoccurri... by paksan32 New Member in Splunk Search 07-26-2019 0 4	0	4
eval if(X,Y,Z) always returns Z whether X matches or not https://docs.splunk.com/Documentation/Splunk/7.3.0/SearchReference/ConditionalFunctions#if.28X.2CY.2CZ.29 I'm trying... by cblanton Communicator in Splunk Search 07-26-2019 0 5	0	5
Use makemv on all fields I have quite a bit of single-value fields in my dataset which really should be multi-value fields. They are all forma... by brinley Path Finder in Splunk Search 07-26-2019 0 2	0	2
Age calculation based on Date Hi, I have a field in my data that is called "date". This "date" is when a vulnerability was seen the first time. I ... by mbasharat Builder in Splunk Search 07-26-2019 0 1	0	1
How to rename column values when making a chart I have a table which has a store_id, a shopper_id. For example (1, 5231). Each store_id corresponds to a the store na... by sakeebhossain Explorer in Splunk Search 07-26-2019 1 3	1	3
How to regex the raw data? hi all, I am trying to extract field from Splunk "extract more fields" feature, its not showing as the logs in events... by splunkuseradmin Path Finder in Splunk Search 07-26-2019 0 2	0	2
Is it possible to parse daily log file to report the time between OffHook and OnHook event Did a little bit of searching, but didn't really find what I needed, but I also don't know if I'm even searching the ... by evilrsa New Member in Splunk Search 07-26-2019 0 1	0	1
What is the best way to find searches without sourcetype or index defined? I know that indexed fields accelerate search performance. Many searches take advantage of this with host, source, and... by sloshburch Ultra Champion in Splunk Search 07-26-2019 1 14	1	14