Splunk Search

Community Activity

How to backup the search queries of a user/admin in splunk ? How to backup the search queries of a user/admin in splunk ? How to backup all the search queries of a user or admin... by ppilla Engager in Splunk Search 05-20-2019 0 3	0	3
Comparing fields in searches to find common values Hello All, I have some data here with which i need to find out which is the most vulnerable ip address from the d... by ranjitbrhm1 Communicator in Splunk Search 05-20-2019 0 4	0	4
Finding when a set of AD users were disabled. Hello, I am trying to figure out how to find when a set of users were disabled in AD. We have the app MS Windows AD... by wilc89 New Member in Splunk Search 05-19-2019 0 0	0	0
Remove rows without result from timechart count query Hello, I have the following query: sourcetype=access_* action="purchase" \| timechart count by productName usenull=f... by jam00 Explorer in Splunk Search 05-19-2019 0 2	0	2
Difference between rows of query result Jan-1 100 60 87 78 86 545 53 509 56 545 656 Jan2 110 60 87 78 86 545 53 509 56 545 656 Jan-3 111 60 87 78 86 545 53 ... by reverse Contributor in Splunk Search 05-19-2019 0 9	0	9
Tstats events restriction / from command time range Hi all, I have a bit complicated question. I tried to use "tstats count" command to check if there are events in a ... by astatrial Contributor in Splunk Search 05-19-2019 0 0	0	0
The date has special characters in my logs which is which the timestamp parsing is incorrect. could someone help me identify the conf changes needed to capture the timestamp? The log file of UTF-16LE is fetched in batch mode, but LRM (Left-to-Right Mark) is included in the date part in the l... by simon21 Path Finder in Splunk Search 05-19-2019 0 1	0	1
How to stack all error codes per endpoints from a table? Context: Each or transactions has its unique RequestId, and in Splunk search, we will have multiple rows with the sam... by dotekien New Member in Splunk Search 05-19-2019 0 1	0	1
Using Active Directory group membership as sub search to user logon search I am trying to use an ldapsearch as input to a seach which will list AD user logons. Both parts of the search work in... by wnyricsplunk Explorer in Splunk Search 05-18-2019 0 1	0	1
_time not same as data timestamp hi! I have to create an area chart where it shows the actual and the target part count of the machine. I am using tim... by mdmaala Communicator in Splunk Search 05-18-2019 0 3	0	3
Why is the 'foreach' command losing event data? I'm running Splunk 6.2. I'm dealing with events that have varying amounts of multivalue fields (some events have one,... by jpawloski Path Finder in Splunk Search 05-18-2019 0 3	0	3
How can I group results without duplicates? Hi This is my command to find the number of times an authentication has been rejected. But I would like to be able t... by rosho Communicator in Splunk Search 05-18-2019 0 4	0	4
Help using eval case statement using wildcards I'm trying to create a new field for category based off values in my existing 'message' field. index=network source... by johnward4 Communicator in Splunk Search 05-17-2019 0 3	0	3
Splunk Enterprise free not shows events Hi team, I'm using Splunk 7.2.6 free. Adding data from by file (the sample datafile downloaded from Splunk tutorial) ... by it42620 New Member in Splunk Search 05-17-2019 0 2	0	2
Date range on inputlookup search Hi I'm trying to do an inputlookup search with a specific date range of the last 6 months, but am not having any succ... by dyeo Engager in Splunk Search 05-17-2019 0 14	0	14
Searching for the absence of events I'm looking for an efficient way to find events that have not been indexed. Given a sequentially increasing number (r... by drodman29 Path Finder in Splunk Search 05-17-2019 0 1	0	1
splunkd died every day with the same error splunkd died every day with the same error FATAL ProcessRunner - Unexpected EOF from process runner child! ERROR Pro... by vincenty Explorer in Splunk Search 05-17-2019 2 9	2	9
splunk query to list if anyone removed logs from unix server(syslog servers)? Base query :- sourcetype=syslog How can I or where can I find if anyone removed any log files on unix syslog server?... by pavanae Builder in Splunk Search 05-17-2019 0 1	0	1
sending events from input based on regex to metrics I have created a setup where from an input based on a regex some of the events are sent to a specific index with chan... by imrago Contributor in Splunk Search 05-17-2019 0 3	0	3
How to calculate Percentage of particular events out of total events. I want to find the percent of events with the key word error out of all the events recorded during a time window I ha... by mrigank517 New Member in Splunk Search 05-17-2019 0 11	0	11
Execution of multiple macros in a search take too much time Hi, I have an alert which executes a very simple search. The search consists of a macro invoked 40 times, each time w... by emipintus Explorer in Splunk Search 05-17-2019 0 3	0	3
How to create a different chart for each multiselect input Hi, is there a way to create a different chart for each selected input of the multiselect field? When I select multi... by ploehnnico New Member in Splunk Search 05-17-2019 0 4	0	4
rex - extract 2 single values from set of numbers hello guyz, new to splunk was to figure out solution for this. I have logs like below need to do " rex" and extract ... by splunkuseradmin Path Finder in Splunk Search 05-17-2019 0 3	0	3
props/transforms REPORT- extracting Hello, I am having issues doing search time extraction via REPORT- command in props and transforms. Here is my code.... by zislin Explorer in Splunk Search 05-17-2019 2 3	2	3
How to display weekly data starting on a Monday using timecharts? I'm plotting some data on a timechart, with a span of a couple of months, and using weeks as the data points. How can... by samwatson45 Path Finder in Splunk Search 05-16-2019 0 7	0	7