Splunk Search

Community Activity

Optimize Search I have to create an alert where as soon as the number of events at time X has changed. There are two following scena... by nicxso Engager in Splunk Search 03-21-2019 0 6	0	6
how to search by too deferent champs Hello , how to search by two different champs ? I try "OR" but not result Thanks by aalaa Path Finder in Splunk Search 03-21-2019 0 2	0	2
Colors inversed in my piechart ! why ? Hi ! I have a piechart and I assigned red color for a x value and green color for a y value on it. But sometimes it ... by henriq_c Explorer in Splunk Search 03-21-2019 0 5	0	5
How to exclude two grouping of results in query? Hello, this is my first forum entry and I'm really hoping this question is clear. Currently, my timechart results are... by noob4now New Member in Splunk Search 03-21-2019 0 4	0	4
How to make the column one color? Hi I have a table with TEXT, i have 3 columns. \| table no1 no2 email I want the column email to be gray, I cant s... by robertlynch2020 Influencer in Splunk Search 03-21-2019 0 5	0	5
How do you handle a lookup in search head cluster? We are facing an issue with CSV lookup files after migrating from standalone search head to a cluster. The lookups ar... by sakthiganesht Explorer in Splunk Search 03-21-2019 1 9	1	9
Insert one search into other search as a new column My code: My basic search\| rex "maingroupNo>(?.+)\(?.+)\(?.+)\" \| convert timeformat="%H:%M:%S" dur2sec(TimeInSec) \|... by jyab6z Path Finder in Splunk Search 03-21-2019 0 1	0	1
Percent search Hello , I have a table, each line of this table has a specific value, I need a search command to calculate the perc... by aalaa Path Finder in Splunk Search 03-21-2019 0 2	0	2
How to covert GMT Time(0-12:00) to PST time. My result is giving me the output for GMT time for the given time what I have defined. by rajhemant26 New Member in Splunk Search 03-21-2019 0 3	0	3
How to expand the count field and show all the events as a search result? There is my search result in the attached image. What I want to do is to expand the count field and show all events ... by jyab6z Path Finder in Splunk Search 03-21-2019 0 2	0	2
count duplicate instances of multivalue field Hello. I have events that have a field "Security_ID" that is a multi value field. It may contain something like: N... by splunkbacon Explorer in Splunk Search 03-20-2019 0 1	0	1
Find latest data for each grouped item Oct 26 10:40:50 m eg[0]: group:group1 name:name1 size:10 speed:20 Oct 26 10:40:50 m eg[0]: group:group2 name:name... by surfi2000 New Member in Splunk Search 03-20-2019 0 3	0	3
Reverse sorts are honored and regular sorts are not honored in a base search? Working: base: ... \| sort - first_login_epoch post: \| table first_login_epoch Not working base: ... \| sort first_l... by nick405060 Motivator in Splunk Search 03-20-2019 0 2	0	2
X Axis (x-axis) don't show up in chart I have created a chart (Bar) with the following: chart count(ProductName) over ProductCalss BY StoreZones Therer we... by Joshie New Member in Splunk Search 03-20-2019 0 3	0	3
How to split count of field1 where (field2=value1) and count of field1 where (field2=value2) without appending? I want to find how many times an event happens based on the value of another field. Basically a count of IP addresses... by JoshuaJohn Contributor in Splunk Search 03-20-2019 0 2	0	2
Don't understand how to use splunk join, want to merge two tables Hello, I have this index=myindex eventtype="perfmon_windows" object="LogicalDisk" counter="% Free Space" instance!... by henriq_c Explorer in Splunk Search 03-20-2019 0 1	0	1
How to use the head command with group by? Hi All We are building a security toolkit that performs a number of different scans as part of the application build... by jimmymccauley Explorer in Splunk Search 03-20-2019 0 2	0	2
eval strftime search assistance Hello, I’m hoping for some suggestions for the process that I am trying to accomplish. I have a universal forwarder... by bzsplunk54 New Member in Splunk Search 03-20-2019 0 1	0	1
What is an efficient way to exclude multiple string criteria from a field in search? Need to exclude field results based on multiple string-matching cirteria (OR): -Not equals to any one of several nam... by JaoelNameiol Explorer in Splunk Search 03-20-2019 0 7	0	7
how to show a substr I am doing a substr and want to see that in a table, however it just gives no results baseSearch \| eval id = substr(... by dan_pudwell Explorer in Splunk Search 03-20-2019 1 4	1	4
How to fill empty fields with data from a specific event field? Date...............Time.....................UserID.........................Function.....Main...Sub...Serie...Type 20... by jyab6z Path Finder in Splunk Search 03-20-2019 0 2	0	2
whitelist regex help with multiple strings Trying to build a rather simple inputs.conf (or so i thought) to grab two statis named files, and the last file has a... by joesrepsolc Communicator in Splunk Search 03-20-2019 0 7	0	7
Each File as One Single Splunk Event Hi everyone, I need solve a issue as simple as that: my system generate many files and each file is a isolated event... by jefferson_santa Engager in Splunk Search 03-20-2019 4 9	4	9
How to regex the field? How to regex the field? refId=Id-214f1652024d824e1f4cef63be666139\x00 What i used: rex field=_raw "refId=Id-(?\w*-?... by karthi2809 Builder in Splunk Search 03-20-2019 0 8	0	8
Relation between mongod and scheduled searches Hi to all, is there some relation with mongod and scheduled searches? In our environment we always had mongod disable... by maurelio79 Communicator in Splunk Search 03-20-2019 0 3	0	3