Splunk Search

Community Activity

search query Splunk new-bee here. Let's say I have two records in the log file: one record has " myID=1234 ticker= abc" and the ... by aokhovat New Member in Splunk Search 05-21-2019 0 1	0	1
Splunk/AWS SQS Queue polling inconsistently As the title says im running into an issue with what appears to be the pull count from SQS queues. For example, right... by arlombar Explorer in Splunk Search 05-21-2019 0 0	0	0
Why does this search cause Splunk to crash occasionally? I have a search that works most of the time, but sometimes just causes Splunk to crash and requires a restart. I hav... by chadman Path Finder in Splunk Search 05-21-2019 0 7	0	7
Base Search returning different results than normal search As the title suggests, I'm having issues with a base search that I'm trying to create. The base search uses tokens t... by betchim_gerwili Explorer in Splunk Search 05-21-2019 0 2	0	2
How to edit my search to exclude the top 20 noisy results and return the rest? I have a splunk search for a list of users performing a particular task. I want to exclude the top 20 noisy results a... by phant0mgh0st New Member in Splunk Search 05-21-2019 0 3	0	3
Why splunk btool check doesn't catch erroneous comments? There is a bit of a commotion here because we had stanzas like the below one, which throw errors in _internal. Intere... by ddrillic Ultra Champion in Splunk Search 05-21-2019 0 3	0	3
Splunk Dashboard questions I am new to Splunk and I have a requirement as below to show in Splunk dashboard, Number of groups created/deleted ... by sreedhar85in Engager in Splunk Search 05-21-2019 0 1	0	1
Failed to find Event Log with channel name We needed to retrieve a older evtx file from storage. We placed the file in c:\temp and we created an app to ingest ... by halbeisendv Path Finder in Splunk Search 05-21-2019 0 0	0	0
Why are my searches only hitting one Indexer in a cluster ? Hello everyone. I have a multisite Indexer cluster. 2 IDX (IDX01, IDX02) and CM 2 SH with a deployer and a VIP to SH ... by sairam1444 Engager in Splunk Search 05-21-2019 0 4	0	4
How to eliminate join for better query perfomance I have two query with same source , index with differnt time (once current day, other one pevious week day), i want ... by vikashperiwal Path Finder in Splunk Search 05-21-2019 0 3	0	3
Store result of the predict for a day Hello, I am looking for a way how to predict one day of certain metric and then every hour collect real stats. And a... by jkomarek Engager in Splunk Search 05-21-2019 1 0	1	0
unified the user field under the authentication model different devices are appearing under the authentication data model. for windows sourcetype I can see the user name,... by rashid47010 Communicator in Splunk Search 05-21-2019 0 0	0	0
How to log SQL queries in DB Connect 1 We have some old DB Connect 1.2.2 inputs defined that need to migrated to DB Connect 3.1.4. In order to debug some w... by paulski82 New Member in Splunk Search 05-21-2019 0 0	0	0
stanza to run powershell script in exchange 2016. What should be my inputs.conf stanza to run the PowerShell script in the Exchange server 2016 with windows server 201... by saramamurthy_sp Splunk Employee in Splunk Search 05-20-2019 0 0	0	0
How to combine the text values in different columns and then visualize them? C1 C2 C3 A X 34 B Y 39 C Z 60 Since i want to project this on a chart .. i want to ... by reverse Contributor in Splunk Search 05-20-2019 0 2	0	2
How to Disable Orphaned Searches? I have read through the Splunk documentation, but I cannot find a way to disable an orphaned scheduled search. There ... by kmower Communicator in Splunk Search 05-20-2019 0 2	0	2
Stats Count by field and add (SUM) some result Hello, I am doing a search listing all the browsers. However, I have browsers of the type : ChromeHTML.FDCH...... ... by bricevaixagon Explorer in Splunk Search 05-20-2019 0 1	0	1
Timechart with Timewrap and upper and lower bounds Hello, I'm looking to create a query that is a timechart that timewraps every week, for x number of weeks, showing t... by gabenav11 Explorer in Splunk Search 05-20-2019 0 7	0	7
Sorting Question Hello, hoping someone can give me a hand or point me in the right direction. I have a report that is based off of a D... by g038123 Explorer in Splunk Search 05-20-2019 0 4	0	4
How to do conditional formatting with geostats to color code points on a Splunk map with different ranges of count values? Hi I'm trying to display coordinates on a Splunk Map and color code the points with different ranges of count value... by qiaojing Path Finder in Splunk Search 05-20-2019 0 3	0	3
How many time a string occurs in a transaction and not the number of events that string appear Hi, I've got a machine splitted in two unit A and B who gave me their state of preparation and their Failure level. ... by le_barbucheron Path Finder in Splunk Search 05-20-2019 0 18	0	18
How to change service.jobs.oneshot to return unlimited number of rows in its result set? I have a Python script to run nightly and extract data using Splunk REST API. Here is the code: kwargs_oneshot = {'... by fere Path Finder in Splunk Search 05-20-2019 3 8	3	8
How to backup the search queries of a user/admin in splunk ? How to backup the search queries of a user/admin in splunk ? How to backup all the search queries of a user or admin... by ppilla Engager in Splunk Search 05-20-2019 0 3	0	3
Comparing fields in searches to find common values Hello All, I have some data here with which i need to find out which is the most vulnerable ip address from the d... by ranjitbrhm1 Communicator in Splunk Search 05-20-2019 0 4	0	4
Finding when a set of AD users were disabled. Hello, I am trying to figure out how to find when a set of users were disabled in AD. We have the app MS Windows AD... by wilc89 New Member in Splunk Search 05-19-2019 0 0	0	0