Splunk Search

Community Activity

Take multiple regex in single search string I have to extract the same features from two sets of logs with very different formats and need to take the additional... by AshimaE Explorer in Splunk Search 06-12-2019 0 5	0	5
How to return values from lookup which are not matching the search? Hi I currently have a search which returns a list of users with employee id from a user lookup eg: user lookup has ... by kavyadekkata Explorer in Splunk Search 06-11-2019 0 1	0	1
Convert Timestamp from one format to UNIX style format I have a log file that has the timestamp for each line as: Jun 10, 11:07:59.305475 Note that the year is missing -... by dowdag Engager in Splunk Search 06-11-2019 0 6	0	6
I am looking on how to filter the unwanted logs getting forward to indexer In my Application there are logs statements which are repetitive and how to avoid them sending to Indexer so that i w... by lsanthoshbe New Member in Splunk Search 06-11-2019 0 1	0	1
How to table events in columns with time/date related counts I want to write a search where the events are in one column and the related counts are in each column corresponding t... by ankurtaunk Explorer in Splunk Search 06-11-2019 0 9	0	9
Splunk 6.4 how to achieve @w1 of splunk 7 I am doing weekly statistics and in splunk 7, i can easily specify the first day of a week by @w1 so 1 means Monday. ... by viking1978 New Member in Splunk Search 06-11-2019 0 1	0	1
Comparing 2 Windows Event logs together I am kind of new so I apologize to my ignorance. What I am trying to do is use the Windows Event Logs EventCode 5156 ... by dirtyspawn Engager in Splunk Search 06-11-2019 0 6	0	6
How to chart count by events and name? I have a search that gets the count of events by users which works well. However, I want to have the chart list all u... by jenkinsta Path Finder in Splunk Search 06-11-2019 0 5	0	5
Custom index for forwarded data Hello all, I have a working universal forwarder that happily sends data to my Enterprise indexer. The data shows up u... by eholz1 Builder in Splunk Search 06-11-2019 0 5	0	5
How to use rex to match only where the field exactly has 8 characters? Hello, I need a search to match when a field that has free form text contains exactly 8 characters that are letters ... by user93 Communicator in Splunk Search 06-11-2019 0 3	0	3
Data virtualization with Splunk? hi, what are your thoughts on data virtualization and how does it apply to Splunk? I ave been researching data virtua... by barriersbill Explorer in Splunk Search 06-11-2019 1 2	1	2
Interactive dashboard stats count Good afternoon I have a stats count query leading to a single number dashboard. I was wondering if it is possible to ... by jsalsbur Explorer in Splunk Search 06-11-2019 0 3	0	3
Combine / Add rows in the search results using a wildcard I am beginner to Splunk and could you please help me with the following scenario. I have a search that will display a... by veerappan New Member in Splunk Search 06-11-2019 0 2	0	2
user role to specific index not working with index=* Hello i have several reports that contains the search index=something__something in my case, '' is the name of the re... by sarit_s Communicator in Splunk Search 06-11-2019 0 9	0	9
Transaction command not closed properly Hi, I need help with transaction command results. I have the following input to transaction command: eventID,"_time... by aleksandar_mati New Member in Splunk Search 06-11-2019 0 4	0	4
Help with using comparison sign in tokens Hello I use 2 tokens in the XML below, I need to use comparison sign like > and < in this token. I would like also t... by jip31 Motivator in Splunk Search 06-11-2019 0 10	0	10
How to extract different sourcetypes from the same file I'm wondering if/how I can do the following: I have a JSON structured file that is being parsed perfectly as JSON, s... by splunkuzleuven Loves-to-Learn Lots in Splunk Search 06-11-2019 0 3	0	3
How to get top 10 data source from Splunk ? is this command is correct ? ** \| chart count by sourcetype \| sort count desc* by corecomputetool New Member in Splunk Search 06-10-2019 0 10	0	10
How to get spath to auto_extract the fields I have events that will be indexed that will look like the below: 2019-06-06 21:12:40.397 { "response": "NodeJST5109... by riotto Path Finder in Splunk Search 06-10-2019 0 3	0	3
Which is faster, appendcols with second search or replacing values? I would like to understand which of the following is the fastest and why or if there are any more faster ways to achi... by gcharles Explorer in Splunk Search 06-10-2019 0 2	0	2
How to Match event between two Index and get desired value Hi, I am trying to match events between two index: Index A & Index B. Index A have 3 column: date-time, User's Cell ... by ashiknew007 New Member in Splunk Search 06-10-2019 0 2	0	2
Extract fields of CSV data source in Upper case I have a CSV file with region , status , hostname as Columns - field extraction works and gives them as region , stat... by rashi83 Path Finder in Splunk Search 06-10-2019 0 3	0	3
bytes_in and bytes_out - Does this mean just bytes or megabytes? For example: stats sum(bytes_in) AS bytes_in, sum(bytes_out) AS bytes_out is the sum going to be in bytes like the d... by summitsplunk Communicator in Splunk Search 06-10-2019 0 2	0	2
date_hour not present in WinEventLogs Trying to write a search that list events happening outside office hours, across a bunch of sourcetypes - however, th... by kristian_kolb Ultra Champion in Splunk Search 06-10-2019 6 9	6	9
Compliance % Calculation Hi, Scnenario is: I have an Organization A. Organization A has 10 Hosts. Vulnerability scan finds 50 unique vulne... by mbasharat Builder in Splunk Search 06-10-2019 0 3	0	3