Splunk Search

Community Activity

Removing Column Headings with Sparkline I have created a search including sparkline: index=_* type="threat" severity="medium" \| stats sparkline count \| ta... by balcv Contributor in Splunk Search 03-06-2019 0 3	0	3
customizing colors of charts Is there any way that I can customize the color of column or bar chart? since I wanted to represent green, yellow and... by mdmaala Communicator in Splunk Search 03-06-2019 0 2	0	2
Pulling multiple Columns from an inputlookup Trying to pull more than one column from an inputlookup. One of the columns maps to a field in the index I am search... by dbturner New Member in Splunk Search 03-06-2019 0 1	0	1
How to create a new field out of some evaluated data? Hello, So here's my Query: index=video-eng-live \| rename message.timestamp as time \| eval time=strftime(time/1000... by moizmmz Path Finder in Splunk Search 03-06-2019 0 6	0	6
How do I obtain counts of search results fields within a head command eval-expression? I have an index with events in it that, among others, have the fields shown at the bottom of this post When I execut... by williamcharlton Path Finder in Splunk Search 03-06-2019 0 5	0	5
How do you do a stats count by a specific field? I'm working on an antivirus correlation rule, and I'm running into a few issues. I want to make sure dest, signature,... by ericl42 Path Finder in Splunk Search 03-06-2019 0 9	0	9
Can you help me with a tstats count using lookup data? Hello, I have the below query trying to produce the event and host count for the last hour. The index & sourcetype ... by ajith_sukumaran Explorer in Splunk Search 03-06-2019 0 6	0	6
How come URLs in my lookup table are not working? Greetings everyone! I have a question concerning a CSV lookup table with domains in it, which sadly does not work. ... by VanyBerg Engager in Splunk Search 03-06-2019 0 1	0	1
How come my chart is not displaying in the right order? In order to remove weekend days completly from my timechart, I created a request : My Base Search \| eval date_wday... by Zakary_n Path Finder in Splunk Search 03-06-2019 0 7	0	7
How to identify onboarding method used per sourcetype (like Forwaders, DBconnect, Http Event Collector, etc.) Hi, Is there any way to list the methods used for onboarding of data (Forwaders, DBconnect, Syslog, Http EventCollec... by harshal_chakran Builder in Splunk Search 03-06-2019 0 1	0	1
using curl to run REST_API in linux do not return fields Hi All, i am trying to use Curl to return a search as my result will be >6million to a csv file. using the command: ... by ssaenger Communicator in Splunk Search 03-06-2019 0 5	0	5
Fetch field name and values based on sourcetype I have one correlation rule trigged against IP reputation. Now we have different network devices, like cisco, f5. I... by rashid47010 Communicator in Splunk Search 03-06-2019 0 0	0	0
Error search i have look table with known errors and planning to create job which runs on cron schedule and provide me list of er... by sanjds New Member in Splunk Search 03-06-2019 0 1	0	1
Can you help us with a basic search that uses the stats command? Hi, With the code below, I count the event number by source for a sourcetype. But different sources use the same so... by jip31 Motivator in Splunk Search 03-06-2019 0 10	0	10
How to get specific value from last event splunk Hi splunk comunity! How can i get specific value from latest event and earliest event during the period i set? I ne... by mishaaaaaaaaaa Explorer in Splunk Search 03-06-2019 0 0	0	0
How do you split two string values joined in one field? hi! Under the field Username, I have two lists, Machine1 and Machine2 I want to split this into two separate column... by mdmaala Communicator in Splunk Search 03-06-2019 0 3	0	3
Same computer multiple authentication attempts Hello. How would I write a search to show a computer that has been authenticating to multiple machines. For example, ... by johann2017 Explorer in Splunk Search 03-06-2019 0 3	0	3
Can you help me extract a filename from a filepath in a field transformation? I have a path (and a variable file_path) that looks like this: C:\\\\Program Files\\\\theapp\\\\the app\\\\Tools\\\\... by mkarimi17 Path Finder in Splunk Search 03-06-2019 0 8	0	8
How do you purge a lookup table of values over 30 days? So I have a search that runs hourly over a lookup table which I have created that includes IP, ticket number, date_ad... by JakeInfoSec Explorer in Splunk Search 03-06-2019 0 4	0	4
Field Extraction - Event table only pulling back one line Hi All, I currently am pulling in data from an application and we are looking extract a single line that the event o... by ryangrobbel Explorer in Splunk Search 03-05-2019 0 3	0	3
How do you check the number of users who are currently using the system(Splunk web UI login) over the last month? How do you check the number of users who are currently using the system(Splunk web UI login) over the last month? by gkumarashanmuga Explorer in Splunk Search 03-05-2019 0 4	0	4
Can we create a vacation tracker in Splunk? We use Splunk for many of our project dashboards & want to see if I can use the same setup to host a Vacation Tracker... by rpradeep Path Finder in Splunk Search 03-05-2019 1 18	1	18
How to use last() and first() commands in splunk? Hi, index="os" sourcetype="Service" CaseNumber=* status=* assignment_group=* \|dedup _time,CaseNumber,assignment_gr... by ramesh12345 Explorer in Splunk Search 03-05-2019 0 1	0	1
Combining rex results I have this search that I'm trying to break down \| tstats `summariesonly` values(Web.url) as url values(Web.src) as ... by jwhughes58 Contributor in Splunk Search 03-05-2019 0 3	0	3
How do you compare if a stats count is greater than another field? I have a stats result with the count field. I want to compare if this count is greater than another field. I.e., a th... by veerendra_modi Loves-to-Learn in Splunk Search 03-05-2019 0 3	0	3