Splunk Search

Community Activity

Compliance % Calculation Hi, Scnenario is: I have an Organization A. Organization A has 10 Hosts. Vulnerability scan finds 50 unique vulne... by mbasharat Builder in Splunk Search 06-10-2019 0 3	0	3
How to display the contents of a lookup file? Is there a search that can be run to display the contents of a lookup file? by the_wolverine Champion in Splunk Search 06-10-2019 11 7	11	7
location of .conf file where path of splunk db variable is defined hello content of /opt/splunk/etc/splunk-launch.conf : in my environment , i can see it is commented then how it i... by himanshu_b_shek New Member in Splunk Search 06-10-2019 0 2	0	2
Is it possible to use match in an initial search execution? Hey guys So I would like to have a search select events from myindex based on what the user selects in a multiselect... by nick405060 Motivator in Splunk Search 06-10-2019 0 7	0	7
Define a search range by event found (not by time) I am trying to look for data (from a few different log files) between a pair of Start Event and End Events in one rel... by dowdag Engager in Splunk Search 06-10-2019 0 3	0	3
Combine two counts where event2 is a subset of event2 Hi there, I have these two searchs to count TPS : First one : index=tutti sourcetype=toto status!=4 \| bucket span=... by elaoumam Engager in Splunk Search 06-10-2019 0 3	0	3
Subsearch event correlation trough multiple index's and sourcetypes and keep results. Hi guys, I'm trying to create a query for a phishing mail tracking dashboard. The problem that i'm facing is, that ... by Meloknight New Member in Splunk Search 06-10-2019 0 3	0	3
How to count number of days a Store in is RED? Hi All, I have created a table that displays Store number and its avg(cpu),avg(ram),avg(iowait) using stats command.... by niks987 Explorer in Splunk Search 06-10-2019 0 6	0	6
Timechart not working after multikv Hi, I am not sure why timechart does not work for me. I would like a timechart for avg memory used. I tried the belo... by johnsasikumar Path Finder in Splunk Search 06-10-2019 0 1	0	1
Can the default be a new search in multiselect? Hi Everyone! Like you, I have a text box (Splunk Field) that can get the value as a token by clicking from the tab... by hketer Path Finder in Splunk Search 06-10-2019 0 3	0	3
split columns based on delimeter Hi, I have a field called categories. And the values look like below. Please help me with regex or a way to split th... by surekhasplunk Communicator in Splunk Search 06-10-2019 0 3	0	3
How to add two field values count to another field value? I would like to add splunkd count and splunkd_access count as splunkd_total. Remaining table should look like this ... by pranay_adla Explorer in Splunk Search 06-10-2019 0 8	0	8
Using a token to define a lookup name. I have defined a token "$command$, this happens to be a command name. The command is currently the curl command. I wi... by pbryant_splunk Splunk Employee in Splunk Search 06-10-2019 0 4	0	4
Extract the values from an array of objects Using rex a field has been extracted which has a format of an array with multiple elements of the type, [{"name":"pl... by AshimaE Explorer in Splunk Search 06-10-2019 0 1	0	1
Predict with wildcard How can I use predict command with wildcard, as I have timechart with group by field. See below example query. Query... by VatsalJagani SplunkTrust in Splunk Search 06-10-2019 0 8	0	8
How to create a regex to extract values from an event? Hi everyone, I'm struggling to find a REGEX to extract 2 value from my events. I got events like this : 2019-05-... by le_barbucheron Path Finder in Splunk Search 06-09-2019 0 17	0	17
Lookup/Inputlookup I have run a search query in Splunk which return all the events contained "API call" initiated from some "IP_address"... by rajuljain2605 Explorer in Splunk Search 06-09-2019 0 4	0	4
Search receiving error: The XYZ query has exceeded configured match_limit, consider raising the value in limits.conf I looked through some of the answers above, but I'm not certain they fit. My clients search is: index="websphere" ... by nls7010 Path Finder in Splunk Search 06-08-2019 0 2	0	2
Got any tips on how I can shorten my search? Hi, I have the following search: \| inputlookup work_locations \| fields work_location \| join type=left work_locatio... by dojiepreji Path Finder in Splunk Search 06-08-2019 0 4	0	4
How to update lookup tables conditionally I have a large lookup table which is periodically generated from indexed data by a saved search. The saved search ta... by hmallett Path Finder in Splunk Search 06-07-2019 0 2	0	2
Valid use for datasets Just now getting into datasets & when I create one.. 5 columns of very useful data & it sure looks like a lookup tabl... by clintla Contributor in Splunk Search 06-07-2019 0 1	0	1
How to get all fields of event with 'sid' via REST endpoint ? /servicesNS/nobody/search/search/jobs/sid/results -- this endpoint is not giving all fields of events for the search... by shravankumarkus New Member in Splunk Search 06-07-2019 0 1	0	1
How can one combine two fields with the same values- but different field names- to aggregate data from multiple sourcetypes? I have two fields with the same values but different field names. index= network sourcetype= firewall The source IP ... by amcb90 Engager in Splunk Search 06-07-2019 0 3	0	3
Join two "stats values" columns by similar field I am trying to join two searches with a common TrapID field. The OIDValue column corresponds with the OID Column The... by evan_roggenkamp Path Finder in Splunk Search 06-07-2019 0 6	0	6
Splunk Non Clustered buckets Hi , we migrated an indexer from non clustered to a clustered environment , i know the naming convention for clustere... by ram254481493 Explorer in Splunk Search 06-07-2019 0 3	0	3