Splunk Search

Community Activity

Mapping data from small sourcetype to another larger sourcetype Hello! I'm having this issue of merging data from one sourcetype to another larger sourcetype. Example: index=ecs_in... by tleduc New Member in Splunk Search 06-26-2019 0 2	0	2
Can I get a count of distinct values in multivalue field? What I'm looking for is a hybrid of the stats list() and values() functions. First, I'd like the list of unique valu... by hulahoop Splunk Employee in Splunk Search 06-26-2019 3 7	3	7
How to create a search that can Event count by Vendor/Product by Day for past 30days? Hey All, I am trying to create an efficient search that I can schedule and run once a month to create some metrics. ... by adalbor Builder in Splunk Search 06-26-2019 0 16	0	16
[INGEST_EVAL] Regex replace stops after 1000 chars Hi, I'm trying to convert a hex string to readable ascii text at index time, inspired by this solution: https://answ... by tobias_stegmann Observer in Splunk Search 06-26-2019 0 3	0	3
How to search partial field names and exclude events that contain no value Hi, I want my search to only return events that have field names matching Feature.Flags* My data currently has the be... by ganon640 New Member in Splunk Search 06-26-2019 0 1	0	1
Regex help extracting session ID 10.249.68.17 0000aJyyyQvMs5xIb7KGdRxRTl98AhhUNq0lMLQ8RQ8szjFp4gtHI:1cq4afaa7 12.119.53.11 - - [26/Jun/2019:13:06:37... by reverse Contributor in Splunk Search 06-26-2019 0 12	0	12
Regex: Help extracting user ID, session ID, and browser 2019.06.26 13.18.18.186 ERROR presentation [WebContainer : 5]: ********Browser information - *********Mozilla/5.0... by reverse Contributor in Splunk Search 06-26-2019 0 5	0	5
Calculating Median of Count over Time Hello, I am trying to find outliers on a graph by using the median absolute deviation on a graph. I know that the ma... by cxr5971 Path Finder in Splunk Search 06-26-2019 0 6	0	6
Regex help - disregard everything after a match I have the following regex that is pulling the sender and receiver domains: "SenderAddress":"\w+.@(?<s_domain>.)",... by jwalzerpitt Influencer in Splunk Search 06-26-2019 0 11	0	11
Copy and Paste search string Hi! I am trying to create a report which I will use as a dashboard panel, to show me who has been copying and pasting... by daviess158 New Member in Splunk Search 06-26-2019 0 3	0	3
excluding weekends and overnights from plotted results I'm trying to plot the average figure from a set of results, however I want to exclude weekends and overnight as the ... by stringbean New Member in Splunk Search 06-26-2019 0 4	0	4
What are the limitations/benefits of using eval inside of stats commands? One of our users is asking the following: -- What are the limitations/benefits of using the eval command inside of t... by ddrillic Ultra Champion in Splunk Search 06-26-2019 0 9	0	9
how to append query ? Hi Guys i have 3 queries query 1 : identity/phones/retrieve AND "[HTTP-STATUS-CODE]" \| stats count as Total query ... by venkat0896 Path Finder in Splunk Search 06-26-2019 0 3	0	3
Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID we are getting this error only for during lookup permissionchange in splunk search head cluster : Splunk could not up... by benazir Explorer in Splunk Search 06-26-2019 0 0	0	0
Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score? Hi there, I have been dealing with Splunk for two weeks now. My intention was to make firewall drops from an Unifi Se... by hauwech Engager in Splunk Search 06-26-2019 1 2	1	2
How to compare two fields from two different searches and display results with matches and mis-matches? I am running 2 different searches and have to compare the each value in one field with the values in the other field.... by hasham19833 Loves-to-Learn Lots in Splunk Search 06-25-2019 0 6	0	6
Why are special characters replaced with UTF-8 after exporting table to CSV? Hi all, When uploading a .csv file to Splunk, utf-8 is selected as the encoding type. Special characters look fine wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 1	0	1
How to count the distinct list values My results look like these: V1 V2 A X Y Z Z X Y Y B X X X Y Z Z X Y Y V2 IS A LIST. I want to add V3 c... by reverse Contributor in Splunk Search 06-25-2019 0 7	0	7
Help writing a condition for taking out average Hi all, I need help in taking out “avg(“Participant”)” that is using calldevice1. I need to write a condition here... by splunkuseradmin Path Finder in Splunk Search 06-25-2019 0 1	0	1
How do I write the regex to extract a DNS domain field from my sample data? Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in m... by OMohi Path Finder in Splunk Search 06-25-2019 0 9	0	9
What's ops.json in etc/system/replication? Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file splu... by tfechner Path Finder in Splunk Search 06-25-2019 0 7	0	7
Cannot perform action "POST" without a target name Python Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: from y... by haraksin Communicator in Splunk Search 06-25-2019 0 4	0	4
Monitoring Critical Device Logging We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of ... by antb Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to remove this signal "-" and "OTHER" in results of a timechart? Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA ... by lucasdc New Member in Splunk Search 06-25-2019 0 4	0	4
tstats command help required for CIDR Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. \| tst... by sumitkathpal Explorer in Splunk Search 06-25-2019 0 3	0	3