Splunk Search

Community Activity

How to extract multiple values for multiple fields within a single event? I have nessus data for Installed Windows Updates (PluginID 52001). Here is a list of quick-fix engineering updat... by rayaivy Explorer in Splunk Search 06-03-2019 0 2	0	2
Having sum function issues after entering multiple names on index Hi, I'm having a problem trying to sum all the "marcador05" and the others by Country when I put one country name on ... by nsantiago17 Explorer in Splunk Search 06-03-2019 0 0	0	0
How to to plot Cluster/Choropleth map with source data (hostname only) Created a lookup file with static Latitude and Longitude for 2 countries and used this search: \| inputlookup test_g... by rashi83 Path Finder in Splunk Search 06-03-2019 0 5	0	5
Add a (sparkline) to a (table) Is it possible to add a sparkline to a table? Most examples list stats or charts, but nothing about tables, which mak... by albyva Communicator in Splunk Search 06-03-2019 0 4	0	4
Does zooming out on timeline re-execute search? I was watching the Splunk Fundamentals 1 videos and they state that when zooming in on the timeline the same search i... by kamryn Explorer in Splunk Search 06-03-2019 0 2	0	2
How to get the actual Query from SID? Hello Community, I have the sid from splunkd.log. Now I would like to know if there is any way to get the actual que... by sudheerchamarth Explorer in Splunk Search 06-03-2019 0 6	0	6
How to use line breaking regex for Shibboleth audit logs? We are using Kafka Connect and we just started to ingest Shib audit logs. I am getting a bunch of events all rolled i... by jwalzerpitt Influencer in Splunk Search 06-03-2019 0 2	0	2
srtemp folder issue Hi All, Can we delete the files which are located in srtemp folder it is using huge space by x1045866 Explorer in Splunk Search 06-03-2019 1 0	1	0
Possible bug in value of $latest$ of previous business week Hi, On my dashboard I have a time picker. When I choose previous business week then its $earliest$ contains -6d@w1 a... by fjp2485 Engager in Splunk Search 06-03-2019 0 0	0	0
What is a trailing Z in a time stamp? We are a bit confused about the tailing Z in the following time stamp 2019-03-18T10:36:33.178Z. The following thread... by ddrillic Ultra Champion in Splunk Search 06-02-2019 0 2	0	2
Find duration on transaction where field name doesn't match Sample data: May 25 01:51:14 ns1 named[32063]: zone somezone.net/IN/default: notify from 192.168.10.20#31830: serial... by pkcbailey New Member in Splunk Search 06-02-2019 0 6	0	6
Why is the join command running for a long time? Hello, I have a query that is running for a long time, is it because of the join part? What is the best way to repl... by sarit_s Communicator in Splunk Search 06-02-2019 0 8	0	8
How to search for several events with one unique identifier field? Hi all, I'm trying to find a query that returns all the following tag_name with the same "source" field: misp-galaxy:... by bugnet Path Finder in Splunk Search 06-02-2019 0 2	0	2
Count occurences of a field value depending on another field Hello, I have a set of data similar to this : session1 \| user1 \| computer 1 \| start session2 \| user2 \| computer 2 \|... by airmouli Engager in Splunk Search 06-01-2019 0 3	0	3
regex help with existing regex have a business area that changed some of their log format which broke my existing regex and having a hard time match... by fisuser1 Contributor in Splunk Search 05-31-2019 0 18	0	18
Filtering A Heartbeat Call I'm trying to create a query that can filter if a heartbeat has not occurred. Right now I have two separate queries I... by inowland New Member in Splunk Search 05-31-2019 0 3	0	3
Execute stored procedure with parameters using datainputs Hi, I want to execute stored procedure with parameters but it gives me error like "com.microsoft.sqlserver.jdbc.SQLS... by suhailquadri New Member in Splunk Search 05-31-2019 0 3	0	3
Create field from small subset of events I have a field for device types (desktop or mobile) and a field for the hostname. Only a small number of events conta... by splunklearner12 Path Finder in Splunk Search 05-31-2019 0 4	0	4
regex for extracting word after symbol please help me to extract the quoted word abcd > efgh > "lmn pqr" I tried with “(?[^>]$)" but while querying like... by deeptha1992 New Member in Splunk Search 05-31-2019 0 2	0	2
Extract IP Address with rex or trim I have this line from my Windows logs : ** ALERT ** 10.0.0.3 gave false logon/password to POP server; user: desk... by frankagustinus Explorer in Splunk Search 05-31-2019 1 7	1	7
How to add a minimum and maximum range to a sparkline in a singlevalue chart I have some single values graphs spark-lines that are supposed to return a success-rate of service calls by _time. Pl... by martinpu Communicator in Splunk Search 05-31-2019 0 2	0	2
Create new events from search results Hi, How can I use a search result to create a new set of events (with a new sourcetype)? I'd like to schedule a repo... by Tim Explorer in Splunk Search 05-31-2019 3 3	3	3
Syntax for 'top x application by usage per source ip' I have raw search: \| ess eaddr=172.20.8.60:9200 index=nuage_dpi_flowstats-* tsfield=timestamp query="EnterpriseName=... by ahmadsaadwarrai Explorer in Splunk Search 05-31-2019 0 3	0	3
How to improve the performance of a search with multiple tstats command? Hi, My search query is having mutliple tstats commands. Also there are two independent search query seprated by app... by AKG1_old1 Builder in Splunk Search 05-31-2019 0 8	0	8
How to create a search that compares the user by time, using different sourcetypes Hi All, I've two sourcetypes with user information. I want to match the user by time. Please provide me the Splunk ... by raghuchams4527 Explorer in Splunk Search 05-30-2019 0 5	0	5