Splunk Search

Community Activity

	adding another field after using set diff Hi Splunkers I have a set of results from using set diff which is all good. I am now wanting to output another field... by proylea Contributor in Splunk Search 04-13-2019 0 20	0	20
	How to compare the same search from the previous day to current day using set diff? Hi guys, I am very new to Splunk (about 1 month or so) and I am having some trouble incorporating "set diff" into my... by darrenaefc Engager in Splunk Search 04-13-2019 0 8	0	8
	How can I normalize timechart with field values having wide variation Have a log file that has http response codes in a particular field. I am doing timechart on it but as the 200 respons... by smiththebest New Member in Splunk Search 04-13-2019 0 2	0	2
	How to correlate two searches with one field containing other index's field? Hi, I have two queries with one field being common to correlate and combine the result. But the problem i am facing ... by sangs8788 Communicator in Splunk Search 04-13-2019 0 5	0	5
	Time conversion from UST to EST in search results Hello Team, I am facing this issue where my logs are written in EST and the time stamp on the log is UST ( Lets say... by vn86893 Explorer in Splunk Search 04-12-2019 0 2	0	2
	Identify elapsed time from two records sharing the same key The input data looks like below. Req_no\|Type\|Time 1000\|Request\|2019-04-10T11.21.46.455Z 1000\|Response\|2019-04-10T11.... by mariraj New Member in Splunk Search 04-12-2019 0 2	0	2
	desfased server hour Hello splunkers, I have this search: index = "sti" sourcetype = "Genera_AVI" \| fields _time \| head 1 \| eval tiempo =... by rjfv8205 Path Finder in Splunk Search 04-12-2019 0 3	0	3
	How do I filter field values not present in the successful events in the super search I wanted to extract MAC address from events that were never succeeded within a time boundary. I am dealing with event... by rafiqul New Member in Splunk Search 04-12-2019 0 1	0	1
	How to compare IP's list from one Index with IP's in different index? Hello splunkers, I have two different indexes with large number of IP's. Let's say 30k in one index A and >100k in o... by snallam123 Path Finder in Splunk Search 04-12-2019 0 6	0	6
	I would like to use timechart to show the trend for 7days using below source=IN1 STATUS=SUCCESS OR STATUS=FAILED earliest=-2d@d+14h latest=-1d@d+14h APP=DEV \| stats count(APP) as "numbero... by phoebepascual New Member in Splunk Search 04-12-2019 0 7	0	7
	Can you help me build a query that shows users who have not connected to a VPN in the last 7 days? New to Splunk and I am learning as much as I can. I am trying to build on a query I have that shows the users who hav... by bluecollar Engager in Splunk Search 04-12-2019 0 7	0	7
	Trouble comparing timestamps I have two timestamps in different formats and I want to see how much time has elapsed between them. I have a rex th... by ShagVT Path Finder in Splunk Search 04-12-2019 0 9	0	9
	How to extract JSON format using rex command? How to extract JSON format using rex command, removing double quotes & semi colon? "TranID":"a2775f5d", "TranStartTi... by karthi2809 Builder in Splunk Search 04-12-2019 0 4	0	4
	Scheduled search returns different results There are two ways users can register for our site and I'm trying to track how many registered in the last quarter. W... by jrfreeze Explorer in Splunk Search 04-12-2019 0 1	0	1
	Querying for values without a specific character? Attempting to create a query that will return all values that do not have a . (dot) in their file name, meaning no fi... by yepyepyayyooo New Member in Splunk Search 04-12-2019 0 4	0	4
	Please help! How to use REX to extract the values Can someone please help me with this? I just start using splunk and I cannot figure out this, what I need is to ext... by splunknewbie123 New Member in Splunk Search 04-12-2019 0 1	0	1
	Count a value by a value without stats? Im currently trying to build a search where im trying to determine if a user is trying to send data out maliciously. ... by brienhawker Explorer in Splunk Search 04-12-2019 0 1	0	1
	Generate timechart from one event with known duration I have events where I know what the _time is(obviously). _time lets me know the end of the event. I also have data fo... by kkos94 Explorer in Splunk Search 04-12-2019 0 2	0	2
	How Extract Fields and Values on a multivalue field in search time I want to extract the fields and values from the following event: 1997-11-14 12:11:56 schedule ERROR a.b.c.d.e Some... by nravichandran Communicator in Splunk Search 04-11-2019 0 12	0	12
	How to create dashboard filters with lookups? Hello, I am trying to create dashboard filters (multiselect) using a lookup. The filters I am trying to add to my re... by katzr Path Finder in Splunk Search 04-11-2019 0 3	0	3
	MYSQLの結果取り込 MYSQLでSelectした結果をインデックスに取り込たいのですが、 ①InputType＝Risingの場合、指定したCheckpoint以降のデータした登録されない ②InputRtpe＝Btachの場合、取り込前のデータを削除し... by bigginer New Member in Splunk Search 04-11-2019 0 0	0	0
	Extracting fields from SNMP GETBULK data Hi everyone, I need to extract fields from data continuously polled for via SNMP Modular Input. Each event looks lik... by adlireza Path Finder in Splunk Search 04-11-2019 0 7	0	7
	Regex to Select Data Between Line Breaks Hello, I am trying to create a regex so that I can have all data in between line breaks as one event. Here is a samp... by dfrench151 Explorer in Splunk Search 04-11-2019 0 9	0	9
	Lookup table vs Add Data Basic question: when using a static csv as a data source, what are the pros and cons of creating a new lookup table v... by mistydennis Communicator in Splunk Search 04-11-2019 0 2	0	2
	Get logs with a distinct value of a field I saw some similar questions but none seem to work In my splunk logs, I have this field called TransactionID: 6c5802... by ank15july96 Engager in Splunk Search 04-11-2019 0 3	0	3