Splunk Search

Community Activity

Why is the search bringing "-" account results for event 4625? Hi, This is the search that we are using for the dashboard and it brings all events with value "-". index=wineventl... by sjimenezp New Member in Splunk Search 03-14-2019 0 2	0	2
How to create a search for the fields using regex? Hello, I have the following string pattern (source): /trace/DB_BWP/xsengine_ls5925.30246.crashdump.20190312-213001.... by damucka Builder in Splunk Search 03-14-2019 0 2	0	2
How to match search with KV lookup files? Hello, I have a KV file that is auto generated with username using a script running every hour. I want to match the u... by kiranpatil1985 New Member in Splunk Search 03-13-2019 0 2	0	2
How to update lookup using macro? When I want to update lookup using search like below, it updates lookup table even if there is no results, but I want... by yutaka1005 Builder in Splunk Search 03-13-2019 0 4	0	4
Alter the width of single value panel How to resize the width of single value dashboard panels in case if I have only one column in a row, instead of makin... by gokool2u Explorer in Splunk Search 03-13-2019 0 7	0	7
Is there any other way other than the Lookup Editor to edit and manage lookup files? Hello All, I was wondering if there's a way to manage lookup files in Splunk. What I want to do is to create/upload... by jvmerilla Path Finder in Splunk Search 03-13-2019 0 1	0	1
How to identify and correlate events that happened before a specific event I have an "interesting event," how can I find an event meeting specific criteria that happened before my interesting ... by JWBailey Communicator in Splunk Search 03-13-2019 0 2	0	2
How to do multiline field extraction with delimited regex? Hello Splunk Folks ! Currently I am experiencing Splunk as student, and I'm having a hard time with some mail logs, ... by feldunost Engager in Splunk Search 03-13-2019 0 13	0	13
How do I append a specific field with specific values an counts to "no results" search results? I've read about the many ways to have a dashboard panel show something other than "No results found", but none of the... by williamcharlton Path Finder in Splunk Search 03-13-2019 0 9	0	9
How to visualize count of messages between .. and .. MB, .. and .. MB etc.? Hi, i want to see how many messages are send, which are between 0 and 1 mb, between 1MB and 2MB, 2 and 3 etc, but I ... by svester New Member in Splunk Search 03-13-2019 0 3	0	3
How to show the top command with distinct value? I've got proxy logs and I want to show the top 5 urls and for that the count of distinct users who tried to access i... by igschloessl Explorer in Splunk Search 03-13-2019 1 2	1	2
How to retrieve names from comments and assign values to those names? Hi, We have closed cases and escalated cases,in that single person can work on particular case as well as multiple p... by ramesh12345 Explorer in Splunk Search 03-13-2019 0 3	0	3
Understanding command in search Hello everyone, I need help understanding the search command. I tried to read documents and still did not understand.... by davidsplunk100 New Member in Splunk Search 03-13-2019 0 3	0	3
Query execution time Hello, When searching through Splunk the following request: index=3dexperience host=io-ws-3de*pr COMPLETE_QUERY ... by benji00 New Member in Splunk Search 03-13-2019 0 2	0	2
link to search I have a coloum chart with values displaying. I select "configure link to a search" when I click on coloum bar it o... by rashid47010 Communicator in Splunk Search 03-13-2019 0 4	0	4
drill down the table result i have table in dashboad display name count ABD 23 A2BC 48 when click the ABD or A2BC or etc then it should search... by logloganathan Motivator in Splunk Search 03-13-2019 0 2	0	2
How can I get field extractions from a dictionary in a log? All, I've done this before but I am rusty. My log looks like this 1/2/2019 12:34pm priority=info soemthing=12 myd... by daniel333 Builder in Splunk Search 03-12-2019 0 1	0	1
Splunk Enterprise version 7.2.4 custom application remote code execution exploit using a persistent backdoor with a custom binary payload. Overview On March 4, 2019, researchers at ‘Exploit DB’ have identified a vulnerability in Splunk Enterprise and succe... by umeshagarwal008 Explorer in Splunk Search 03-12-2019 0 3	0	3
Why using 'in' in a search doesn't yield correct results? index="things" AND sourcetype="user_pixel" AND os="*" \| search page = "Contact Us" \| timechart span=3hr count by os l... by pr0n Explorer in Splunk Search 03-12-2019 0 2	0	2
Merge two searches that use two different sourcetypes? I have two searches from two different sourcetypes. Search #1 is currently in a dashboard with a dropdown selection.... by bewald_cfi New Member in Splunk Search 03-12-2019 0 2	0	2
collect command taking up significant memory after upgrading After upgrading from 6.6->7.2.4, we started receiving an alert daily that a nightly job was taking memory exceeding o... by SplunkIsLife Explorer in Splunk Search 03-12-2019 0 0	0	0
How to create an alert if field value remains above a specific threshold? Greetings I'm looking to create an alert if a field value consecutively remains above a specific threshold, say 500.... by cquinney Communicator in Splunk Search 03-12-2019 0 5	0	5
Why is Taskcount file not being treated as a numeric field when fetching events having count greater than or equal to 20 taskcount? I have log as below: {"Timestamp":"2019-03-12T16:25:11.4287941+00:00","Level":"Fatal","MessageTemplate":"{Level}: {E... by ychichani New Member in Splunk Search 03-12-2019 0 4	0	4
How to remove a few characters at the beginning of a field? Hi Team, I have the following field values and i want extract only the highlighted values from it. utility_extract... by pench2k19 Explorer in Splunk Search 03-12-2019 0 13	0	13
How to extract the status values from the following events? Hi Team, I have following two events from where i need to extract the status )V 2019-03-11 msp raw utility_extract... by pench2k19 Explorer in Splunk Search 03-12-2019 0 2	0	2