Splunk Search

Community Activity

How to create time dependent thresholds from lookup? Hello, I have a question on using lookups in a search. I want to achieve that I have a scheduled search to compare t... by willemjongeneel Communicator in Splunk Search 06-04-2019 0 5	0	5
How to get an average from this search? I'm using the following search which I have working in a dashboard. "A PUT was made to OpenAAA API - Status: OK" \| ... by kvanwagoner New Member in Splunk Search 06-04-2019 0 19	0	19
help with multiple search in one SPL needed Hello, I have the following search: index=_internal sourcetype=scheduler savedsearch_name="Anomaly Detection - new-... by damucka Builder in Splunk Search 06-04-2019 0 8	0	8
Comparing Field Value with last Month Value and show if different Hi , I need help with following Log : 5th May device="devicename" policy="XYZ" BW_Limit="any number" Total_BW="any ... by atulitm Path Finder in Splunk Search 06-04-2019 0 5	0	5
How to search IP with wildcard? I want to exclude both primary and secondary IP addresses from a search. For example: src_ip!=192.50.244.10 AND src... by mveca New Member in Splunk Search 06-04-2019 0 4	0	4
Using token in query where token is evaluated in the query itself I have the following query to be performed, where "STRING" is replaced across different queries. Is there a way to re... by denzelchung Path Finder in Splunk Search 06-04-2019 0 4	0	4
How to access fields within a subsearch / Inputlookup I cannot figure out how to use a variable to relate to a inputlookup csv field. service_tier.csv region, plan, pri... by wrussell12 Explorer in Splunk Search 06-04-2019 0 3	0	3
Special fillnull? Polulate null values with evaluated calculations This is my code index="google_apis" source="https://www.googleapis.com/youtube" \| timechart span=1h avg(subCount) ... by morethanyell Builder in Splunk Search 06-04-2019 0 4	0	4
Why is the same search producing different results? First off, before I even ask, let me state that using Splunk on Splunk is not a solution for us as we are trying to p... by EricLloyd79 Builder in Splunk Search 06-03-2019 0 3	0	3
I am trying to combine three indexes using left join but not all the values are showing up even though the data exists. index=A \| stats count by host ID \| eval ID=upper(ID) \| rename host as HOST, ID as USERID, count as LOGIN_FAILURES \| j... by dogaasad New Member in Splunk Search 06-03-2019 0 1	0	1
Extract access_combined from JSON msg field Hello! I have JSON events coming from Pivotal Cloud Foundry. Included in the JSON is the 'msg' field which includes... by johnansett Communicator in Splunk Search 06-03-2019 0 1	0	1
How to create a string that produce a weeks worth of averages? How would I create a result like below: in avg(v2) of Last week and avg(v2) of current week Please guide. Thanks. ... by reverse Contributor in Splunk Search 06-03-2019 0 2	0	2
How to extract multiple values for multiple fields within a single event? I have nessus data for Installed Windows Updates (PluginID 52001). Here is a list of quick-fix engineering updat... by rayaivy Explorer in Splunk Search 06-03-2019 0 2	0	2
Having sum function issues after entering multiple names on index Hi, I'm having a problem trying to sum all the "marcador05" and the others by Country when I put one country name on ... by nsantiago17 Explorer in Splunk Search 06-03-2019 0 0	0	0
How to to plot Cluster/Choropleth map with source data (hostname only) Created a lookup file with static Latitude and Longitude for 2 countries and used this search: \| inputlookup test_g... by rashi83 Path Finder in Splunk Search 06-03-2019 0 5	0	5
Add a (sparkline) to a (table) Is it possible to add a sparkline to a table? Most examples list stats or charts, but nothing about tables, which mak... by albyva Communicator in Splunk Search 06-03-2019 0 4	0	4
Does zooming out on timeline re-execute search? I was watching the Splunk Fundamentals 1 videos and they state that when zooming in on the timeline the same search i... by kamryn Explorer in Splunk Search 06-03-2019 0 2	0	2
How to get the actual Query from SID? Hello Community, I have the sid from splunkd.log. Now I would like to know if there is any way to get the actual que... by sudheerchamarth Explorer in Splunk Search 06-03-2019 0 6	0	6
How to use line breaking regex for Shibboleth audit logs? We are using Kafka Connect and we just started to ingest Shib audit logs. I am getting a bunch of events all rolled i... by jwalzerpitt Influencer in Splunk Search 06-03-2019 0 2	0	2
srtemp folder issue Hi All, Can we delete the files which are located in srtemp folder it is using huge space by x1045866 Explorer in Splunk Search 06-03-2019 1 0	1	0
Possible bug in value of $latest$ of previous business week Hi, On my dashboard I have a time picker. When I choose previous business week then its $earliest$ contains -6d@w1 a... by fjp2485 Engager in Splunk Search 06-03-2019 0 0	0	0
What is a trailing Z in a time stamp? We are a bit confused about the tailing Z in the following time stamp 2019-03-18T10:36:33.178Z. The following thread... by ddrillic Ultra Champion in Splunk Search 06-02-2019 0 2	0	2
Find duration on transaction where field name doesn't match Sample data: May 25 01:51:14 ns1 named[32063]: zone somezone.net/IN/default: notify from 192.168.10.20#31830: serial... by pkcbailey New Member in Splunk Search 06-02-2019 0 6	0	6
Why is the join command running for a long time? Hello, I have a query that is running for a long time, is it because of the join part? What is the best way to repl... by sarit_s Communicator in Splunk Search 06-02-2019 0 8	0	8
How to search for several events with one unique identifier field? Hi all, I'm trying to find a query that returns all the following tag_name with the same "source" field: misp-galaxy:... by bugnet Path Finder in Splunk Search 06-02-2019 0 2	0	2