Splunk Search

Community Activity

How to use rex to match only where the field exactly has 8 characters? Hello, I need a search to match when a field that has free form text contains exactly 8 characters that are letters ... by user93 Communicator in Splunk Search 06-11-2019 0 3	0	3
Data virtualization with Splunk? hi, what are your thoughts on data virtualization and how does it apply to Splunk? I ave been researching data virtua... by barriersbill Explorer in Splunk Search 06-11-2019 1 2	1	2
Interactive dashboard stats count Good afternoon I have a stats count query leading to a single number dashboard. I was wondering if it is possible to ... by jsalsbur Explorer in Splunk Search 06-11-2019 0 3	0	3
Combine / Add rows in the search results using a wildcard I am beginner to Splunk and could you please help me with the following scenario. I have a search that will display a... by veerappan New Member in Splunk Search 06-11-2019 0 2	0	2
user role to specific index not working with index=* Hello i have several reports that contains the search index=something__something in my case, '' is the name of the re... by sarit_s Communicator in Splunk Search 06-11-2019 0 9	0	9
Transaction command not closed properly Hi, I need help with transaction command results. I have the following input to transaction command: eventID,"_time... by aleksandar_mati New Member in Splunk Search 06-11-2019 0 4	0	4
Help with using comparison sign in tokens Hello I use 2 tokens in the XML below, I need to use comparison sign like > and < in this token. I would like also t... by jip31 Motivator in Splunk Search 06-11-2019 0 10	0	10
How to extract different sourcetypes from the same file I'm wondering if/how I can do the following: I have a JSON structured file that is being parsed perfectly as JSON, s... by splunkuzleuven Loves-to-Learn Lots in Splunk Search 06-11-2019 0 3	0	3
How to get top 10 data source from Splunk ? is this command is correct ? ** \| chart count by sourcetype \| sort count desc* by corecomputetool New Member in Splunk Search 06-10-2019 0 10	0	10
How to get spath to auto_extract the fields I have events that will be indexed that will look like the below: 2019-06-06 21:12:40.397 { "response": "NodeJST5109... by riotto Path Finder in Splunk Search 06-10-2019 0 3	0	3
Which is faster, appendcols with second search or replacing values? I would like to understand which of the following is the fastest and why or if there are any more faster ways to achi... by gcharles Explorer in Splunk Search 06-10-2019 0 2	0	2
How to Match event between two Index and get desired value Hi, I am trying to match events between two index: Index A & Index B. Index A have 3 column: date-time, User's Cell ... by ashiknew007 New Member in Splunk Search 06-10-2019 0 2	0	2
Extract fields of CSV data source in Upper case I have a CSV file with region , status , hostname as Columns - field extraction works and gives them as region , stat... by rashi83 Path Finder in Splunk Search 06-10-2019 0 3	0	3
bytes_in and bytes_out - Does this mean just bytes or megabytes? For example: stats sum(bytes_in) AS bytes_in, sum(bytes_out) AS bytes_out is the sum going to be in bytes like the d... by summitsplunk Communicator in Splunk Search 06-10-2019 0 2	0	2
date_hour not present in WinEventLogs Trying to write a search that list events happening outside office hours, across a bunch of sourcetypes - however, th... by kristian_kolb Ultra Champion in Splunk Search 06-10-2019 6 9	6	9
Compliance % Calculation Hi, Scnenario is: I have an Organization A. Organization A has 10 Hosts. Vulnerability scan finds 50 unique vulne... by mbasharat Builder in Splunk Search 06-10-2019 0 3	0	3
How to display the contents of a lookup file? Is there a search that can be run to display the contents of a lookup file? by the_wolverine Champion in Splunk Search 06-10-2019 11 7	11	7
location of .conf file where path of splunk db variable is defined hello content of /opt/splunk/etc/splunk-launch.conf : in my environment , i can see it is commented then how it i... by himanshu_b_shek New Member in Splunk Search 06-10-2019 0 2	0	2
Is it possible to use match in an initial search execution? Hey guys So I would like to have a search select events from myindex based on what the user selects in a multiselect... by nick405060 Motivator in Splunk Search 06-10-2019 0 7	0	7
Define a search range by event found (not by time) I am trying to look for data (from a few different log files) between a pair of Start Event and End Events in one rel... by dowdag Engager in Splunk Search 06-10-2019 0 3	0	3
Combine two counts where event2 is a subset of event2 Hi there, I have these two searchs to count TPS : First one : index=tutti sourcetype=toto status!=4 \| bucket span=... by elaoumam Engager in Splunk Search 06-10-2019 0 3	0	3
Subsearch event correlation trough multiple index's and sourcetypes and keep results. Hi guys, I'm trying to create a query for a phishing mail tracking dashboard. The problem that i'm facing is, that ... by Meloknight New Member in Splunk Search 06-10-2019 0 3	0	3
How to count number of days a Store in is RED? Hi All, I have created a table that displays Store number and its avg(cpu),avg(ram),avg(iowait) using stats command.... by niks987 Explorer in Splunk Search 06-10-2019 0 6	0	6
Timechart not working after multikv Hi, I am not sure why timechart does not work for me. I would like a timechart for avg memory used. I tried the belo... by johnsasikumar Path Finder in Splunk Search 06-10-2019 0 1	0	1
Can the default be a new search in multiselect? Hi Everyone! Like you, I have a text box (Splunk Field) that can get the value as a token by clicking from the tab... by hketer Path Finder in Splunk Search 06-10-2019 0 3	0	3