Splunk Search

Community Activity

SAP ETD integration with Splunk with hTTP event collector we receive error 400 when we try to send the logs from SAP ETD over HTTP event collector to splunk. Does any one hav... by rashid47010 Communicator in Splunk Search 07-24-2019 0 0	0	0
Totally Disable Search head Clustering I have 2 nodes in my Search Head cluster and want to disable the Search head Clustering fully. I have a deployer also... by pgadhari Builder in Splunk Search 07-24-2019 0 10	0	10
Why is the JSON index field extraction failing with large events (> 10k bytes)? I'm using indexed field extraction to ingest JSON data over the HTTP Event Collector. It works great. Except, once ... by ecd Explorer in Splunk Search 07-23-2019 0 5	0	5
How to append search result with top 100 results? I will try to explain my issue in the easiest possible way. I have a result of a search that looks like this: name1... by seva98 Path Finder in Splunk Search 07-23-2019 0 3	0	3
Subset Search using in original search Hi Guys, Problem Statement : i would want to search the url events in index=proxy having category as "Malicious Sour... by staparia Explorer in Splunk Search 07-23-2019 0 8	0	8
How to use conditional comparison of two field values from the same event to populate a third field Hi all I am trying to use the eval case function to populate a new field based on the values of 2 existing fields th... by 373782073 Explorer in Splunk Search 07-23-2019 1 2	1	2
Query on stats value = 0 or null Hi Guys, I have a question here. Example i have a query statement that check for event logs captured by all my ser... by christay New Member in Splunk Search 07-23-2019 0 2	0	2
How to Automate Threat Advisory tracking Could you help me out on how to automate Threat Advisory Tracking IOC & IP's in ES by naregayam New Member in Splunk Search 07-23-2019 0 0	0	0
Display transaction_id, Amount and Grand total of amount. [2019-07-19 10:13:49,210] package=com.ABCDpay,class=PostingServices,service=ProcessAccountingInstruction,component=CB... by sandeepmakkena Contributor in Splunk Search 07-23-2019 0 1	0	1
ERROR Regex - Failed in pcre_exec: Error PCRE_ERROR_MATCHLIMIT for regex: \\|.?summarize.?action\= Hello, I am getting this error in search head don't know why. Anybody had same issue please let me know. Thansk. by sathwikr076 Communicator in Splunk Search 07-23-2019 2 17	2	17
How to calculate the average time in a URL? Hi I want to calculate the average time of being in a URL. This SPL shows me the time spent in a URL, but NOT the ave... by rosho Communicator in Splunk Search 07-23-2019 0 5	0	5
How to find the uncommon values of a field between two indexes? I have two indexes "abc" and "def". There is a field in index "abc" ---> "operator_id". Similarly, there is a field ... by amaurya1 Explorer in Splunk Search 07-23-2019 0 2	0	2
Compare result of three different index searches I have 3 Indexers I have data. Two Indexers are the source and Third one is the target. So if I am I am tryinng to Ad... by runiyal Path Finder in Splunk Search 07-23-2019 0 10	0	10
Timechart not populating the result I have a checkbox named host in which user enters the hostname manually, and then as per the name entered it should d... by mayank101 New Member in Splunk Search 07-23-2019 0 2	0	2
Is the result of "strptime" in seconds? Hi I would like to know if the results of "strptime" are in seconds? index=main sourcetype=access_combined host=vs... by rosho Communicator in Splunk Search 07-23-2019 0 2	0	2
Timechart not coming up instead a table is coming up for it Timechart not coming up instead a table is coming up for it.Can anyone tell me what's wrong with the query.I want a ... by mayank101 New Member in Splunk Search 07-23-2019 0 2	0	2
Help creating JOIN search I'm trying to compare Field X from Index A with Field Y from Index B. Though the field names are different, they sto... by NAVEEN_CTS Path Finder in Splunk Search 07-23-2019 0 8	0	8
How to get the time difference after converting unix time using strftime? I'm currently trying to get the duration of some events, but when i use this search nothing is coming back: \| tstats... by payton_tayvion Path Finder in Splunk Search 07-23-2019 0 2	0	2
How to create a regex for extracting few characters of a field? My VLAN value looks like below: \|inputlookup vrf_usage.csv \| search VRF="*" \| search VLAN=Vlan819(RVP_CDN) Could ... by surekhasplunk Communicator in Splunk Search 07-23-2019 0 6	0	6
Difference between today's and yesterday's data. I am trying to find the difference between today and yesterday's data. The data consists of every employee's Id numbe... by 3666142 Path Finder in Splunk Search 07-23-2019 0 2	0	2
How to create a total volume label on each pie on a trellis dashboard panel I'm trying to display allowed vs blocked traffic for several different accounts. I think a trellis chart with a pie r... by adamjones Engager in Splunk Search 07-23-2019 0 2	0	2
How do I reverse/swap characters in a string value returned from a search? Hi, If my search returns a string value of "ABCDEF" 1) How do I modify the search to reverse this value so it outpu... by ajay_mk Explorer in Splunk Search 07-23-2019 1 13	1	13
What is the difference in total and Total? index="YOURINDEX" \|stats count by domain, id.orig_h \| sort -count \|stats list(domain) as Domain, list(count) as count... by emilynicole73 Engager in Splunk Search 07-23-2019 0 3	0	3
How to optimize search to compare calculated value with the previous value from some time ago Hello. I have this search: index="flow" earliest=-15m latest=now \| append [search index="flow" earliest=-15m lates... by borgetko New Member in Splunk Search 07-23-2019 0 3	0	3
Join turns off predicate pushdown optimization Hi, I have problem with optimizer. It doesn't make pushdown optimization when I'm using join. I have event dataset wi... by aasfga New Member in Splunk Search 07-23-2019 0 0	0	0