Splunk Search

Community Activity

Regex help - disregard everything after a match I have the following regex that is pulling the sender and receiver domains: "SenderAddress":"\w+.@(?<s_domain>.)",... by jwalzerpitt Influencer in Splunk Search 06-26-2019 0 11	0	11
Copy and Paste search string Hi! I am trying to create a report which I will use as a dashboard panel, to show me who has been copying and pasting... by daviess158 New Member in Splunk Search 06-26-2019 0 3	0	3
excluding weekends and overnights from plotted results I'm trying to plot the average figure from a set of results, however I want to exclude weekends and overnight as the ... by stringbean New Member in Splunk Search 06-26-2019 0 4	0	4
What are the limitations/benefits of using eval inside of stats commands? One of our users is asking the following: -- What are the limitations/benefits of using the eval command inside of t... by ddrillic Ultra Champion in Splunk Search 06-26-2019 0 9	0	9
how to append query ? Hi Guys i have 3 queries query 1 : identity/phones/retrieve AND "[HTTP-STATUS-CODE]" \| stats count as Total query ... by venkat0896 Path Finder in Splunk Search 06-26-2019 0 3	0	3
Lookup table permission cannot be changed to global because of this error : : Cannot move asset lacking a pre-existing asset ID we are getting this error only for during lookup permissionchange in splunk search head cluster : Splunk could not up... by benazir Explorer in Splunk Search 06-26-2019 0 0	0	0
Firewall Log: How to send API calls to abuseIPDB and deal with results in splunk to get threat score? Hi there, I have been dealing with Splunk for two weeks now. My intention was to make firewall drops from an Unifi Se... by hauwech Engager in Splunk Search 06-26-2019 1 2	1	2
How to compare two fields from two different searches and display results with matches and mis-matches? I am running 2 different searches and have to compare the each value in one field with the values in the other field.... by hasham19833 Loves-to-Learn Lots in Splunk Search 06-25-2019 0 6	0	6
Why are special characters replaced with UTF-8 after exporting table to CSV? Hi all, When uploading a .csv file to Splunk, utf-8 is selected as the encoding type. Special characters look fine wh... by dojiepreji Path Finder in Splunk Search 06-25-2019 0 1	0	1
How to count the distinct list values My results look like these: V1 V2 A X Y Z Z X Y Y B X X X Y Z Z X Y Y V2 IS A LIST. I want to add V3 c... by reverse Contributor in Splunk Search 06-25-2019 0 7	0	7
Help writing a condition for taking out average Hi all, I need help in taking out “avg(“Participant”)” that is using calldevice1. I need to write a condition here... by splunkuseradmin Path Finder in Splunk Search 06-25-2019 0 1	0	1
How do I write the regex to extract a DNS domain field from my sample data? Hi : I need help extracting the domain IP address for the DNS logs. The automatic field extractor does not work in m... by OMohi Path Finder in Splunk Search 06-25-2019 0 9	0	9
What's ops.json in etc/system/replication? Hi, we removed some roles and checked on file level where these roles still have a reference. We found the file splu... by tfechner Path Finder in Splunk Search 06-25-2019 0 7	0	7
Cannot perform action "POST" without a target name Python Hello all, I am running python 3.4.9 on CentOS 7. The issue I am having is with the following python script: from y... by haraksin Communicator in Splunk Search 06-25-2019 0 4	0	4
Monitoring Critical Device Logging We are looking to take an enterprise level approach on the monitoring of critical device logging. We have a list of ... by antb Path Finder in Splunk Search 06-25-2019 0 3	0	3
How to remove this signal "-" and "OTHER" in results of a timechart? Hi Splunkers, I have this search bellow: index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA ... by lucasdc New Member in Splunk Search 06-25-2019 0 4	0	4
tstats command help required for CIDR Hello Everyone, I am writing a query using tstats command need to use the CIDR values . Below is the example. \| tst... by sumitkathpal Explorer in Splunk Search 06-25-2019 0 3	0	3
Geom command receiving error: Error in 'SearchOperator:Geom': could not resolve I can't seem to get Splunk to run the search necessary to create a choropleth map. Here is my search: index="main" h... by jrfreeze Explorer in Splunk Search 06-25-2019 0 1	0	1
Search not producing event types Hello. I am trying to get interactive logon logs for all workstations in an organization. The event code for this log... by insomniacnerd94 Explorer in Splunk Search 06-25-2019 0 2	0	2
How to include "-" in between a field value? I have a field lastrundate which has values 20190623 , 20190624 , 20190626. I want to include an "-" in between the... by vrmandadi Builder in Splunk Search 06-25-2019 0 2	0	2
eventstats into multi-value list limit of max values Is there a limit of max values in a multi-value field listSummary for \| eventstats list(variable) as listSummary b... by wfskmoney Path Finder in Splunk Search 06-25-2019 0 6	0	6
How to recreate a bar chart using values over a time period showing duration, start times, and stop times using the chart command? I am attempting to recreate a bar chart based on a start and stop time by workloads. Can anyone help me with the \| ... by thefakemike New Member in Splunk Search 06-25-2019 0 0	0	0
Test props and transforms from Splunk UI In Splunk when we add data via uploading file it gives UI to add and verify props.conf properties there, like timesta... by VatsalJagani SplunkTrust in Splunk Search 06-25-2019 0 5	0	5
How to use multiple saved searches for a single table Hi, We are using a table in our dashboard and its output is based on multiple saved search. How can I run multiple s... by AKG1_old1 Builder in Splunk Search 06-25-2019 0 2	0	2
Sample command limitations I noticed sample command in Splunk is limited in how many parameters can be used at the same time: https://docs.splun... by cosminstefanmar Explorer in Splunk Search 06-25-2019 2 9	2	9