Splunk Search

Community Activity

How can I remove one of event from transaction result Recently i create a transaction search, command and result a per below Search command: search \| transaction Session... by henrysoon80 New Member in Splunk Search 03-25-2019 0 5	0	5
Can you help me with an issue writing query and chart? Hi, I am facing an issue in writing a query. Example: Let's assume I have 2 groups such as : 1)Group 1 has user... by su_kumar New Member in Splunk Search 03-24-2019 0 1	0	1
exclude multiple subnets from search I have a list of subnets that I want to exlude from search. below isthe search \| search NOT cidrmatch("xx.xx.... by rashid47010 Communicator in Splunk Search 03-24-2019 0 1	0	1
What exactly does the ttl mechanism do? Sorry, but I don't understand how ttl is used and the reason for this design paradigm. Any ideas? by ddrillic Ultra Champion in Splunk Search 03-23-2019 0 10	0	10
I want to receive multiple search results on webhook I would like to send search result from my report schedule to my API via webhook. We were able to retrieve one search... by masakatsu Engager in Splunk Search 03-23-2019 1 1	1	1
How do you get a count on the latest status of Jira tickets? Hi, I want to get a count on tickets with the latest status of "In Progress". An example of the data set is below: ... by cpboothe New Member in Splunk Search 03-23-2019 0 2	0	2
assign transaction values to different variables Hi, i am running a search that will look for failed authentication attempts of a user within a 1 minute window and ge... by mpasha Path Finder in Splunk Search 03-22-2019 0 0	0	0
How does Splunk handle multiple data inputs? I need to create a scripted input in inputs.conf that runs scripts by passing arguments at an interval of 60 secs. B... by ankithreddy777 Contributor in Splunk Search 03-22-2019 0 3	0	3
How do I count fields inside a JSON array Hi, I have this data {"quarantineFolder": null, "spamScore": 100, "threatsInfoMap": [{"campaignID": null, "threat":... by jwhughes58 Contributor in Splunk Search 03-22-2019 0 1	0	1
How do you use rex to extract a specific field in Splunk? Hello, Can anybody help me extracting from this table with 3 regular expression: I got a column in Splunk like this... by braicu New Member in Splunk Search 03-22-2019 0 2	0	2
Bro/Zeek search for peaks/dips over time Looking for assistance to search Bro/Zeek for peaks/dips in traffic (what is the best sourcetype to go by). Also ... by ddecker03 Loves-to-Learn Everything in Splunk Search 03-22-2019 0 0	0	0
How come strptime does not work for some days? There seems to be some issue with the strptime function. I'm not sure why it works for few days and does not work for... by shaileshmali Path Finder in Splunk Search 03-22-2019 0 1	0	1
Chart with multiple Row Fields that Share Values Over One Column Field Hello, I was wondering if you can have a chart that compares the average of one field depending on the value of sever... by jjezusek Engager in Splunk Search 03-22-2019 0 2	0	2
Extract id from string using rex Hi all How to extract id from String using rex? sample: sample-3456-777-text result: id 3456-777 by rockts89 Engager in Splunk Search 03-22-2019 0 2	0	2
Vlookup between 2 queries Hello folks, i have a list of hardware for an account X and i want to know if all the hawrdware list is present in o... by evelandi New Member in Splunk Search 03-22-2019 0 2	0	2
EventViewer No Display User has the "admin" RBAC role User uses dark theme User uses several workstations with Chrome and IE A simple searc... by halbeisendv Path Finder in Splunk Search 03-22-2019 0 2	0	2
AWS windows logs parsing Hi, How we can distinguish windows/linux logs from the AWS logs. Is there any TA/App is available which support by s... by N92 Path Finder in Splunk Search 03-22-2019 0 2	0	2
2 timestamp, the rest identical, how calculate duration ? tim:2019-01-18 10:27:54,id:bee236 tim:2019-01-18 10:38:07,id:bee236 tim:2019-01-21 09:27:09,id:thierry403 tim:2019-01... by splunkLPN Path Finder in Splunk Search 03-22-2019 0 2	0	2
Join two datasets (main search and subsearch), keep all keys in both, and update non-key fields with data from the subsearch If I have two searches, one generates fields "key A" and "Column A" and the second search generates fields "key B" "C... by cdhippen Path Finder in Splunk Search 03-22-2019 0 4	0	4
Timechart - Running Total By Product Hi, I would like to create a timechart that shows the running total revenues for each product. First I've created a ... by HeinzWaescher Motivator in Splunk Search 03-22-2019 1 5	1	5
SPL command to copy paste rows in lookup with increment values i have lookup like following : ID jobname start_time end_time frequency 1 abc 0:00 21:00 ... by gowtham495 Path Finder in Splunk Search 03-22-2019 0 1	0	1
Eventstats not getting the latest event based on the field Hi Team, I am trying to get the latest event from the list of events , id field is common across all the ... by imurpalvicky Engager in Splunk Search 03-22-2019 0 8	0	8
Splunk problem with fast and smart mode Hello community, I am facing a problem ,I have an instance of splunk installed on linux server , And I am trying to ... by virtuosoo Explorer in Splunk Search 03-22-2019 0 6	0	6
Optimize my search This is my search: Function="- Parts::GetPartSection =>" \| rex "maingroupNo\>(?.+)\\(?.+)\\(?.+)\" \| convert timefor... by jyab6z Path Finder in Splunk Search 03-22-2019 0 2	0	2
how to add field values of a table to another field values in a different table in a dashboard belonging to same Index hello all, I want to add field values of a table with field values of another table in a dashboard both belonging to ... by preacher_15 Explorer in Splunk Search 03-22-2019 0 1	0	1