Splunk Search

Community Activity

LDAP server warning: Insufficient access Hello , I have a connexion problem between Splunk and the LDAP. Please find below the log that i have continuously ... by mkamal18 New Member in Splunk Search 07-12-2019 0 0	0	0
Is there any option in Splunk to run a search in a loop? Hi All, Good morning, Is there any option in Splunk to run a search in a loop? Basically what I want to say is I hav... by sunnyb147 Path Finder in Splunk Search 07-12-2019 0 6	0	6
help on where command which returns wrong results hello I have an issue with the the tonumber command When I execute the query below and even if I specify that I wan... by jip31 Motivator in Splunk Search 07-12-2019 0 11	0	11
I have a seach command but i need to remove the percent column I have a command that gives me the correct info what i want which is (eventtype="wineventlog_system") source="inEven... by pboon New Member in Splunk Search 07-12-2019 0 4	0	4
Lookup more than one column in Lookup Table I want to return descriptions I have in a lookup table. The description corresponds to a code in my Events list. Howe... by sarahaydenvi New Member in Splunk Search 07-12-2019 0 1	0	1
How do you use rex's max_match option? At search time, I want to extract multivalued fields. The docs for rex say to use the max_match option. Example: ... by cfergus Path Finder in Splunk Search 07-12-2019 2 4	2	4
Field Extraction matching not working but works only with wildcard Strange problem but couldn't find the root cause. Just checking if anyone of you have come across similar? Sample da... by koshyk Super Champion in Splunk Search 07-12-2019 0 5	0	5
modify date of search how to modify time after a search, for example i search something on thirst day of week (08 date) and after i would l... by cipi23 New Member in Splunk Search 07-12-2019 0 6	0	6
AS400/ Iseries DB connectivity issue When I am connectivity Splunk DB connect with DB2 (AS400) platform, getting below error. The JDBC driver files db2jc... by deepak1825 New Member in Splunk Search 07-11-2019 0 0	0	0
query to check is a list is [] or has values in it I'm having trouble querying the field attached in the image. I either want to know is its empty or has values in it. ... by wajeeh911 Engager in Splunk Search 07-11-2019 0 5	0	5
Create a New field on an event by evaluating two different event values Hello Splunkers, Facing one issue in identifying Creator_Process_Name, In windows process creation event we have N... by CryoHydra Path Finder in Splunk Search 07-11-2019 0 4	0	4
Return the closest match for a wildcard lookup I have a lookup 3 wildcard fields. What I want to be able to do is to only return the closes match, so if there are m... by bowesmana SplunkTrust in Splunk Search 07-11-2019 0 0	0	0
Minimum disk usage(5000MB) on Search head error Hi Guys, I have my searches disabled on Search heads as the default minimum free disk space is 5000MB. Problem is m... by ramprakash Explorer in Splunk Search 07-11-2019 0 9	0	9
Sort columns in descending order after using xyseries By default xyseries sorts the column titles in alphabetical/ascending order. How do I make it do the opposite? I've ... by vishanik91 New Member in Splunk Search 07-11-2019 0 1	0	1
How to compare and show the difference between two mv fields? I have two mvfields and am looking for a way to show the difference (the missing fields) when comparing mvfield req ... by taynord Engager in Splunk Search 07-11-2019 0 4	0	4
Create search query where events match lookup table 'fieldA' column (all have values) but exclude events that do not have a value in 'fieldB' column. Example Lookup Table entries: fieldA fieldB value value value 'blank' value value Show events... by tinanicole21 New Member in Splunk Search 07-11-2019 0 8	0	8
how to use makecontinuous in combination with stats to fill in time Hello, I have this search query: sourcetype="device" \| bucket span=1d _time \| makecontinuous _time \| stats count... by jorjiana88 Path Finder in Splunk Search 07-11-2019 0 12	0	12
How to write an expression that extracts only the first three letters of a string? I have a different string named: 1. GBP:BOOT1STSUNMONTH_MAINT2 2. AMP:BOOT1STSATMONTH_MAINT4 3. AMP:USFIMBSWEEKEN... by mayank101 New Member in Splunk Search 07-11-2019 0 4	0	4
Sharing field extractions with two Apps and another role I'm having some issues when trying to share KO (field extractions) with other roles and users. I have field extracti... by mortf Explorer in Splunk Search 07-11-2019 0 2	0	2
The LDAP connector in splunk is generating a ton of successful logins. The ldap connector that is used to map AD groups is generating a ton of events, is there a way to stop that? Ive tr... by rmontoya746 New Member in Splunk Search 07-11-2019 0 0	0	0
REX Extract and/or separate a single field into 1 or 2 fields based on different patterns Need to extract or split a filed value into different fields based on a condition/irregular pattern(or however it can... by sh254087 Communicator in Splunk Search 07-11-2019 0 3	0	3
Sub-search not yielding results in SQL The search below does not yield results like NOT IN SQL. Any suggestion please. earliest=06/19/2019:23:00:00 latest=... by seemakurthy New Member in Splunk Search 07-11-2019 0 3	0	3
how to change background color on panel log results We have a search on a dashboard that spits out results of some log files that we are monitoring. For charts, we can ... by jmabry New Member in Splunk Search 07-11-2019 0 0	0	0
Too many search jobs found in the dispatch directory error I see the error "Too many search jobs found in the dispatch directory error" many time. I know to clean the directory... by jayannah Builder in Splunk Search 07-11-2019 3 5	3	5
How to use search from summary index as a condition in another search? Hi, I have index="ekra_protokol" which has these events: datum_zeit;meldung 2019-06-19 05:56:26.754: Test Drucken .... by spisiakmi Contributor in Splunk Search 07-11-2019 0 5	0	5