Splunk Search

Community Activity

	How do I use regular expressions to populate a new field if the regular expression is true? Here's an example of my CSV with 10s of thousand of rows: device ID phone [APPLE]1234 phone [ANDROID]0987 pho... by russell120 Communicator in Splunk Search 05-09-2019 0 2	0	2
	How to get ADFS Location Login Lookup based on IP address with iplocation region country and time? Why is this search not returning the iplocation of the ip addresses. It is not the most efficient search, but right n... by nathig Explorer in Splunk Search 05-09-2019 0 3	0	3
	help on an issue with OR condition hello when i execute the search below I have no results index="tutu" sourcetype="perfmon:logicaldisk" instance="... by jip31 Motivator in Splunk Search 05-09-2019 0 2	0	2
	Only select matching JSON data I load JSON reports into Splunk and those reports have many arrays: { "analysis":{ "behavior":{ ... by joesecurity Engager in Splunk Search 05-09-2019 0 15	0	15
	tunning search from accelerated datamodel #By clause Hello What options there are to tune search from already accelerated data model with 3+tb data? the slowliness comes... by net1993 Path Finder in Splunk Search 05-09-2019 0 0	0	0
	LineBreakingProcessor question Hello, I receive errors like the ones below: LineBreakingProcessor - Truncating line because limit of 132000 bytes h... by willemjongeneel Communicator in Splunk Search 05-09-2019 0 4	0	4
	how to merge similar events of a table using javascript? hello all, I am trying to merge the rows of table into one value as all of them are same, but i dont want to use dedu... by sajjanshetty15 Loves-to-Learn in Splunk Search 05-09-2019 0 0	0	0
	sort the columns numerically in table * mySearch \| table * generates nice table of all my ~150 fields with default field names field1 field2... field10... f... by smiththebest New Member in Splunk Search 05-08-2019 0 1	0	1
	Index time Search Not Working Hi , I have dns file where i need to filter the junk data before indexing and extract hostname and IP fields at inde... by NAVEEN_CTS Path Finder in Splunk Search 05-08-2019 0 5	0	5
	how to make 'for loop' in splunk query For all row, how can i make splunk query following 'for loop'? for(i=1, i<100, i=i+1) { factor1_prev=factor1_mi... by leejaeyong Engager in Splunk Search 05-08-2019 0 2	0	2
	What system resources are mostly used by these instances? Good day! Can you please enlighten me about what system resource does each instance mostly use ? Indexer: Dedicated... by rajyah Communicator in Splunk Search 05-08-2019 0 0	0	0
	Return 0 when "no results found" Hello, In the following query, I'm hoping to return the value 0 to my dashboard panel if no results are found by the... by moizmmz Path Finder in Splunk Search 05-08-2019 0 10	0	10
	How to write a RegEx to extract the IP address in reverse order? Currently I am extracting the URL and reverse IP address (D.C.B.A) from a DNS-related event. I would like to capture... by draracle Engager in Splunk Search 05-08-2019 0 6	0	6
	How to create a table with fields form two different indexes I want to create a table with all fields from two different indexes. Index=A \|rename fieldA as field1 \|table field1... by maryamchar Explorer in Splunk Search 05-08-2019 0 9	0	9
	splunk DB connect Hi Currently we have Splunk db connect installed on heavy forwarder and we have inputs configured on heavy forwarder ... by Prakash493 Communicator in Splunk Search 05-08-2019 0 2	0	2
	How to Search a certain Time Range based on the Current Day of the week I am attempting to create a search that returns data for a different time-range based on the current day of the week.... by anholzer Explorer in Splunk Search 05-08-2019 0 2	0	2
	Format Command: Field Order Does anyone know a way to control the field order for the format command? For the default use case of format it AND'... by triest Communicator in Splunk Search 05-08-2019 0 5	0	5
	Why is my extracted field not showing up in search result I have several log files as source of Splunk events. C:\logs\Srv1\file1_2019-05-06.log C:\logs\Srv84\file3_2019-05-... by arpitpropay Explorer in Splunk Search 05-08-2019 0 4	0	4
	Specify what account executes a PowerShell script I like to run PowerShell scripts under "Powershell v3 Modular Input" and created a script. I noticed via our HIPS blo... by huibertsp Engager in Splunk Search 05-08-2019 0 0	0	0
	Scripted input - event not parsed Hi, I'm having a problem with setting up my data stream for scripted input. I have the splunk universal forwarder set... by mikaellindstrom New Member in Splunk Search 05-08-2019 0 0	0	0
	All fields are duplicate & MV. Needs to be single value. Good Morning, I need to do a stat avg on the time difference between results. Problem is all of my fields are both ... by ryhluc01 Communicator in Splunk Search 05-08-2019 0 4	0	4
	How to get the Weekly Stats based on the Username Hi, I am looking for some help related to one of the issues. So what i want is weekly view of users in last 90 days w... by Shashank_87 Explorer in Splunk Search 05-08-2019 0 1	0	1
	how to avoid this error "WARN StatsProcessor - 'stats' command: limit for values of field 'user_id' reached. Some values may have been truncated or ignored." Hi, I am using the stats command with the list() function. , i am getting below error. Error : 'stats' command: lim... by su_kumar New Member in Splunk Search 05-08-2019 0 12	0	12
	Regex working on regex101 but not in Splunk I have some ADFS logs that I'm trying to pull the IPs from. My regex is as follows: (?:(^Token\sType):\s*(?:\n(?!Cli... by jwalzerpitt Influencer in Splunk Search 05-08-2019 0 5	0	5
	How to search for login activity from terminated/disabled users I receive a weekly report on terminated users and I’m trying to create a search that will identify events/domain acti... by ryanisibor Engager in Splunk Search 05-08-2019 0 2	0	2