Splunk Search

Community Activity

Rex for cef event and create field alias accordingly sample CEF: May 20 20:44:51 10.XX.XX.XX May 20 2019 20:44:51 avcm02.com CEF:0\|AV\|Control Manager\|7.0\|BM:1000\|Behavi... by ritikaviavi Observer in Splunk Search 07-13-2019 0 2	0	2
converting an triming field values I need to to convert this field in to a number and remove the $ capacity_gb = $8,191.75, I've tried eval to num and c... by codedtech Path Finder in Splunk Search 07-13-2019 0 4	0	4
How to use tstats to show unique list of hosts for a specified index? Hi, I'm using this search: \| tstats count by host where index="wineventlog" to attempt to show a unique list of hosts... by russell120 Communicator in Splunk Search 07-12-2019 0 3	0	3
Stuck on Merge splunk.com accounts page I must have two accounts associated with my e-mail address. I am stuck on the page stating that I should merge them. ... by jchrysler Engager in Splunk Search 07-12-2019 1 0	1	0
Top 10 per group Is there a way to get the top 10 count for a number of groupings eg: Col1 Col2 Count G1 SG1 10 G1 ... by alucarddjin Path Finder in Splunk Search 07-12-2019 0 1	0	1
Combining details from two log entries into one table under common ID Hello Comminity, Here goes the more detailed descrition 2019-07-12 11:19:55.519 [VDI111][Process1][Info] msg=report... by pitaszek New Member in Splunk Search 07-12-2019 0 1	0	1
LDAP server warning: Insufficient access Hello , I have a connexion problem between Splunk and the LDAP. Please find below the log that i have continuously ... by mkamal18 New Member in Splunk Search 07-12-2019 0 0	0	0
Is there any option in Splunk to run a search in a loop? Hi All, Good morning, Is there any option in Splunk to run a search in a loop? Basically what I want to say is I hav... by sunnyb147 Path Finder in Splunk Search 07-12-2019 0 6	0	6
help on where command which returns wrong results hello I have an issue with the the tonumber command When I execute the query below and even if I specify that I wan... by jip31 Motivator in Splunk Search 07-12-2019 0 11	0	11
I have a seach command but i need to remove the percent column I have a command that gives me the correct info what i want which is (eventtype="wineventlog_system") source="inEven... by pboon New Member in Splunk Search 07-12-2019 0 4	0	4
Lookup more than one column in Lookup Table I want to return descriptions I have in a lookup table. The description corresponds to a code in my Events list. Howe... by sarahaydenvi New Member in Splunk Search 07-12-2019 0 1	0	1
How do you use rex's max_match option? At search time, I want to extract multivalued fields. The docs for rex say to use the max_match option. Example: ... by cfergus Path Finder in Splunk Search 07-12-2019 2 4	2	4
Field Extraction matching not working but works only with wildcard Strange problem but couldn't find the root cause. Just checking if anyone of you have come across similar? Sample da... by koshyk Super Champion in Splunk Search 07-12-2019 0 5	0	5
modify date of search how to modify time after a search, for example i search something on thirst day of week (08 date) and after i would l... by cipi23 New Member in Splunk Search 07-12-2019 0 6	0	6
AS400/ Iseries DB connectivity issue When I am connectivity Splunk DB connect with DB2 (AS400) platform, getting below error. The JDBC driver files db2jc... by deepak1825 New Member in Splunk Search 07-11-2019 0 0	0	0
query to check is a list is [] or has values in it I'm having trouble querying the field attached in the image. I either want to know is its empty or has values in it. ... by wajeeh911 Engager in Splunk Search 07-11-2019 0 5	0	5
Create a New field on an event by evaluating two different event values Hello Splunkers, Facing one issue in identifying Creator_Process_Name, In windows process creation event we have N... by CryoHydra Path Finder in Splunk Search 07-11-2019 0 4	0	4
Return the closest match for a wildcard lookup I have a lookup 3 wildcard fields. What I want to be able to do is to only return the closes match, so if there are m... by bowesmana SplunkTrust in Splunk Search 07-11-2019 0 0	0	0
Minimum disk usage(5000MB) on Search head error Hi Guys, I have my searches disabled on Search heads as the default minimum free disk space is 5000MB. Problem is m... by ramprakash Explorer in Splunk Search 07-11-2019 0 9	0	9
Sort columns in descending order after using xyseries By default xyseries sorts the column titles in alphabetical/ascending order. How do I make it do the opposite? I've ... by vishanik91 New Member in Splunk Search 07-11-2019 0 1	0	1
How to compare and show the difference between two mv fields? I have two mvfields and am looking for a way to show the difference (the missing fields) when comparing mvfield req ... by taynord Engager in Splunk Search 07-11-2019 0 4	0	4
Create search query where events match lookup table 'fieldA' column (all have values) but exclude events that do not have a value in 'fieldB' column. Example Lookup Table entries: fieldA fieldB value value value 'blank' value value Show events... by tinanicole21 New Member in Splunk Search 07-11-2019 0 8	0	8
how to use makecontinuous in combination with stats to fill in time Hello, I have this search query: sourcetype="device" \| bucket span=1d _time \| makecontinuous _time \| stats count... by jorjiana88 Path Finder in Splunk Search 07-11-2019 0 12	0	12
How to write an expression that extracts only the first three letters of a string? I have a different string named: 1. GBP:BOOT1STSUNMONTH_MAINT2 2. AMP:BOOT1STSATMONTH_MAINT4 3. AMP:USFIMBSWEEKEN... by mayank101 New Member in Splunk Search 07-11-2019 0 4	0	4
Sharing field extractions with two Apps and another role I'm having some issues when trying to share KO (field extractions) with other roles and users. I have field extracti... by mortf Explorer in Splunk Search 07-11-2019 0 2	0	2