Splunk Search

Community Activity

Perform a join where the timeframes are different In my data, events can have children. There is data in those events that I would want to associate with the parent ev... by swangertyler Path Finder in Splunk Search 03-25-2019 0 4	0	4
How to get the latest name from the data? Hi, index=os sourcetype=Service status=* (Group="Data" OR Group="Secur") AND (Section="Local" OR Section="data heal... by ramesh12345 Explorer in Splunk Search 03-25-2019 0 1	0	1
Column chart based on field value, without everything being the "count" field Currently having a hard time figuring out how to create a column chart where the field values show up in the side, so... by jwiley_splunk Splunk Employee in Splunk Search 03-25-2019 0 4	0	4
Regex field extraction I am having trouble with field extraction. I have a regex which works in a pcre regex tester but when I attempt to us... by saulverde Path Finder in Splunk Search 03-25-2019 0 2	0	2
How do you compare two multivalue fields and get the result in one number (the difference)? I am trying to compare multivalue fields, but I cannot figure out how to do it correctly? Here is the original query... by javanue New Member in Splunk Search 03-25-2019 0 1	0	1
How to change charting.fieldColors through JS of already rendered chart? Hi, does anyone know how can I change fieldColors after chart was rendered? Thing is that we have two different visu... by seva98 Path Finder in Splunk Search 03-25-2019 0 2	0	2
Converting unique IDs into chart column names Hi All This is my second SOS this week as I get acquainted with Splunk. I've exhausted all possibilities trying to s... by jimmymccauley Explorer in Splunk Search 03-25-2019 0 4	0	4
Optimizing a search in splunk Hi, I am trying to do a search which basically generates measures based on the value of a field such as X: search ... by gimbil Explorer in Splunk Search 03-25-2019 0 4	0	4
How do you trim a value in a field with a proper format? I have a field FQ with the value as "ServerName.domain.com" I want to get only the server name in another field. Pl... by veerendra_modi Loves-to-Learn in Splunk Search 03-25-2019 0 2	0	2
help on stats count by command hello I use the search below in order to do a total count by OS and by build It mean that it counts only events whic... by jip31 Motivator in Splunk Search 03-25-2019 0 2	0	2
How can I remove one of event from transaction result Recently i create a transaction search, command and result a per below Search command: search \| transaction Session... by henrysoon80 New Member in Splunk Search 03-25-2019 0 5	0	5
Can you help me with an issue writing query and chart? Hi, I am facing an issue in writing a query. Example: Let's assume I have 2 groups such as : 1)Group 1 has user... by su_kumar New Member in Splunk Search 03-24-2019 0 1	0	1
exclude multiple subnets from search I have a list of subnets that I want to exlude from search. below isthe search \| search NOT cidrmatch("xx.xx.... by rashid47010 Communicator in Splunk Search 03-24-2019 0 1	0	1
What exactly does the ttl mechanism do? Sorry, but I don't understand how ttl is used and the reason for this design paradigm. Any ideas? by ddrillic Ultra Champion in Splunk Search 03-23-2019 0 10	0	10
I want to receive multiple search results on webhook I would like to send search result from my report schedule to my API via webhook. We were able to retrieve one search... by masakatsu Engager in Splunk Search 03-23-2019 1 1	1	1
How do you get a count on the latest status of Jira tickets? Hi, I want to get a count on tickets with the latest status of "In Progress". An example of the data set is below: ... by cpboothe New Member in Splunk Search 03-23-2019 0 2	0	2
assign transaction values to different variables Hi, i am running a search that will look for failed authentication attempts of a user within a 1 minute window and ge... by mpasha Path Finder in Splunk Search 03-22-2019 0 0	0	0
How does Splunk handle multiple data inputs? I need to create a scripted input in inputs.conf that runs scripts by passing arguments at an interval of 60 secs. B... by ankithreddy777 Contributor in Splunk Search 03-22-2019 0 3	0	3
How do I count fields inside a JSON array Hi, I have this data {"quarantineFolder": null, "spamScore": 100, "threatsInfoMap": [{"campaignID": null, "threat":... by jwhughes58 Contributor in Splunk Search 03-22-2019 0 1	0	1
How do you use rex to extract a specific field in Splunk? Hello, Can anybody help me extracting from this table with 3 regular expression: I got a column in Splunk like this... by braicu New Member in Splunk Search 03-22-2019 0 2	0	2
Bro/Zeek search for peaks/dips over time Looking for assistance to search Bro/Zeek for peaks/dips in traffic (what is the best sourcetype to go by). Also ... by ddecker03 Loves-to-Learn Everything in Splunk Search 03-22-2019 0 0	0	0
How come strptime does not work for some days? There seems to be some issue with the strptime function. I'm not sure why it works for few days and does not work for... by shaileshmali Path Finder in Splunk Search 03-22-2019 0 1	0	1
Chart with multiple Row Fields that Share Values Over One Column Field Hello, I was wondering if you can have a chart that compares the average of one field depending on the value of sever... by jjezusek Engager in Splunk Search 03-22-2019 0 2	0	2
Extract id from string using rex Hi all How to extract id from String using rex? sample: sample-3456-777-text result: id 3456-777 by rockts89 Engager in Splunk Search 03-22-2019 0 2	0	2
Vlookup between 2 queries Hello folks, i have a list of hardware for an account X and i want to know if all the hawrdware list is present in o... by evelandi New Member in Splunk Search 03-22-2019 0 2	0	2