Splunk Search

Community Activity

Getting the counts by day but keeping the timestamp Hi, Messing with dns logs im trying to get the domain that was only queried afew times per day. However i would also ... by totaro Explorer in Splunk Search 04-29-2019 0 2	0	2
Splunk cloud - AWS - COncurrent searches say, I have a splunk cloud,, Splunk as a service running in AWS with a daily index volume of 10 GB data per day. what... by dhivyam New Member in Splunk Search 04-29-2019 0 3	0	3
Why i am getting Error in 'eval' command: The expression is malformed. An unexpected character is reached at '\"1\", \"icon-check\", \"icon-alert\")'. Hi all , I am trying to configure alert for data replication in cluster manger. Using below query , getting "Error i... by vasanthi77 Explorer in Splunk Search 04-29-2019 0 1	0	1
How to filter the log using REGEX? I have logs which contains 'LogonType=Owner' and some logs which contains 'InternalLogonType=Owner'. I want to send... by sarwshai Communicator in Splunk Search 04-29-2019 0 17	0	17
How to place splunk lookup table data output to a remote server? Hi All, I had configured an alert with trigger action as Output results to lookup with replace option . Since the al... by raj_mpl Path Finder in Splunk Search 04-29-2019 0 1	0	1
splunk masking the entire event instead of regex matching Hello, I am learning splunk. I have written a transforms to mask the email ID's however, the splunk is masking the e... by iamlearner123 Explorer in Splunk Search 04-29-2019 0 1	0	1
Encountered the following error while trying to update: Cannot edit report that is embedded. How to change the execution schedule of a report which is already embeded. Also how to find if a report is embeded? by vikram_m Path Finder in Splunk Search 04-29-2019 0 3	0	3
Subsearch produced 144180 results, truncating to maxout 10000. Hi All, I am running tstats command and matching with large lookup file but i am getting the "[subsearch]: Subsearch... by sumitkathpal Explorer in Splunk Search 04-29-2019 0 3	0	3
How to get ptime from below string Hi , Below is my field "rtpmap:8 PCMA/8000,rtpmap:101 telephone-event/8000,ptime:20" I would like to get ptime from... by Veeruswathi Explorer in Splunk Search 04-29-2019 0 5	0	5
Splunk Query for Nessus vulnerabilities between firstSeen and lastSeen dates I’m new to Splunk. I’m trying to come up with a search that would provide me with the number of Nessus vulnerability ... by alexj2323 New Member in Splunk Search 04-29-2019 0 2	0	2
How to associate dbxquery results with search results? hi everyone,forgive me me for Chinese English first, I hope you can read my questions. \|dbxquery connection="Connect... by bestSplunker Contributor in Splunk Search 04-29-2019 0 3	0	3
are they ways to make queries like this faster? I have to run a query periodically like this. The query seems to run pretty slow. Are there ways to optimize such a... by dtakacssplunk Explorer in Splunk Search 04-28-2019 0 2	0	2
Why is the search not showing all the expected results? Hello, I have log file that contains the following rows (im showing only those who relevant to my question) <0> 11/... by sarit_s Communicator in Splunk Search 04-28-2019 0 13	0	13
Append 2 tables. Gets "Missing or malformed messages.conf stanza for SEARCHFACTORY:UNKNOWN_OP__index" error I am trying to append to search results which displays the same column headers. However I am getting the error: Missi... by niyaz006 Path Finder in Splunk Search 04-28-2019 0 2	0	2
_audit search for regex's Is it possible to build a search looking for regex variances? i.e. SSN regex, CC regex by reneedeleon Engager in Splunk Search 04-28-2019 0 6	0	6
Howto use _time to compare with field with time Hello, I've a field with date/time in it. The field name is system_created_on=2019-04-26 09:38:24. I have a time pi... by krusovice Path Finder in Splunk Search 04-28-2019 1 2	1	2
Location value in SPMetadata.xml We are trying to configure SSO on Splunk Web, but when we download the SPMetadata.xml file, it mentions the location ... by prafulag Engager in Splunk Search 04-28-2019 1 1	1	1
How can we figure out the size of KVStores and Lookups? In our enterprise sometimes kvstores and lookup files can get really large and we're looking for a way to monitor thi... by davedubinsky Engager in Splunk Search 04-28-2019 1 4	1	4
Cisco Network App and Search & Reporting App Time Difference With no TZ configured, my Search & Reporting App is displaying the correct time (UTC-10:00 or 13:00 HST) but, my Cisc... by splunkot New Member in Splunk Search 04-28-2019 0 5	0	5
Unable to continue after using a regular expression to extract a new field. This is day 2 working with splunk. I want to extract a portion of an xml printout in the logs. My regex works fine,... by jpetrides Explorer in Splunk Search 04-27-2019 1 10	1	10
transform command after timechart? Is it possible to do an eval after using timechart? I want to modify the count values in column A by dividing those ... by dyeo Engager in Splunk Search 04-27-2019 0 2	0	2
pstack以外の代替手段についてフォワーダーの splunkd プロセスが異常に CPU を使用している問題で、Splunk サポートに調査を依頼するため、pstack サンプルを採集しょうとしましたが、どうも pstack は Ubuntu 環境ではうまく動作しな... by cweiliou_splunk Splunk Employee in Splunk Search 04-27-2019 0 1	0	1
How to apply operator on a specific value in a table? I'm trying to divide a specific value in a table by 10. What is the best way to do this? My search: (index=Winevent... by dyeo Engager in Splunk Search 04-26-2019 0 2	0	2
Splunk Datamodel tstats Error Hi All, I have created a datamodel "Introspection_Usage" with global permission with the following dataset as given.... by keishamtcs Explorer in Splunk Search 04-26-2019 0 5	0	5
Calculating multiple counts in one search Hi all, I am trying to get the results for both the stats count in the code below. I'm getting no results when I d... by synastraa Path Finder in Splunk Search 04-26-2019 0 5	0	5