Splunk Search

Community Activity

How to make subsearch use same time range, same index, same sourcetype as outer search? So I specify an outer query, it usually starts like this: earliest=06/14/2019:13:00:00 latest=06/14/2019:14:00:00 in... by petenetwork Explorer in Splunk Search 06-13-2019 0 3	0	3
Search query for syslog in dashboard Hey all, Am in a need of dashboard to see my syslog traffic for four arista switches as mentioned below: AA-UKD-AA-... by mkrishnamoorthy Explorer in Splunk Search 06-13-2019 0 3	0	3
Does wildcard sourcetypes in props.conf still work for version 7.0.1? Hi, I know it should be possible to use wildcard sourcetypes in props.conf using a some regex magic, as explained he... by hettervik Builder in Splunk Search 06-13-2019 0 3	0	3
How do I find values that exist in two different indexes for a particular field? I'm essentially looking to compare my index field values against an index that has known-bad field values to determin... by bmoody3 New Member in Splunk Search 06-13-2019 0 8	0	8
regex not working https://regex101.com/r/PNYxi2/2 not working in splunk. Error in 'rex' command: Encountered the following error whil... by reverse Contributor in Splunk Search 06-13-2019 0 8	0	8
Search to detect auditing service on any disabled critical system that stopped or restarted more than once in the past 7 days. Hello Splunkers, I'm new to Splunk. I am trying my best to learn Splunk and to write an efficient search. I have com... by swamysanjanaput Explorer in Splunk Search 06-13-2019 0 2	0	2
How to create alerts based on 2 sourcetypes and condition? Hello, I currently have alerts based on the count of services performed in the last hour. We see that < 40 indicate... by chengka Explorer in Splunk Search 06-13-2019 0 3	0	3
Day to day comparison. Using stats and timechart. sourcetype="SysEvents" OR sourcetype="Sysout" TransactionId=TI* AND TransactionId!=TI earliest=-d@d latest=@d \| timec... by sandeepmakkena Contributor in Splunk Search 06-13-2019 1 5	1	5
inputlookup and search results from data Hello Splunkers, I have inputlooku test.csv and containing fields host region I have indexed data under test ind... by Splunk_rocks Path Finder in Splunk Search 06-13-2019 0 2	0	2
Different results when using bucket _time and timechart Hello I want to count the number of logins by hour and then try to predict them. I have tested 2 codes but I do not k... by rosho Communicator in Splunk Search 06-13-2019 0 1	0	1
How to populate type:list input in setup.xml Hi everyone, I was trying to get radio buttons in an app's setup page. And I thought that maybe list would be ok as... by harshpatel Contributor in Splunk Search 06-13-2019 0 0	0	0
Can I write control code in TIME_FORMAT? I want to get time in this log file. [sample log] 1234 567 789^G20190613^G14:00^Gsample_log ^G mean control code. ... by oda Communicator in Splunk Search 06-13-2019 0 1	0	1
Help for Doing a Count from a Dropdown List hello I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype=XmlWi... by jip31 Motivator in Splunk Search 06-13-2019 0 4	0	4
Group table results by lookup table value We have a few servers clustered together and have created a lookup table that combines them. What I would like to do... by aohls Contributor in Splunk Search 06-13-2019 0 8	0	8
How to search count by only business days? Hello Splunk Ninjas, I have created an 'aging' field that counts the number of days since a certain date & time. I w... by lewisgrantevans Explorer in Splunk Search 06-13-2019 1 14	1	14
How to get the time duration for the search string availability in day ? Hi All, I was in need of a requirement to find the error codes and its occurences windows for a given day to be prin... by rakesh_498115 Motivator in Splunk Search 06-13-2019 0 6	0	6
How to make inputlookup return function check all records (rows) in a CSV? Currently the inputlookup return function requires you to input a hardcoded total of records to check when used in a ... by orion44 Communicator in Splunk Search 06-12-2019 0 2	0	2
Regex for variable extraction 50.99.220.89 - 50.99.248.89 - - [12/Jun/2019:08:27:13 -0400] "POST /ccc67/JJ/U7UY/BCFUVGYUYGI11HTTP/1.1" 500 6629 ab... by reverse Contributor in Splunk Search 06-12-2019 0 16	0	16
How to compare values on the same columns and on the same date I have this table, and i just want to remove the rows that has the same cost on that date if the B1 of that row is ... by iancorrea Path Finder in Splunk Search 06-12-2019 0 3	0	3
\| input lookup return ALL rather than specify number I'm trying to add this to my search but the number of lookup users may change!! (\|inputlookup lotsofusers.csv \| retu... by robf Path Finder in Splunk Search 06-12-2019 2 7	2	7
How to select and join fields from 2 sources? Hai everyone, I'm still a newbie to using Splunk. I want to ask about selecting and joining fields in 2 sources. Ex... by irfan_10578 Engager in Splunk Search 06-12-2019 0 6	0	6
Where does HEC push come in from? A customer is asking: "How can we tell where an HEC push is actually coming in from? or is that just not logged anyw... by ddrillic Ultra Champion in Splunk Search 06-12-2019 0 14	0	14
Searching for merged events in Splunk Hi, I have found that there are some events in Splunk that are merged and it is on a random basis and in a huge data... by nawazns5038 Builder in Splunk Search 06-12-2019 0 5	0	5
Using a lookup for search I have a small CSV file with common attack signatures in them that I have uploaded as a lookup called web_attack_sign... by cthulhucalling Engager in Splunk Search 06-12-2019 0 11	0	11
How is the Size value on the job page calculated and logged in Splunk? I am trying to figure out how the Size value in the Job page is calculated and where that is logged in splunk. I che... by amat Explorer in Splunk Search 06-12-2019 1 0	1	0