Splunk Search

Community Activity

Splunk 6.6.2: Why is inputting the token portion of the search and adjusting the source code within the dashboard, does not display the same data? Hello I am wondering why when I search with the original query it pulls all of the data I want and displays it the ... by Hegemon76 Communicator in Splunk Search 06-07-2019 0 4	0	4
CardRecon false positives? We use CardRecon to search our servers for credit card numbers. CardRecon came back with a large number of credit ca... by Meterman New Member in Splunk Search 06-07-2019 0 3	0	3
Is there a way to remove the digits from columns in Splunk Dashboard? Hello, I am currently working is on one use case where i have to display store number on the basis of avg cpu, avg r... by niks987 Explorer in Splunk Search 06-07-2019 0 1	0	1
if else with where clause required if (a $lt; b) eval c=round(((b-a)/b)*100),0) print c else print "no change" How to get this through splu... by dkdeepshikhaa Explorer in Splunk Search 06-07-2019 1 3	1	3
Running subsearch to verify results I'm attempting to remove some elements from a search. After reading some answers, next was born: index=domain_ctrl_n... by dreadangel Path Finder in Splunk Search 06-07-2019 0 12	0	12
Show last part of a result after a / A result of a search for a field resourceId is /SUBSCRIPTIONS/9B8874C9-5DC3-46CE-908A-D00EE594A4EC/PROVIDERS/MICROS... by kemnean2001 New Member in Splunk Search 06-06-2019 0 3	0	3
MSFT System Center 2016 and Endpoint Protection Data Has anyone out there successfully tried to pull this data from SCCM2016 into Splunk? by william_tong Engager in Splunk Search 06-06-2019 1 0	1	0
Why are the search results changing days after running the same search? We are periodically seeing instances where data that was previously indexed shows up differently. The results I got ... by bsree New Member in Splunk Search 06-06-2019 0 5	0	5
How to retain statistics and metadata while aging out logs? Hi everyone, I think the title sums it up, but I'll clarify anyway. So, we would like to pull some information from... by devinmcelheran New Member in Splunk Search 06-06-2019 0 2	0	2
How to drop brackets from field extraction result? I have some logs that are very inconsistent and need to get a source number that is displayed one of few different wa... by vcorral New Member in Splunk Search 06-06-2019 0 4	0	4
How to condense search outputs? I would like to condense this search output in order to see all Windows versions as "Windows" and all Mac versions as... by odle89 Engager in Splunk Search 06-06-2019 0 2	0	2
Using IF statement with SUM and passing data to a timechart. I am interested in quantifying inbound/outbound traffic traversing an IPsec tunnel on a Palo Alto firewall and visua... by eliwasserman92 New Member in Splunk Search 06-06-2019 0 2	0	2
How to color lines in a table by clicking a cell? Hi everybody I want to know how I can color the all the lines in my table by clicking on a cell. I tried this code a... by sfatnass Contributor in Splunk Search 06-06-2019 1 4	1	4
DELIM not capturing full value I'm using DELIM to extract colon separated KV pairs separated by a comma. DELIMS = ",", ":" This is somewhat worki... by ltranarris New Member in Splunk Search 06-06-2019 0 0	0	0
How can i display additional data in Cluster map? I am developing a map and would like to add certain labels to it, such as percentage or location name. When i hover o... by YuliyaVassilyev Explorer in Splunk Search 06-06-2019 0 4	0	4
How to extract all values after "," Hello all , Please help me to extract all values from this field : arn:aws:iam::aws:policy/AmazonEC2FullAccess,Amaz... by braicu New Member in Splunk Search 06-06-2019 0 3	0	3
[Windows] Blacklisting Event 4656 for system accounts only Good morning everyone, having a bit of a tough time with this, as my blacklists and whitelists aren't working properl... by Rhin0Crash Path Finder in Splunk Search 06-06-2019 0 6	0	6
Transactions events at the same second I am using the transaction command to identify if a report runs over a certain time. Below is my search: \| transacti... by aohls Contributor in Splunk Search 06-06-2019 0 1	0	1
help on basic table Hello I use the search below : [\| inputlookup host.csv \| table host] index="x" sourcetype="PerfmonMk:Process" ... by jip31 Motivator in Splunk Search 06-06-2019 0 2	0	2
Search top 4 destinations based on usage by IP and put remaining in others for each IP I am bit new to splunk. I want to search top 4 destinations downloads and total ‘Other’ traffic for each source ip. ... by ahmadsaadwarrai Explorer in Splunk Search 06-06-2019 0 4	0	4
Field extraction is working for one server but not for other by defining stanzas in props.conf. I added the data into Splunk after changing the configuration in props.conf for breaking the event as per the need... by setiad Loves-to-Learn in Splunk Search 06-06-2019 0 0	0	0
Show IP addresses not matching CIDR ranges in lookup table I have a list of CIDR ranges in a single column with name Prefix in a csv file. I only want to show events with sourc... by splunklearner12 Path Finder in Splunk Search 06-06-2019 0 1	0	1
Prediction algorithm in splunk Hi , I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualiz... by singh3and12 Path Finder in Splunk Search 06-06-2019 0 2	0	2
how to change time in summary index i want _time not which is having in data i have used eval _time (now ) but it is not working its same showing event date not _ time Now 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763, wanted 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763 by abhishekdubey00 Engager in Splunk Search 06-06-2019 0 1	0	1
help to display a subsearch result after a tostring function HI I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype="winhost... by jip31 Motivator in Splunk Search 06-06-2019 0 7	0	7