Splunk Search

Community Activity

How do I find values that exist in two different indexes for a particular field? I'm essentially looking to compare my index field values against an index that has known-bad field values to determin... by bmoody3 New Member in Splunk Search 06-13-2019 0 8	0	8
regex not working https://regex101.com/r/PNYxi2/2 not working in splunk. Error in 'rex' command: Encountered the following error whil... by reverse Contributor in Splunk Search 06-13-2019 0 8	0	8
Search to detect auditing service on any disabled critical system that stopped or restarted more than once in the past 7 days. Hello Splunkers, I'm new to Splunk. I am trying my best to learn Splunk and to write an efficient search. I have com... by swamysanjanaput Explorer in Splunk Search 06-13-2019 0 2	0	2
How to create alerts based on 2 sourcetypes and condition? Hello, I currently have alerts based on the count of services performed in the last hour. We see that < 40 indicate... by chengka Explorer in Splunk Search 06-13-2019 0 3	0	3
Day to day comparison. Using stats and timechart. sourcetype="SysEvents" OR sourcetype="Sysout" TransactionId=TI* AND TransactionId!=TI earliest=-d@d latest=@d \| timec... by sandeepmakkena Contributor in Splunk Search 06-13-2019 1 5	1	5
inputlookup and search results from data Hello Splunkers, I have inputlooku test.csv and containing fields host region I have indexed data under test ind... by Splunk_rocks Path Finder in Splunk Search 06-13-2019 0 2	0	2
Different results when using bucket _time and timechart Hello I want to count the number of logins by hour and then try to predict them. I have tested 2 codes but I do not k... by rosho Communicator in Splunk Search 06-13-2019 0 1	0	1
How to populate type:list input in setup.xml Hi everyone, I was trying to get radio buttons in an app's setup page. And I thought that maybe list would be ok as... by harshpatel Contributor in Splunk Search 06-13-2019 0 0	0	0
Can I write control code in TIME_FORMAT? I want to get time in this log file. [sample log] 1234 567 789^G20190613^G14:00^Gsample_log ^G mean control code. ... by oda Communicator in Splunk Search 06-13-2019 0 1	0	1
Help for Doing a Count from a Dropdown List hello I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype=XmlWi... by jip31 Motivator in Splunk Search 06-13-2019 0 4	0	4
Group table results by lookup table value We have a few servers clustered together and have created a lookup table that combines them. What I would like to do... by aohls Contributor in Splunk Search 06-13-2019 0 8	0	8
How to search count by only business days? Hello Splunk Ninjas, I have created an 'aging' field that counts the number of days since a certain date & time. I w... by lewisgrantevans Explorer in Splunk Search 06-13-2019 1 14	1	14
How to get the time duration for the search string availability in day ? Hi All, I was in need of a requirement to find the error codes and its occurences windows for a given day to be prin... by rakesh_498115 Motivator in Splunk Search 06-13-2019 0 6	0	6
How to make inputlookup return function check all records (rows) in a CSV? Currently the inputlookup return function requires you to input a hardcoded total of records to check when used in a ... by orion44 Communicator in Splunk Search 06-12-2019 0 2	0	2
Regex for variable extraction 50.99.220.89 - 50.99.248.89 - - [12/Jun/2019:08:27:13 -0400] "POST /ccc67/JJ/U7UY/BCFUVGYUYGI11HTTP/1.1" 500 6629 ab... by reverse Contributor in Splunk Search 06-12-2019 0 16	0	16
How to compare values on the same columns and on the same date I have this table, and i just want to remove the rows that has the same cost on that date if the B1 of that row is ... by iancorrea Path Finder in Splunk Search 06-12-2019 0 3	0	3
\| input lookup return ALL rather than specify number I'm trying to add this to my search but the number of lookup users may change!! (\|inputlookup lotsofusers.csv \| retu... by robf Path Finder in Splunk Search 06-12-2019 2 7	2	7
How to select and join fields from 2 sources? Hai everyone, I'm still a newbie to using Splunk. I want to ask about selecting and joining fields in 2 sources. Ex... by irfan_10578 Engager in Splunk Search 06-12-2019 0 6	0	6
Where does HEC push come in from? A customer is asking: "How can we tell where an HEC push is actually coming in from? or is that just not logged anyw... by ddrillic Ultra Champion in Splunk Search 06-12-2019 0 14	0	14
Searching for merged events in Splunk Hi, I have found that there are some events in Splunk that are merged and it is on a random basis and in a huge data... by nawazns5038 Builder in Splunk Search 06-12-2019 0 5	0	5
Using a lookup for search I have a small CSV file with common attack signatures in them that I have uploaded as a lookup called web_attack_sign... by cthulhucalling Engager in Splunk Search 06-12-2019 0 11	0	11
How is the Size value on the job page calculated and logged in Splunk? I am trying to figure out how the Size value in the Job page is calculated and where that is logged in splunk. I che... by amat Explorer in Splunk Search 06-12-2019 1 0	1	0
How to get the percentage of each HTTP status code I would like to get the percentage of each HTTP status code. I have the count of each status code that appears and I ... by bryceweb22 Path Finder in Splunk Search 06-12-2019 0 3	0	3
How to create a regex to extract the first IP address from multiple IP addresses in an event line? There are multiple ip addresses in a raw event line and I only need the first one How can I achieve that? 192.168.0... by reverse Contributor in Splunk Search 06-12-2019 0 4	0	4
Set token on submit button click? Hi guys. Can someone please post working js code for a button that toggles a token from "true" to "false" and back. ... by nick405060 Motivator in Splunk Search 06-12-2019 1 3	1	3