Splunk Search

Community Activity

How to search for an event from last week based on time value field? Hi - I am searching for events based on time field Last_Login_Time (sample value: 2019-06-13T20:26:12.000Z) which hap... by vnguyen46 Contributor in Splunk Search 06-18-2019 0 3	0	3
Can we retrieve data using DBConnect for rows which got modified? Is it possible to retrieve data using DBConnect for rows which got modified? And not included via the rising column? by ddrillic Ultra Champion in Splunk Search 06-18-2019 0 1	0	1
How to parse specific value from a field value? Disclaimer : I'm new to Regex and using the Rex function I have a field "Message" that has the following string form... by wicke_s Explorer in Splunk Search 06-18-2019 0 12	0	12
compare fields for like match I am looking for methods to compare two fields for a like match. Specifically, I'd like to match when field1 can be ... by rg33 Explorer in Splunk Search 06-18-2019 1 7	1	7
How to calculate sum (distinct_count by column1) and display as a number in visualization? I have a stats calculated using : stats distinct_count(c1) by c2 Now I want to calculate the sum of these distinct_... by waghuldese1 New Member in Splunk Search 06-18-2019 0 1	0	1
Daily averages in usage over 7 days or similar... index=_internal source="license_usage.log" type=Usage idx IN (index1,index2,index3, index4,etcindex) \| eval yearmo... by antb Path Finder in Splunk Search 06-18-2019 0 2	0	2
timestamp lookahead Hello i have this event for example: $changeSystemTimeCmd 1533808153 -newTime 1533808153 -oldTime 1533808147 i ne... by sarit_s Communicator in Splunk Search 06-18-2019 0 5	0	5
How to extract values between two same characters using regex? How to extract the field values between two same characters. Event Axxtalled=xrxnx xx Client\;12.0.5294\;15.179... by rashid47010 Communicator in Splunk Search 06-18-2019 0 2	0	2
Help with concatenation needed Hello, I need to concatenate two variables including strings (e-mail lists) into one. the code I use for that is the... by damucka Builder in Splunk Search 06-18-2019 0 1	0	1
Calculating percentages over multiple counts I'm trying to get percentages based on the number of logs per table. I want the results to look like this: **Table ... by hduncan7 Engager in Splunk Search 06-18-2019 0 3	0	3
What is the keyboard shortcut for the Splunk 6.5.0 search bar formatting on a German keyboard? Hi forum, I'm currently searching for a way to use the new Splunk 6.5.0 feature "query formatting" on a German keybo... by schose Builder in Splunk Search 06-18-2019 4 19	4	19
How to convert rangemap results into icons? Hi, I am simply trying to convert my table results or numbers to icons. Here is my search command which gives me the... by jsmorgan1it New Member in Splunk Search 06-18-2019 0 1	0	1
The stats command collect data together if the value is the same Hello im running this query: ((index=ssys_internal_fdm OR index=other_fdm) AND sourcetype!=machine) source=* \| s... by sarit_s Communicator in Splunk Search 06-18-2019 0 2	0	2
What would be the best approach to write a regex for dynamic sourcetypes? We recently instrumented our OpenShift environment to index data into Splunk. I'm looking for the best approach for ... by fisuser1 Contributor in Splunk Search 06-17-2019 0 3	0	3
Root Can't Create /var/log files This is the first time this has come up: When running the following command as root: (10:07:49) root@servername:/op... by heats Explorer in Splunk Search 06-17-2019 0 4	0	4
Looking for better alternative to checking a windows service status and trigger on state change Using the windows Infrastructure TA I have the following snippet in my inputs.conf: [WinHostMon://service] type = se... by Esky73 Builder in Splunk Search 06-17-2019 1 16	1	16
How can I calculate data in sub groups? Hello all, I have a question regarding a calculation for the stock. My table has three coloums: ISIN, price and ti... by juliaester03 New Member in Splunk Search 06-17-2019 0 5	0	5
How to update/edit multiple fields in lookup without making duplicates rows? Hi ! I have this search: \| makeresults \| eval customField="$Soc3$" , soc3dField="$multi$" \| table customField soc3dF... by hketer Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract response time I am trying to create a graph with the top 10 longest response times by host. An example is: 200 0 0 78 Where the... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 2	0	2
Sorting TP Column by State BY Top 5 Count Base search AND "Return”="Finished” OR “body.message.Exit”=“Finished” “body.client.channel” IN (“CA”,“KY “,”NY “,”VA)... by tej8 New Member in Splunk Search 06-17-2019 0 3	0	3
Transaction duration not working as expected \| transaction CheckNumber startswith="Tender" endswith="PrintIntercept\:\:PrintXML finished" \| top CheckNumber Time... by dowdag Engager in Splunk Search 06-17-2019 0 2	0	2
Why is the regex creating empty events from incoming data? I have a log text file that captures logs in this format: ---------------------------------------- Timestamp: 5/9/20... by derekho55 Explorer in Splunk Search 06-17-2019 0 2	0	2
How to create a lookup search for matching 2 fields? I have 2 devices: fw and waf. I want to make a lookup, my lookup file is mal_ip that has 4 fields : mal_ip category ... by badoomi New Member in Splunk Search 06-17-2019 0 7	0	7
Ironport: How to get all 'from' emails for specific user Hello, I am trying to run a search to get the "Email_From_Address" of a specific user within ironport. Can someone ... by cosmo360 New Member in Splunk Search 06-17-2019 0 2	0	2
Why are we only able to extract the first value of a comma separated list for a given field? Hi, (In Splunk) I am only able to extract the first value of a comma-separated list for a given field in which the f... by varunawasthi9 New Member in Splunk Search 06-17-2019 0 5	0	5