Splunk Search

Community Activity

How to write "\| stats count" to field? How to I must a write result from stats count to field? Example ideas... \| inputlookup lookup \| stats count(eval(fi... by sbimizry Engager in Splunk Search 07-29-2019 0 6	0	6
How to get total and sub search total per unique field value? I'm trying to chart the exception rate of various apps that we run, and would ideally be generating a table that look... by watersd Engager in Splunk Search 07-29-2019 0 5	0	5
How to avoid changing timezone to get proper results? Hi all, Generating some calls logs from different timezones America , ASIA, UK and so on. So I am running a search w... by splunkuseradmin Path Finder in Splunk Search 07-29-2019 0 3	0	3
How to use tokens in same search query? Hello, I'm trying to pass values of field to other field. Is there a best way to do it? Query: index=alerts stat... by knalla Path Finder in Splunk Search 07-29-2019 0 1	0	1
Getting Search Results using Java REST API Am i right to say that the results derived from the Splunk search is returned as XML by default? I was using the Java... by misteryuku Communicator in Splunk Search 07-29-2019 0 2	0	2
How to run a search and retrieve elements from a Splunk API in java Hi. I am trying to run a search from a Splunk API in java, store the results with fields host, sourcetype, source in ... by kalyani1184 New Member in Splunk Search 07-29-2019 0 18	0	18
How to clear SearchManager results once processed with on('data') I have a modal dialog that pops up and shows a table of results. When I click OK on that, I do some processing on the... by bowesmana SplunkTrust in Splunk Search 07-29-2019 0 0	0	0
Field search needs unnecessary wildcard character * I am doing search on data coming from fluentd k8s. On top of that data , I wanted to filter on basis of field. A... by bibekmantree New Member in Splunk Search 07-29-2019 0 5	0	5
Join a search by field across indexes I have two different indexes, with the common field being username. One index that contains phishing history data. ... by aarichow Explorer in Splunk Search 07-28-2019 3 5	3	5
Fields extraction from TXT file with fixed position varrying event formats in each line I need to monitor a text file. Each line in this file is considered an event. There are three different types of even... by mbasharat Builder in Splunk Search 07-28-2019 0 11	0	11
How to create static baseline on chart without showing data for baseline I created a baseline by adding eval field as shown below: \| eval BaseLine=1000\|fields _time, ResponeTime, BaseLine ... by arusoft Communicator in Splunk Search 07-28-2019 0 2	0	2
Help with eval and wildcards Hi, I'm trying to use eval for hosts, and need to use wildcards. I tried the following, but it's not working. How... by a212830 Champion in Splunk Search 07-28-2019 0 4	0	4
How to combine multiple queries and then use the final result in one final query? DON'T GET INTIMIDATED BY THE LENGTH OF THE QUESTION. I'm getting account numbers from the first three queries. I wan... by amaurya1 Explorer in Splunk Search 07-28-2019 0 6	0	6
group by from fields I have events similar to these: component, technology, mydate silva, java, 06/20/2019 souza, java, 06/20/2019 silva,... by andreyglauzer New Member in Splunk Search 07-28-2019 0 6	0	6
lookup value based on current search results New to Splunk and having a difficult time returning the correct results. The below query works... meaning that it con... by lbrhyne Path Finder in Splunk Search 07-28-2019 0 4	0	4
Case and Match do not retrieve the right results I have the following logs where the output can be from application or database or from third party source. id=11111 ... by amunag439 Explorer in Splunk Search 07-28-2019 0 2	0	2
error in timechart graph Hi all, We are having trouble regarding a query in which we need to display multiple metric_labels of a host in a sin... by ayushmaan Explorer in Splunk Search 07-28-2019 0 2	0	2
Two searches with different source and producing results in form of filename in column A and B respectively. There are 2 searches from 2 different sources that are fetching file name details in column A and B respectively. We... by guptap2 New Member in Splunk Search 07-28-2019 0 6	0	6
Not able to generate timechart from a multivalue field I am getting my input in json format like below, {"message":{"SID":"DEV","TIMESTAMP":1563095600,"PARAMS":[{"PROC_COD... by twh1 Communicator in Splunk Search 07-27-2019 0 12	0	12
Feasibility of regex to keep specific events and discard the rest I want to keep specific events which contains few strings in event but around 30 OR statement I have to write in rege... by ips_mandar Builder in Splunk Search 07-27-2019 0 6	0	6
Help with eval division calculation Hey all, I need an eval expression for the below output: _time minutes bminutes 2019-06-01 1349511.54 105472800 2... by splunkuseradmin Path Finder in Splunk Search 07-27-2019 0 3	0	3
whats preventing me to get the desired output Hi Team, I am not able to get the values for SLA Time and time_diff_epoch. when i am running two queirs indviduall... by pench2k19 Explorer in Splunk Search 07-26-2019 0 3	0	3
CWE-610, CWE-918 vulnerabilities? Hello, my red team just did an engagement against Splunk and among their findings is a SSRF vulnerability and so far,... by dajjohns Engager in Splunk Search 07-26-2019 0 0	0	0
Can we include OR/AND operator in a transaction I have the following log sets, one for success case and one for the failure case Success: id=11111 msg=Begin process... by amunag439 Explorer in Splunk Search 07-26-2019 1 4	1	4
How to use the INPUTLOOKUP command on Splunk Cloud Hi Everyone, So we are using SPlunk Cloud and I have created a dashboard that searches for the top 100 most reoccurri... by paksan32 New Member in Splunk Search 07-26-2019 0 4	0	4