Splunk Search

Community Activity

Using a lookup for search I have a small CSV file with common attack signatures in them that I have uploaded as a lookup called web_attack_sign... by cthulhucalling Engager in Splunk Search 06-12-2019 0 11	0	11
How is the Size value on the job page calculated and logged in Splunk? I am trying to figure out how the Size value in the Job page is calculated and where that is logged in splunk. I che... by amat Explorer in Splunk Search 06-12-2019 1 0	1	0
How to get the percentage of each HTTP status code I would like to get the percentage of each HTTP status code. I have the count of each status code that appears and I ... by bryceweb22 Path Finder in Splunk Search 06-12-2019 0 3	0	3
How to create a regex to extract the first IP address from multiple IP addresses in an event line? There are multiple ip addresses in a raw event line and I only need the first one How can I achieve that? 192.168.0... by reverse Contributor in Splunk Search 06-12-2019 0 4	0	4
Set token on submit button click? Hi guys. Can someone please post working js code for a button that toggles a token from "true" to "false" and back. ... by nick405060 Motivator in Splunk Search 06-12-2019 1 3	1	3
How to use where to compare field values Let's say I'm doing a stats count by x,y How would I formulate a WHERE that compares the string value of x and y an... by summitsplunk Communicator in Splunk Search 06-12-2019 0 2	0	2
How to find out falied login attempts(EventCode=4625) which are more than 6 times within the 1hr timestamp? Hi Team, I would like to find out user failed login attempts which are greater than 6 times and those 6 failed login ... by 90509 Engager in Splunk Search 06-12-2019 0 9	0	9
How to create a Regex question for field extraction for our shibboleth:audit sourcetype events? I created the following regex to extract the fields for our shibboleth:audit sourcetype events: ^(?:[^\\|\n]*\\|){2}(?... by jwalzerpitt Influencer in Splunk Search 06-12-2019 0 1	0	1
"Oops! Your instance is no longer here." I have been working on the Fundamentals 1 Certification using the free Cloud Trail instance of Splunk. My instance ha... by dpickett New Member in Splunk Search 06-12-2019 0 0	0	0
How to extract the HTTP Status Code? I need help with extracting and graphing the HTTP status code which is always the end of every log formatted as; `20... by bryceweb22 Path Finder in Splunk Search 06-12-2019 0 3	0	3
How to use extracted field as input parameter to another search? Hi, I needed help with using field extracted in the search(ORG) to be used as input for another search where a simil... by rahulkawadkar26 New Member in Splunk Search 06-12-2019 0 5	0	5
How to use calculated field with url? Hello, I'm trying to use calculated field on data with url field. Simple doesn't work. Even a very simple 'upper(url... by a_naoum Path Finder in Splunk Search 06-12-2019 0 10	0	10
How to create a regex to match URLs ending with a known file extension downloads? I am trying to filter out all URLs which are for file downloads and those URLs will end with the file extension. Eg -... by jkumarr2 New Member in Splunk Search 06-12-2019 0 1	0	1
Does the`search` command has implicit AND between expressions? I always understood the search command's expressions be connected by a logical AND by default: search customer=123 it... by davidch12 Explorer in Splunk Search 06-12-2019 0 1	0	1
manipulate timestamp Hello in my organisation we have few kinds of log format one of them does not have the year in the time stamp so the ... by sarit_s Communicator in Splunk Search 06-12-2019 0 6	0	6
How to line break events Can anyone here help with breaking this sample into multiple events each should start with { "resourceId": ? I have t... by anasamer New Member in Splunk Search 06-12-2019 0 9	0	9
help on token strange behaviour hi I use the search below and I filter the data with 2 token \| inputlookup tablet_host.csv \| lookup PanaBatterySta... by jip31 Motivator in Splunk Search 06-12-2019 0 19	0	19
How to display certain stats values command in a search? Hello I use the stats command below but some process_name have no process_cpu_used_percent value So how to do for di... by jip31 Motivator in Splunk Search 06-12-2019 0 11	0	11
Splunk search issues with timezone of logs from forwarders Dears, My Splunk Indexer is in CDT time zone and my forwarder logs are in UTC time zone and there is time differenc... by rchittip Path Finder in Splunk Search 06-12-2019 0 9	0	9
How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)? Hello everyone, I am trying to combine the following: - The query 1 looks for recent events (earliest=-10m@m latest... by tomgc Engager in Splunk Search 06-12-2019 0 0	0	0
Take multiple regex in single search string I have to extract the same features from two sets of logs with very different formats and need to take the additional... by AshimaE Explorer in Splunk Search 06-12-2019 0 5	0	5
How to return values from lookup which are not matching the search? Hi I currently have a search which returns a list of users with employee id from a user lookup eg: user lookup has ... by kavyadekkata Explorer in Splunk Search 06-11-2019 0 1	0	1
Convert Timestamp from one format to UNIX style format I have a log file that has the timestamp for each line as: Jun 10, 11:07:59.305475 Note that the year is missing -... by dowdag Engager in Splunk Search 06-11-2019 0 6	0	6
I am looking on how to filter the unwanted logs getting forward to indexer In my Application there are logs statements which are repetitive and how to avoid them sending to Indexer so that i w... by lsanthoshbe New Member in Splunk Search 06-11-2019 0 1	0	1
How to table events in columns with time/date related counts I want to write a search where the events are in one column and the related counts are in each column corresponding t... by ankurtaunk Explorer in Splunk Search 06-11-2019 0 9	0	9