Splunk Search

Community Activity

Using rex to extract text from tenable sc output I am attempting to extract the share names from the "pluginText" field below. pluginText: <plugin_output> Here are ... by geoffmx Explorer in Splunk Search 07-01-2019 1 6	1	6
Need to write both rex and regex "C:\Users\TestUser\AppData\Local\Microsoft\Teams\Update.exe" --processStart "Teams.exe" --process-start-args "--syste... by vishwanadhan_mu Explorer in Splunk Search 07-01-2019 0 6	0	6
How to create chart from 2 different fields Hi. I have a table with 3 columns. A B C. A=time, B=run, C=wait Explenation of the table: the process runs from A2 (1... by spisiakmi Contributor in Splunk Search 06-30-2019 0 2	0	2
how to configure the security ACL group to capture any members added/removed on to the ACL group We have to configure the monitoring for added/removed users in certain servers in Splunk , by corecomputetool New Member in Splunk Search 06-30-2019 0 0	0	0
How to return a number for an if statement Hello, I want to find the ResultMin that "Pass" or "Fail" depending on the specific PriorityDuration that is classi... by tonahoyos Explorer in Splunk Search 06-30-2019 0 8	0	8
Subsearch produced 65000000 results, trunacting to maxout 50000 I have the following query: \|tstats values(field1) as f1 values(field2) as f2 where index=INDEX1 [\|tstats count where... by yko84109 Loves-to-Learn in Splunk Search 06-30-2019 0 2	0	2
Using values from search into subsearch Hello, In a timerange (lets say 4 hours) I am trying to find password resets and after that, for the same user, all ... by hoytn Explorer in Splunk Search 06-30-2019 1 2	1	2
Geostats with status and multiple fields Hello Looking for some help for Geo stats command. I have following fields showing splunk index time - name,host,... by Splunk_rocks Path Finder in Splunk Search 06-30-2019 1 1	1	1
extracting response status time How can i extract the the http_response_time so that i can get the max(HTTP_STATUS_RESPONSE), MIN(HTTP_STATUS_RESPONS... by mammefen New Member in Splunk Search 06-30-2019 0 4	0	4
How to sort field values alphanumerically? I have a field called Rack which has the values as Rack-1 Rack-2 Rack-3....Rack-10. When I do sort on Rack field, it ... by pgadhari Builder in Splunk Search 06-29-2019 0 6	0	6
Why isn't this query working for me (using stats, eval, count) The following query is not working for me: message.meta.service=foo \| stats count(eval(message.meta.route="/foo... by rbednark Engager in Splunk Search 06-29-2019 1 4	1	4
How to extract sourcetype and index with a regex from the monitor path directory structure? My end goal is to extract the sourcetype and index with a regex from the monitor path at runtime based on a lookup fr... by psyched4splunk Explorer in Splunk Search 06-29-2019 0 9	0	9
Searching for Multiple Commands In Succession Hello all, I am looking at endpoint data and I want to see if I can make a search query to look at certain commands ... by cxr5971 Path Finder in Splunk Search 06-29-2019 0 11	0	11
How to merge consecutive event values from a single field? This is the requirement. We are collecting a log file that has the following events (along with others)in the same fi... by sureshmurgan Path Finder in Splunk Search 06-28-2019 0 8	0	8
Calculating distances between points with GEOIP using latitude and longitude, can I use Trigonometric functions directly in a search in Splunk 6.1.5 I need tocalculate distances between points with GEOIP using latitude and longitude directly in a search with trigon... by gonzalovasquez Engager in Splunk Search 06-28-2019 0 4	0	4
Is it possible to use lookup to fill the "email subject" and "email address"? I've to send an email with only three fields (Time,path,server) in the email body and I want to use lookup to fill th... by mnj1809 Path Finder in Splunk Search 06-28-2019 0 2	0	2
How to replace index value based on new Input file during contiunious monitoring I have enable continuous monitoring based on the file available in the folder able to generate dashboard based on the... by prsubramanian New Member in Splunk Search 06-28-2019 0 0	0	0
Why is strptime and strftime command not working as expected? I have two "Survey Type" - 'a' and 'b' and I need to display their count based on the"Survey Complete" data. Note - T... by monyathomas New Member in Splunk Search 06-28-2019 0 1	0	1
Not able to search with some fields Hello All I am not sure, why i am not able to use search like host=* but if i search like index=* host=* then ... by vishaltaneja070 Motivator in Splunk Search 06-28-2019 0 12	0	12
How to control time span in tstats search? hi, I was looking to find more time precise dataset in the last 1 hour \|tstats summariesonly=true count from datamod... by koshyk Super Champion in Splunk Search 06-28-2019 0 2	0	2
Is it possible to set field values based on other field names? I have the following table: cp1_date cp1_status cp2_date cp2_status cp3_date cp3_status 20190601 ok ... by tgpers Engager in Splunk Search 06-28-2019 0 2	0	2
subsearch issue Hi all, I am in need of help. I need to generate an alert that runs after ever 30 minutes. and calculate the fo... by ajitshukla61116 Path Finder in Splunk Search 06-28-2019 0 0	0	0
Splunk 7.2.3: Alternative or solution to table command bug Hello All, Has anyone else run into this bug with the table command on Splunk 7.2.3? The table command works just... by _joe Contributor in Splunk Search 06-27-2019 0 9	0	9
Auto run search depending two inputs. What I am look here is when a user selects Day-to-day or Week-to-week the dropdown options should change accordingly ... by sandeepmakkena Contributor in Splunk Search 06-27-2019 0 1	0	1
Alias bug that merge "NEW" word into new field Hello, I have been watching a problem when I was using alias function through the SPLUNK Web. That problem was merged... by sonsee78 New Member in Splunk Search 06-27-2019 0 2	0	2