Splunk Search

Community Activity

How to drop brackets from field extraction result? I have some logs that are very inconsistent and need to get a source number that is displayed one of few different wa... by vcorral New Member in Splunk Search 06-06-2019 0 4	0	4
How to condense search outputs? I would like to condense this search output in order to see all Windows versions as "Windows" and all Mac versions as... by odle89 Engager in Splunk Search 06-06-2019 0 2	0	2
Using IF statement with SUM and passing data to a timechart. I am interested in quantifying inbound/outbound traffic traversing an IPsec tunnel on a Palo Alto firewall and visua... by eliwasserman92 New Member in Splunk Search 06-06-2019 0 2	0	2
How to color lines in a table by clicking a cell? Hi everybody I want to know how I can color the all the lines in my table by clicking on a cell. I tried this code a... by sfatnass Contributor in Splunk Search 06-06-2019 1 4	1	4
DELIM not capturing full value I'm using DELIM to extract colon separated KV pairs separated by a comma. DELIMS = ",", ":" This is somewhat worki... by ltranarris New Member in Splunk Search 06-06-2019 0 0	0	0
How can i display additional data in Cluster map? I am developing a map and would like to add certain labels to it, such as percentage or location name. When i hover o... by YuliyaVassilyev Explorer in Splunk Search 06-06-2019 0 4	0	4
How to extract all values after "," Hello all , Please help me to extract all values from this field : arn:aws:iam::aws:policy/AmazonEC2FullAccess,Amaz... by braicu New Member in Splunk Search 06-06-2019 0 3	0	3
[Windows] Blacklisting Event 4656 for system accounts only Good morning everyone, having a bit of a tough time with this, as my blacklists and whitelists aren't working properl... by Rhin0Crash Path Finder in Splunk Search 06-06-2019 0 6	0	6
Transactions events at the same second I am using the transaction command to identify if a report runs over a certain time. Below is my search: \| transacti... by aohls Contributor in Splunk Search 06-06-2019 0 1	0	1
help on basic table Hello I use the search below : [\| inputlookup host.csv \| table host] index="x" sourcetype="PerfmonMk:Process" ... by jip31 Motivator in Splunk Search 06-06-2019 0 2	0	2
Search top 4 destinations based on usage by IP and put remaining in others for each IP I am bit new to splunk. I want to search top 4 destinations downloads and total ‘Other’ traffic for each source ip. ... by ahmadsaadwarrai Explorer in Splunk Search 06-06-2019 0 4	0	4
Field extraction is working for one server but not for other by defining stanzas in props.conf. I added the data into Splunk after changing the configuration in props.conf for breaking the event as per the need... by setiad Loves-to-Learn in Splunk Search 06-06-2019 0 0	0	0
Show IP addresses not matching CIDR ranges in lookup table I have a list of CIDR ranges in a single column with name Prefix in a csv file. I only want to show events with sourc... by splunklearner12 Path Finder in Splunk Search 06-06-2019 0 1	0	1
Prediction algorithm in splunk Hi , I am trying to predict cpu load for 10 days ahead for that I am using LLP algorithm in my query, so in visualiz... by singh3and12 Path Finder in Splunk Search 06-06-2019 0 2	0	2
how to change time in summary index i want _time not which is having in data i have used eval _time (now ) but it is not working its same showing event date not _ time Now 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763, wanted 6/1/19 12:31:03.763 AM 2019-06-01 00:31:03.763 by abhishekdubey00 Engager in Splunk Search 06-06-2019 0 1	0	1
help to display a subsearch result after a tostring function HI I use the search below which works fine [\| inputlookup host.csv \| table host] index="x" sourcetype="winhost... by jip31 Motivator in Splunk Search 06-06-2019 0 7	0	7
How to Span=2w but starting every firts monday of the month and so on? I have a metric that want to trend on a timechart but I need to span every 2 weeks, starting the 1 monday of each mon... by pstamati Path Finder in Splunk Search 06-05-2019 0 11	0	11
How to combine a set of values as 'Other' in a pie chart? I'm trying to display a pie chart like so: chart count by transaction.inputSource \| lookup transaction_input_sources... by spamphile Engager in Splunk Search 06-05-2019 0 2	0	2
What is this error in dispatch process? 0400 ERROR DispatchProcess - String not found in literals.conf: DISPATCHCOMM:FAILED_TO_START_PROCESS I need help fi... by kkovanis New Member in Splunk Search 06-05-2019 0 2	0	2
How to print results excluding the last line in Splunk like "head -n -1" in LInux? Hi all, I want to print results excluding the last line. In Linux, I can use head -n -1 but in Splunk, the head comm... by perlish Communicator in Splunk Search 06-05-2019 1 7	1	7
how to do a line breaking after a string hello I need to do a line breaking after "%" and after " on a total of " \| eval Perc=round((NbTOUCHNGOCrashByHost/... by jip31 Motivator in Splunk Search 06-05-2019 0 15	0	15
Does anyone know how to monitor all running searches on a search head and their memory usage in real-time? I use one of the S.O.S. queries to get top 20 memory usage queries every 5 minutes, however, it might be easier for u... by benjaminlin1019 Explorer in Splunk Search 06-05-2019 2 4	2	4
How do I plot crash rate over _time by app_name? Hi, I am trying to plot the Crash rate over _time on a graph and that has to be distributed by app_name. On a high l... by Shashank_87 Explorer in Splunk Search 06-05-2019 0 2	0	2
How to get a percentage out of 2 queries? I've got 2 search queries that are working for me (Thanks to @harshpatel) Query #1 returns the average # of successe... by kvanwagoner New Member in Splunk Search 06-05-2019 0 5	0	5
regex operator in Splunk is not working to match results I am writing a code to simply match a regex in my search to match index field which matches app1_, app2_, etc Howeve... by vatsalyay New Member in Splunk Search 06-05-2019 0 2	0	2