Splunk Search

Community Activity

I am writing a subsearch to get a user details as input for someother search but it is not working when i include the subsearch . need help asap index=* [search index=_internal [\| rest /services/authentication/current-context splunk_server=local \| fields usernam... by arunsundarm Engager in Splunk Search 05-13-2019 0 3	0	3
user activities, PCI Requirement 10 May I know what is User Activity as per PCI requirement 10 ? On going SSAE 18 audit, there is one question - please ... by brpsingara Explorer in Splunk Search 05-13-2019 0 0	0	0
Use of upper/lower Other than making reports more readable, are there other reasons to use the upper/lower function of eval? by smanganiello_sp Splunk Employee in Splunk Search 05-13-2019 0 4	0	4
dbinspect query help I'm trying to write a dbinspect query to calculate the # of days of data that is stored in our hot/warm storage parti... by mschlapfer Explorer in Splunk Search 05-13-2019 0 2	0	2
Extraction issue with dynamic field names Hello there, I am stuck with a dynamic field name extraction. The data is partly JSON and sometimes contains nested... by D2SI Communicator in Splunk Search 05-13-2019 0 2	0	2
how to use string from lookup table in search Hi there, I want to build a query with strings from the lookup table. I have the list of domains in the look up table... by afulamba Explorer in Splunk Search 05-13-2019 0 19	0	19
How to delete old lookup table (CSV) files in a search head clustering environment? How can one delete stale lookup files? Sometimes users output their data to a lookup table file to reference in anoth... by BP9906 Builder in Splunk Search 05-12-2019 1 4	1	4
How to use regex to replace string? Hi, I have the below urls. How can I use the regex to remove the tokens from urls? Looking to remove data between /... by knalla Path Finder in Splunk Search 05-12-2019 0 3	0	3
Create correlation search from multiple host or device logs based on the Source IP field Hi all, I want to create the correlation search in order to further enhance our current security alert from splunk b... by chrishow Engager in Splunk Search 05-12-2019 0 3	0	3
how to parse a semicolon separated file for a lookup file I have a semicolon separated file that is to be used as a lookup file. How do you parse the file within the transform... by SplunkDank New Member in Splunk Search 05-12-2019 0 5	0	5
timewrap compare last week with avg last three months Hi team! I want to compare last week with avg last three months. This is my code right now. I need some help pls. ... by christianubeda Path Finder in Splunk Search 05-12-2019 0 0	0	0
Problem with map command - Using search from lookup Hi all, I am trying to run a map command that will run searches from a lookup one by one as follows : \| inputlooku... by astatrial Contributor in Splunk Search 05-12-2019 0 13	0	13
Help with a custom co-relation search!!!! I'm having a problem creating an alert for following scenario: Data source: index=mail sourcetype=pps_messagelog (in... by swaguzari Engager in Splunk Search 05-12-2019 0 3	0	3
help on tostring function hello I am doing the distinct count below in my search \| stats dc(host) AS OnlineCount by Code \| where Code = "Onl... by jip31 Motivator in Splunk Search 05-12-2019 0 5	0	5
Using a different value for _time index=av sourcetype=BobsCutRateAV category="BadStuffHappening" \| eval date_hour=strftime(_time, "%H") \| eval date_w... by williamsmew New Member in Splunk Search 05-11-2019 0 7	0	7
How to see changes in field values when comparing today vs. yesterday? Hello, I have a scheduled search that populates a CSV with data each day, including the current date. Here is an ex... by russell120 Communicator in Splunk Search 05-11-2019 0 4	0	4
How to Sum Latest and Previous Field1 from multiple Field2. Hi All, I have a problem to form the logic for sorting Latest and Previous Data to compare. Looking Field1=Status , ... by keanhong New Member in Splunk Search 05-11-2019 0 7	0	7
Need to Calculate Response Time matching Index ID between 2 lines in the search If look the below screen shot due to multiple calls in same time some time response takes a while and we need to matc... by lsanthoshbe New Member in Splunk Search 05-11-2019 0 4	0	4
Exclude any transaction that doesn't include a specific value I need to filter searches that has a value of "F*" included per transaction number. The transaction number with my se... by marxsabandana Path Finder in Splunk Search 05-11-2019 0 1	0	1
rex expression does not work in curl I have a simple search on a text pad, like this index=text\|rex field=_raw "ApplicationRegistry-(?<text>.*)" max_match... by Sukisen1981 Champion in Splunk Search 05-11-2019 0 22	0	22
How to get field count rather than stats count? Here's my query: index="smt_fortigate" host="10.8.12.1" srcintf=mysummitwifi \| stats count by devtype What I want t... by summitsplunk Communicator in Splunk Search 05-10-2019 0 5	0	5
Predict: show past events and future predictions I'm using predict, and seeing good results, but I would like to clean up my visualization. What I would like is to s... by nplamondon Communicator in Splunk Search 05-10-2019 0 20	0	20
How to use coalesce without hitting search limit My data is from the same source but I would like to count the number of times a host appears on the event based on tw... by alc2019 New Member in Splunk Search 05-10-2019 0 6	0	6
How do you convert the date field and time field on a lookup table to _time? Hi, How do I convert two fields (date and time) from a lookup table to _time? I would like to use it to create time... by alc2019 New Member in Splunk Search 05-10-2019 0 5	0	5
Use transaction command to process data and get 3 different results? Is this even possible?? Here is what I have: ...a log table with a unique FName-LName & Job-Title. I pulled 100 rows on both yesterday and ... by timothytruax Explorer in Splunk Search 05-10-2019 0 6	0	6