Splunk Search

Community Activity

Compare results from yesterday to today Hello Splunkers. Yesterday I don't have events but today I have it. For example: Event aaa today exists 100 times ... by rjfv8205 Path Finder in Splunk Search 07-10-2019 0 0	0	0
Can I use the "IN" command like this? index=myIndex FieldA="A" AND LogonType IN (4,5,8,9,10,11,12) The documentation says it is used with "eval" or "wher... by twjack Explorer in Splunk Search 07-10-2019 0 2	0	2
Search Query Help: Number of Events per Event Code and Total size of those events Hey All, I am trying to calculate the number of events per EventCode along with the total size in kb/mb of all event... by adalbor Builder in Splunk Search 07-10-2019 1 6	1	6
How to subtract specific events, key pairs? Not sure where I should be going but, I am all for raw data going into fields, enhanced etc... I am looking at our ra... by cxfuent29 New Member in Splunk Search 07-10-2019 0 5	0	5
How to dynamically add results / correlate in a search with a sub-search I want to dynamically add fields to my result set depending on a search I did. How do I can add fields/new columns b... by bahndg Explorer in Splunk Search 07-10-2019 0 2	0	2
What kind of request you need to create to select all the logs in which all fields are filled? What kind of request you need to create to select all the logs in which all fields are filled? by kaizersx New Member in Splunk Search 07-10-2019 0 2	0	2
How to filter results using fields from lookup file I have a challenge in front of me that I can't figure out. I spent a few hours searching 'answers' and made some hea... by chrisray_view New Member in Splunk Search 07-09-2019 0 3	0	3
Diff help please I have a search that returns one result, one of the fields is called whatchanged, and this field really has two value... by mcbradford Contributor in Splunk Search 07-09-2019 0 1	0	1
How can I make a table for multiple Windows Events ? How can I make a table for multiple Windows Events ? This search gives me good results for one Event Code, but I hav... by itrimble1 Path Finder in Splunk Search 07-09-2019 0 2	0	2
Need help with a regex I am terrible with regexes. What regex would I need to extract "pdf" from the following? This was not pulling all ev... by bwindham Path Finder in Splunk Search 07-09-2019 0 2	0	2
Is there a way to get addcoltotals to show up at the top of a report, rather than at the end? I have a report that reports the count of events per another field. I can get a total of all of these events but it ... by jbezanson Engager in Splunk Search 07-09-2019 1 5	1	5
Report from multiple indexes I need to create a report based on three different search criteria from three different sources. But since its a reco... by runiyal Path Finder in Splunk Search 07-09-2019 0 2	0	2
Merging multiple indexers and providing report I need to create a report based on three different search criteria from three different sources. But since its a reco... by runiyal Path Finder in Splunk Search 07-09-2019 0 1	0	1
Why does inputlookup NOT fail to exclude rows? I'm trying to exclude known issues from a search by using a lookup of exclusions. Our Splunk admins lock down alert c... by cmille19 Engager in Splunk Search 07-09-2019 0 3	0	3
How to use Eval greater than, less than for a duration and Count the values I'm calculating the time difference between two events by using Transaction and Duration. Below is the query that I u... by amunag439 Explorer in Splunk Search 07-09-2019 0 5	0	5
Extract url up to question mark Hello, I am trying to extract the entire URL up to the point where it includes a question mark. Generally the data w... by johnansett Communicator in Splunk Search 07-09-2019 0 2	0	2
SEDCMD help understand Trying to understand how this SEDCMD works so I can modify it for something else. It works in props.conf but I can't ... by jeburkes76 Explorer in Splunk Search 07-09-2019 0 6	0	6
Splunk Visualization Issues I downloaded the Splunk visualization app to create a custom visualization but when I click on starting on the base t... by keldridg2 New Member in Splunk Search 07-09-2019 0 0	0	0
How to list duplicate alerts I am trying to optimize my splunk deployment by removing duplicate alerts. I have this search which shows me all of ... by zawan Engager in Splunk Search 07-09-2019 0 1	0	1
Splunk Visualization Issues I downloaded the Splunk visualization app to create a custom visualization but when I click on starting on the base t... by keldridg2 New Member in Splunk Search 07-09-2019 0 0	0	0
I am trying to write a query that displays how long an application has been running? So far I have the following string. host="server" EventCode=4688 OR EventCode=469 \| transaction New_Process_Name startswith=(EventCode=4688) endswith=(Ev... by smazzatenta New Member in Splunk Search 07-09-2019 0 13	0	13
Correlating Windows event 4688 logs on New_Process_ID and Creator_Process_ID How can I correlate Windows event 4688 logs to show a chain of processes that were that were started? Basically a pro... by frbuser Path Finder in Splunk Search 07-09-2019 0 2	0	2
Best Options for Moving Data from S3 to Kinesis Hi - new user here. We have log files streaming to S3 for some of our data, but in other cases we have an ETL job doi... by aschneider29 New Member in Splunk Search 07-09-2019 0 0	0	0
stats: count number of occurences for each value in a values() aggregate Another question on counting the number of events per values() value in stats command. Using sistats this is seems t... by mmol Explorer in Splunk Search 07-09-2019 0 0	0	0
Inputlookup subsearch and join I have a question about two searches. The first one is much more faster than the second one, but I think that they do... by darioapis Explorer in Splunk Search 07-09-2019 0 6	0	6