Splunk Search

Community Activity

Timechart with Timewrap and upper and lower bounds Hello, I'm looking to create a query that is a timechart that timewraps every week, for x number of weeks, showing t... by gabenav11 Explorer in Splunk Search 05-20-2019 0 7	0	7
Sorting Question Hello, hoping someone can give me a hand or point me in the right direction. I have a report that is based off of a D... by g038123 Explorer in Splunk Search 05-20-2019 0 4	0	4
How to do conditional formatting with geostats to color code points on a Splunk map with different ranges of count values? Hi I'm trying to display coordinates on a Splunk Map and color code the points with different ranges of count value... by qiaojing Path Finder in Splunk Search 05-20-2019 0 3	0	3
How many time a string occurs in a transaction and not the number of events that string appear Hi, I've got a machine splitted in two unit A and B who gave me their state of preparation and their Failure level. ... by le_barbucheron Path Finder in Splunk Search 05-20-2019 0 18	0	18
How to change service.jobs.oneshot to return unlimited number of rows in its result set? I have a Python script to run nightly and extract data using Splunk REST API. Here is the code: kwargs_oneshot = {'... by fere Path Finder in Splunk Search 05-20-2019 3 8	3	8
How to backup the search queries of a user/admin in splunk ? How to backup the search queries of a user/admin in splunk ? How to backup all the search queries of a user or admin... by ppilla Engager in Splunk Search 05-20-2019 0 3	0	3
Comparing fields in searches to find common values Hello All, I have some data here with which i need to find out which is the most vulnerable ip address from the d... by ranjitbrhm1 Communicator in Splunk Search 05-20-2019 0 4	0	4
Finding when a set of AD users were disabled. Hello, I am trying to figure out how to find when a set of users were disabled in AD. We have the app MS Windows AD... by wilc89 New Member in Splunk Search 05-19-2019 0 0	0	0
Remove rows without result from timechart count query Hello, I have the following query: sourcetype=access_* action="purchase" \| timechart count by productName usenull=f... by jam00 Explorer in Splunk Search 05-19-2019 0 2	0	2
Difference between rows of query result Jan-1 100 60 87 78 86 545 53 509 56 545 656 Jan2 110 60 87 78 86 545 53 509 56 545 656 Jan-3 111 60 87 78 86 545 53 ... by reverse Contributor in Splunk Search 05-19-2019 0 9	0	9
Tstats events restriction / from command time range Hi all, I have a bit complicated question. I tried to use "tstats count" command to check if there are events in a ... by astatrial Contributor in Splunk Search 05-19-2019 0 0	0	0
The date has special characters in my logs which is which the timestamp parsing is incorrect. could someone help me identify the conf changes needed to capture the timestamp? The log file of UTF-16LE is fetched in batch mode, but LRM (Left-to-Right Mark) is included in the date part in the l... by simon21 Path Finder in Splunk Search 05-19-2019 0 1	0	1
How to stack all error codes per endpoints from a table? Context: Each or transactions has its unique RequestId, and in Splunk search, we will have multiple rows with the sam... by dotekien New Member in Splunk Search 05-19-2019 0 1	0	1
Using Active Directory group membership as sub search to user logon search I am trying to use an ldapsearch as input to a seach which will list AD user logons. Both parts of the search work in... by wnyricsplunk Explorer in Splunk Search 05-18-2019 0 1	0	1
_time not same as data timestamp hi! I have to create an area chart where it shows the actual and the target part count of the machine. I am using tim... by mdmaala Communicator in Splunk Search 05-18-2019 0 3	0	3
Why is the 'foreach' command losing event data? I'm running Splunk 6.2. I'm dealing with events that have varying amounts of multivalue fields (some events have one,... by jpawloski Path Finder in Splunk Search 05-18-2019 0 3	0	3
How can I group results without duplicates? Hi This is my command to find the number of times an authentication has been rejected. But I would like to be able t... by rosho Communicator in Splunk Search 05-18-2019 0 4	0	4
Help using eval case statement using wildcards I'm trying to create a new field for category based off values in my existing 'message' field. index=network source... by johnward4 Communicator in Splunk Search 05-17-2019 0 3	0	3
Splunk Enterprise free not shows events Hi team, I'm using Splunk 7.2.6 free. Adding data from by file (the sample datafile downloaded from Splunk tutorial) ... by it42620 New Member in Splunk Search 05-17-2019 0 2	0	2
Date range on inputlookup search Hi I'm trying to do an inputlookup search with a specific date range of the last 6 months, but am not having any succ... by dyeo Engager in Splunk Search 05-17-2019 0 14	0	14
Searching for the absence of events I'm looking for an efficient way to find events that have not been indexed. Given a sequentially increasing number (r... by drodman29 Path Finder in Splunk Search 05-17-2019 0 1	0	1
splunkd died every day with the same error splunkd died every day with the same error FATAL ProcessRunner - Unexpected EOF from process runner child! ERROR Pro... by vincenty Explorer in Splunk Search 05-17-2019 2 9	2	9
splunk query to list if anyone removed logs from unix server(syslog servers)? Base query :- sourcetype=syslog How can I or where can I find if anyone removed any log files on unix syslog server?... by pavanae Builder in Splunk Search 05-17-2019 0 1	0	1
sending events from input based on regex to metrics I have created a setup where from an input based on a regex some of the events are sent to a specific index with chan... by imrago Contributor in Splunk Search 05-17-2019 0 3	0	3
How to calculate Percentage of particular events out of total events. I want to find the percent of events with the key word error out of all the events recorded during a time window I ha... by mrigank517 New Member in Splunk Search 05-17-2019 0 11	0	11