Splunk Search

Community Activity

Comparing avg of last couple of week days transactions with current week day sourcetype="busevt" OR sourcetype="sysout" TransactionId=TID* AND TransactionId!=TIDearliest=-2w@w1 latest=@h+h \| ev... by sandeepmakkena Contributor in Splunk Search 07-01-2019 0 1	0	1
How to extract a field name as a value? My apologies if there is an obvious answer to this question, but I have been searching Splunk answers and the documen... by ssiat479 Engager in Splunk Search 07-01-2019 0 1	0	1
How to excuse a 'foreach' sequentially Hello here is an example of the code I use: index="Test" \| append [search (type="1") \| stats distinct_count(ID)... by telecomdesign New Member in Splunk Search 07-01-2019 0 4	0	4
How to parse and extract OU data I am trying to parse and extract the field data from AD distinguishedName field using regex, but I'm not having too m... by Vfinney Observer in Splunk Search 07-01-2019 0 7	0	7
How to compare two field values, and dynamically create new field based on search result Hi All, I am new to Splunk, I am looking for dynamic field creation based on a comparison between two fields value. ... by paragvidhi Engager in Splunk Search 07-01-2019 0 3	0	3
Help with subsearch I have this search 1: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA Account_Name=A* \|... by lucasdc New Member in Splunk Search 07-01-2019 0 4	0	4
How to correlate between three data sources? I have three data sources that I need to correlate together, I'll simplify it for sake of example: Index A: _time, f... by ehowardl3 Path Finder in Splunk Search 07-01-2019 0 3	0	3
Extracting domain name out of a url I am trying to field extraction working for just domains accessed on my Ironport WSAs but am having an issue extracti... by imarks004 Path Finder in Splunk Search 07-01-2019 2 11	2	11
Splunk Integration with BMC CMDB We are on boarding BMC footprint logs in Splunk for one of our client. Looking for some inputs from someone who have ... by vvnair Engager in Splunk Search 07-01-2019 0 0	0	0
Why stats command return only one specified platform field and not all of them \| inputlookup Obso_Inventory.csv \| eval Compo=case(Composant="WAF", "LBWAF", Composant="LOAD BALANCER", "LBWAF", Comp... by kacel New Member in Splunk Search 07-01-2019 0 1	0	1
Concurrency by .................... Hi All, I have stream logs for five channels (currently may be more in future) and I need to calculate the concurren... by KarunK Contributor in Splunk Search 07-01-2019 3 6	3	6
Copy and then parse a field Hi, I have a field that already exists, and I want to parse it out into a new field, using props/transforms. The fi... by a212830 Champion in Splunk Search 07-01-2019 0 4	0	4
How to convert a flat multivalue field back to a real multivalue format via regex? Hey there! I am currently having some trouble in converting a flattened multivalue field back into a real multivalue... by Bastelhoff Path Finder in Splunk Search 07-01-2019 0 12	0	12
Are there security risks while performing testing on Splunk? Hi, I'm planning to use Jmeter to perform perfromance test on our Splunk Instance. Just want to confirm if there are... by doubleshifter Engager in Splunk Search 07-01-2019 0 0	0	0
How to use rex extracted field value in another search I have a search like the following: index="trans" source="logfilename" "ErrorCode=81009" requestid = "ABC" \| rex fi... by gcharles Explorer in Splunk Search 07-01-2019 0 4	0	4
Using rex to extract text from tenable sc output I am attempting to extract the share names from the "pluginText" field below. pluginText: <plugin_output> Here are ... by geoffmx Explorer in Splunk Search 07-01-2019 1 6	1	6
Need to write both rex and regex "C:\Users\TestUser\AppData\Local\Microsoft\Teams\Update.exe" --processStart "Teams.exe" --process-start-args "--syste... by vishwanadhan_mu Explorer in Splunk Search 07-01-2019 0 6	0	6
How to create chart from 2 different fields Hi. I have a table with 3 columns. A B C. A=time, B=run, C=wait Explenation of the table: the process runs from A2 (1... by spisiakmi Contributor in Splunk Search 06-30-2019 0 2	0	2
how to configure the security ACL group to capture any members added/removed on to the ACL group We have to configure the monitoring for added/removed users in certain servers in Splunk , by corecomputetool New Member in Splunk Search 06-30-2019 0 0	0	0
How to return a number for an if statement Hello, I want to find the ResultMin that "Pass" or "Fail" depending on the specific PriorityDuration that is classi... by tonahoyos Explorer in Splunk Search 06-30-2019 0 8	0	8
Subsearch produced 65000000 results, trunacting to maxout 50000 I have the following query: \|tstats values(field1) as f1 values(field2) as f2 where index=INDEX1 [\|tstats count where... by yko84109 Loves-to-Learn in Splunk Search 06-30-2019 0 2	0	2
Using values from search into subsearch Hello, In a timerange (lets say 4 hours) I am trying to find password resets and after that, for the same user, all ... by hoytn Explorer in Splunk Search 06-30-2019 1 2	1	2
Geostats with status and multiple fields Hello Looking for some help for Geo stats command. I have following fields showing splunk index time - name,host,... by Splunk_rocks Path Finder in Splunk Search 06-30-2019 1 1	1	1
extracting response status time How can i extract the the http_response_time so that i can get the max(HTTP_STATUS_RESPONSE), MIN(HTTP_STATUS_RESPONS... by mammefen New Member in Splunk Search 06-30-2019 0 4	0	4
How to sort field values alphanumerically? I have a field called Rack which has the values as Rack-1 Rack-2 Rack-3....Rack-10. When I do sort on Rack field, it ... by pgadhari Builder in Splunk Search 06-29-2019 0 6	0	6