Splunk Search

Community Activity

How to get all fields of event with 'sid' via REST endpoint ? /servicesNS/nobody/search/search/jobs/sid/results -- this endpoint is not giving all fields of events for the search... by shravankumarkus New Member in Splunk Search 06-07-2019 0 1	0	1
How can one combine two fields with the same values- but different field names- to aggregate data from multiple sourcetypes? I have two fields with the same values but different field names. index= network sourcetype= firewall The source IP ... by amcb90 Engager in Splunk Search 06-07-2019 0 3	0	3
Join two "stats values" columns by similar field I am trying to join two searches with a common TrapID field. The OIDValue column corresponds with the OID Column The... by evan_roggenkamp Path Finder in Splunk Search 06-07-2019 0 6	0	6
Splunk Non Clustered buckets Hi , we migrated an indexer from non clustered to a clustered environment , i know the naming convention for clustere... by ram254481493 Explorer in Splunk Search 06-07-2019 0 3	0	3
How to create a multi-line field extraction I am using splunk free -- and have data in format of: 2019-06-06 11:10:10,029 "somedata" # - Start of event TransId=... by dowdag Engager in Splunk Search 06-07-2019 0 1	0	1
How to format table for resolved record after comparing two timestamp Hi Friends, My data set as below ID Date 1 01/01/2010 1 01/02/2010 2 01/01/2010 3 01/01/2010... by ninadbhaskarwar Path Finder in Splunk Search 06-07-2019 0 4	0	4
Generating an alert for a process running on two hosts at the same time We have a service (process) that should only ever be running on one server at a time. We have MS failover clustering ... by justincoon New Member in Splunk Search 06-07-2019 0 2	0	2
How to create a condition statement Is there a possibility in Splunk to get data like below : If a condition is true then that data is to be printed in ... by dkdeepshikhaa Explorer in Splunk Search 06-07-2019 0 2	0	2
Splunk 6.6.2: Why is inputting the token portion of the search and adjusting the source code within the dashboard, does not display the same data? Hello I am wondering why when I search with the original query it pulls all of the data I want and displays it the ... by Hegemon76 Communicator in Splunk Search 06-07-2019 0 4	0	4
CardRecon false positives? We use CardRecon to search our servers for credit card numbers. CardRecon came back with a large number of credit ca... by Meterman New Member in Splunk Search 06-07-2019 0 3	0	3
Is there a way to remove the digits from columns in Splunk Dashboard? Hello, I am currently working is on one use case where i have to display store number on the basis of avg cpu, avg r... by niks987 Explorer in Splunk Search 06-07-2019 0 1	0	1
if else with where clause required if (a $lt; b) eval c=round(((b-a)/b)*100),0) print c else print "no change" How to get this through splu... by dkdeepshikhaa Explorer in Splunk Search 06-07-2019 1 3	1	3
Running subsearch to verify results I'm attempting to remove some elements from a search. After reading some answers, next was born: index=domain_ctrl_n... by dreadangel Path Finder in Splunk Search 06-07-2019 0 12	0	12
Show last part of a result after a / A result of a search for a field resourceId is /SUBSCRIPTIONS/9B8874C9-5DC3-46CE-908A-D00EE594A4EC/PROVIDERS/MICROS... by kemnean2001 New Member in Splunk Search 06-06-2019 0 3	0	3
MSFT System Center 2016 and Endpoint Protection Data Has anyone out there successfully tried to pull this data from SCCM2016 into Splunk? by william_tong Engager in Splunk Search 06-06-2019 1 0	1	0
Why are the search results changing days after running the same search? We are periodically seeing instances where data that was previously indexed shows up differently. The results I got ... by bsree New Member in Splunk Search 06-06-2019 0 5	0	5
How to retain statistics and metadata while aging out logs? Hi everyone, I think the title sums it up, but I'll clarify anyway. So, we would like to pull some information from... by devinmcelheran New Member in Splunk Search 06-06-2019 0 2	0	2
How to drop brackets from field extraction result? I have some logs that are very inconsistent and need to get a source number that is displayed one of few different wa... by vcorral New Member in Splunk Search 06-06-2019 0 4	0	4
How to condense search outputs? I would like to condense this search output in order to see all Windows versions as "Windows" and all Mac versions as... by odle89 Engager in Splunk Search 06-06-2019 0 2	0	2
Using IF statement with SUM and passing data to a timechart. I am interested in quantifying inbound/outbound traffic traversing an IPsec tunnel on a Palo Alto firewall and visua... by eliwasserman92 New Member in Splunk Search 06-06-2019 0 2	0	2
How to color lines in a table by clicking a cell? Hi everybody I want to know how I can color the all the lines in my table by clicking on a cell. I tried this code a... by sfatnass Contributor in Splunk Search 06-06-2019 1 4	1	4
DELIM not capturing full value I'm using DELIM to extract colon separated KV pairs separated by a comma. DELIMS = ",", ":" This is somewhat worki... by ltranarris New Member in Splunk Search 06-06-2019 0 0	0	0
How can i display additional data in Cluster map? I am developing a map and would like to add certain labels to it, such as percentage or location name. When i hover o... by YuliyaVassilyev Explorer in Splunk Search 06-06-2019 0 4	0	4
How to extract all values after "," Hello all , Please help me to extract all values from this field : arn:aws:iam::aws:policy/AmazonEC2FullAccess,Amaz... by braicu New Member in Splunk Search 06-06-2019 0 3	0	3
[Windows] Blacklisting Event 4656 for system accounts only Good morning everyone, having a bit of a tough time with this, as my blacklists and whitelists aren't working properl... by Rhin0Crash Path Finder in Splunk Search 06-06-2019 0 6	0	6