Splunk Search

Community Activity

Why splunk btool check doesn't catch erroneous comments? There is a bit of a commotion here because we had stanzas like the below one, which throw errors in _internal. Intere... by ddrillic Ultra Champion in Splunk Search 05-21-2019 0 3	0	3
Splunk Dashboard questions I am new to Splunk and I have a requirement as below to show in Splunk dashboard, Number of groups created/deleted ... by sreedhar85in Engager in Splunk Search 05-21-2019 0 1	0	1
Failed to find Event Log with channel name We needed to retrieve a older evtx file from storage. We placed the file in c:\temp and we created an app to ingest ... by halbeisendv Path Finder in Splunk Search 05-21-2019 0 0	0	0
Why are my searches only hitting one Indexer in a cluster ? Hello everyone. I have a multisite Indexer cluster. 2 IDX (IDX01, IDX02) and CM 2 SH with a deployer and a VIP to SH ... by sairam1444 Engager in Splunk Search 05-21-2019 0 4	0	4
How to eliminate join for better query perfomance I have two query with same source , index with differnt time (once current day, other one pevious week day), i want ... by vikashperiwal Path Finder in Splunk Search 05-21-2019 0 3	0	3
Store result of the predict for a day Hello, I am looking for a way how to predict one day of certain metric and then every hour collect real stats. And a... by jkomarek Engager in Splunk Search 05-21-2019 1 0	1	0
unified the user field under the authentication model different devices are appearing under the authentication data model. for windows sourcetype I can see the user name,... by rashid47010 Communicator in Splunk Search 05-21-2019 0 0	0	0
How to log SQL queries in DB Connect 1 We have some old DB Connect 1.2.2 inputs defined that need to migrated to DB Connect 3.1.4. In order to debug some w... by paulski82 New Member in Splunk Search 05-21-2019 0 0	0	0
stanza to run powershell script in exchange 2016. What should be my inputs.conf stanza to run the PowerShell script in the Exchange server 2016 with windows server 201... by saramamurthy_sp Splunk Employee in Splunk Search 05-20-2019 0 0	0	0
How to combine the text values in different columns and then visualize them? C1 C2 C3 A X 34 B Y 39 C Z 60 Since i want to project this on a chart .. i want to ... by reverse Contributor in Splunk Search 05-20-2019 0 2	0	2
How to Disable Orphaned Searches? I have read through the Splunk documentation, but I cannot find a way to disable an orphaned scheduled search. There ... by kmower Communicator in Splunk Search 05-20-2019 0 2	0	2
Stats Count by field and add (SUM) some result Hello, I am doing a search listing all the browsers. However, I have browsers of the type : ChromeHTML.FDCH...... ... by bricevaixagon Explorer in Splunk Search 05-20-2019 0 1	0	1
Timechart with Timewrap and upper and lower bounds Hello, I'm looking to create a query that is a timechart that timewraps every week, for x number of weeks, showing t... by gabenav11 Explorer in Splunk Search 05-20-2019 0 7	0	7
Sorting Question Hello, hoping someone can give me a hand or point me in the right direction. I have a report that is based off of a D... by g038123 Explorer in Splunk Search 05-20-2019 0 4	0	4
How to do conditional formatting with geostats to color code points on a Splunk map with different ranges of count values? Hi I'm trying to display coordinates on a Splunk Map and color code the points with different ranges of count value... by qiaojing Path Finder in Splunk Search 05-20-2019 0 3	0	3
How many time a string occurs in a transaction and not the number of events that string appear Hi, I've got a machine splitted in two unit A and B who gave me their state of preparation and their Failure level. ... by le_barbucheron Path Finder in Splunk Search 05-20-2019 0 18	0	18
How to change service.jobs.oneshot to return unlimited number of rows in its result set? I have a Python script to run nightly and extract data using Splunk REST API. Here is the code: kwargs_oneshot = {'... by fere Path Finder in Splunk Search 05-20-2019 3 8	3	8
How to backup the search queries of a user/admin in splunk ? How to backup the search queries of a user/admin in splunk ? How to backup all the search queries of a user or admin... by ppilla Engager in Splunk Search 05-20-2019 0 3	0	3
Comparing fields in searches to find common values Hello All, I have some data here with which i need to find out which is the most vulnerable ip address from the d... by ranjitbrhm1 Communicator in Splunk Search 05-20-2019 0 4	0	4
Finding when a set of AD users were disabled. Hello, I am trying to figure out how to find when a set of users were disabled in AD. We have the app MS Windows AD... by wilc89 New Member in Splunk Search 05-19-2019 0 0	0	0
Remove rows without result from timechart count query Hello, I have the following query: sourcetype=access_* action="purchase" \| timechart count by productName usenull=f... by jam00 Explorer in Splunk Search 05-19-2019 0 2	0	2
Difference between rows of query result Jan-1 100 60 87 78 86 545 53 509 56 545 656 Jan2 110 60 87 78 86 545 53 509 56 545 656 Jan-3 111 60 87 78 86 545 53 ... by reverse Contributor in Splunk Search 05-19-2019 0 9	0	9
Tstats events restriction / from command time range Hi all, I have a bit complicated question. I tried to use "tstats count" command to check if there are events in a ... by astatrial Contributor in Splunk Search 05-19-2019 0 0	0	0
The date has special characters in my logs which is which the timestamp parsing is incorrect. could someone help me identify the conf changes needed to capture the timestamp? The log file of UTF-16LE is fetched in batch mode, but LRM (Left-to-Right Mark) is included in the date part in the l... by simon21 Path Finder in Splunk Search 05-19-2019 0 1	0	1
How to stack all error codes per endpoints from a table? Context: Each or transactions has its unique RequestId, and in Splunk search, we will have multiple rows with the sam... by dotekien New Member in Splunk Search 05-19-2019 0 1	0	1