Splunk Search

Community Activity

Format Command: Field Order Does anyone know a way to control the field order for the format command? For the default use case of format it AND'... by triest Communicator in Splunk Search 05-08-2019 0 5	0	5
Why is my extracted field not showing up in search result I have several log files as source of Splunk events. C:\logs\Srv1\file1_2019-05-06.log C:\logs\Srv84\file3_2019-05-... by arpitpropay Explorer in Splunk Search 05-08-2019 0 4	0	4
Specify what account executes a PowerShell script I like to run PowerShell scripts under "Powershell v3 Modular Input" and created a script. I noticed via our HIPS blo... by huibertsp Engager in Splunk Search 05-08-2019 0 0	0	0
Scripted input - event not parsed Hi, I'm having a problem with setting up my data stream for scripted input. I have the splunk universal forwarder set... by mikaellindstrom New Member in Splunk Search 05-08-2019 0 0	0	0
All fields are duplicate & MV. Needs to be single value. Good Morning, I need to do a stat avg on the time difference between results. Problem is all of my fields are both ... by ryhluc01 Communicator in Splunk Search 05-08-2019 0 4	0	4
How to get the Weekly Stats based on the Username Hi, I am looking for some help related to one of the issues. So what i want is weekly view of users in last 90 days w... by Shashank_87 Explorer in Splunk Search 05-08-2019 0 1	0	1
how to avoid this error "WARN StatsProcessor - 'stats' command: limit for values of field 'user_id' reached. Some values may have been truncated or ignored." Hi, I am using the stats command with the list() function. , i am getting below error. Error : 'stats' command: lim... by su_kumar New Member in Splunk Search 05-08-2019 0 12	0	12
Regex working on regex101 but not in Splunk I have some ADFS logs that I'm trying to pull the IPs from. My regex is as follows: (?:(^Token\sType):\s*(?:\n(?!Cli... by jwalzerpitt Influencer in Splunk Search 05-08-2019 0 5	0	5
How to search for login activity from terminated/disabled users I receive a weekly report on terminated users and I’m trying to create a search that will identify events/domain acti... by ryanisibor Engager in Splunk Search 05-08-2019 0 2	0	2
How to extract multivalue fields in Splunk and the events in tabular format? Hi, I have one OS index in Splunk where i get the raw data in a tabular format like below. Now I need to extract thes... by Shashank_87 Explorer in Splunk Search 05-08-2019 0 7	0	7
How to find a value from index1/table1 in index2/table2? I have made two indexes and set the values into a table. How can i find a value from table1 in table2 and present de ... by sjansma Explorer in Splunk Search 05-08-2019 0 7	0	7
How to unite different fields into one field? I'm about to unite product codes from 2 different sourcetypes with different names, but with the same value. Here's ... by marxsabandana Path Finder in Splunk Search 05-08-2019 1 1	1	1
how to assign an eval statement to matches on a subsearch? I have a main search and a lookup table I want to assign field called isCorrect to values from the main search that m... by virex Engager in Splunk Search 05-07-2019 0 2	0	2
Cisco ASA VPN logs regex? Hey guys, I am ingesting VPN logs and would like to parse them out. Does anyone have regexes to use? by nick405060 Motivator in Splunk Search 05-07-2019 0 1	0	1
Search for limit violations in subsearches of saved searches Dear fellow Splunkers, I'm running a saved search containing multiple sub searches and writing the results to a sum... by bramkostermans Engager in Splunk Search 05-07-2019 1 0	1	0
How do I sort a timechart legend by count in decreasing order, not alphabetically? Let's say I've got a timechart of URLs I'm serving. Over an hour, let's say I served this: server.com/MYcats.html -... by jofish Engager in Splunk Search 05-07-2019 1 2	1	2
Trimmed Average Calculation host = Mayhem sourcetype="phutans:servo" host=R00878 \| eval headers=split(_raw," ") \| eval plant_length=mvindex(heade... by zacksoft Contributor in Splunk Search 05-07-2019 0 9	0	9
Server Availability query from Incident data I have a lookup table with fields Application name and host, and i have a realtime Incident data with index, sourcety... by samn123 New Member in Splunk Search 05-07-2019 0 3	0	3
Can you reference a token value inside a token eval tag? Hello, I have a token called range (assume it has a value of "123-456"), and I am trying to use it inside a token eva... by johnraftery Communicator in Splunk Search 05-07-2019 1 6	1	6
Multi Valued Field Help I have looked at a ton of posts about breaking a multivalued field but having zero luck effecting a solution. I have... by ghostdog920 Path Finder in Splunk Search 05-07-2019 0 23	0	23
CPU Usage Prediction of later 15 days... of a month Hi, I am trying to create a dashboard that shows % CPU Processor time avg (Value)..but the query i used to only givin... by singh3and12 Path Finder in Splunk Search 05-07-2019 0 4	0	4
extract part of path that may or may not contain space Hello i have source path that looks like : s3://splunk/OTHER/1/OTHER/Star J750/pjserialnumber/2019-05-06T13:40:37.... by sarit_s Communicator in Splunk Search 05-07-2019 0 5	0	5
Replace every 2nd pattern with carriage. i have a field with dates in single line ( could be many dates ) ex: 2019-04-11 23:15:58.547 2019-05-02 10:11:22.833... by jiaqya Builder in Splunk Search 05-07-2019 0 4	0	4
count number of serialnumber with dc takes lots of time hello i have this query : index = amer_pj \| SerialNumber \| Region \| stats dc(SerialNumber) as Serial... by sarit_s Communicator in Splunk Search 05-06-2019 0 11	0	11
クロス集計表でパーセント表記をさせたい contingencyコマンドを使えばクロス集計表(左図)が得られますが、これをパーセント表記させる(右図)方法はありますでしょうか？ by taroito1q75 New Member in Splunk Search 05-06-2019 0 1	0	1