Splunk Search

Community Activity

How to change the default color formatting on a table header? I just want to color the column headers and not the cells of my dashboard tables by surekhasplunk Communicator in Splunk Search 02-28-2019 1 14	1	14
Populate field based on subsearch I have a Splunk query that parses out some Windows event log data. One of the things that I examine is the user name... by evetsleep New Member in Splunk Search 02-28-2019 0 4	0	4
How do you match on multiple fields in a lookup table? Hi all, I've been banging my head against the wall trying to get this to work. What I'm trying to do is to use a lo... by tljohnson Engager in Splunk Search 02-28-2019 2 2	2	2
How to get earliest time and latest time token in JOB Hi splunk comuniti! I have a job in splunk. In "Edit Search" i have two fields - Earliest time and Latest time. How ... by mishaaaaaaaaaa Explorer in Splunk Search 02-28-2019 0 4	0	4
Can you help me with a stats count that returns a percentage? Hi, I use the search below in order to count event number. I want to do the same calculation, but in percent event... by jip31 Motivator in Splunk Search 02-28-2019 0 7	0	7
Can you help me use multiple regex for a single field? Hi all, We are trying to do the following: At index time we want to use 4 regex TRANSFORMS to store values in two f... by MattibergB Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you create a regex that keeps only specific events? I'm looking to send junk data to nullque on our heavy forwarder and I only want to key in on specific events in the r... by fisuser1 Contributor in Splunk Search 02-27-2019 0 5	0	5
Extract numeric value from CHKDSK event A schedule task on a Windows server runs a CHKDSK /SCAN on every logical drive. The resultant Message field looks lik... by dorgra Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you remove special characters from a token? What would be the easiest one line solution to remove special characters from a token? I'm taking a text input (mac ... by clintla Contributor in Splunk Search 02-27-2019 0 6	0	6
Time picker : can we convert presets, relative time into date range ? Hello, I am doing: case(strptime($latest$,"%Y/%m/%d %H:%M:%S")-strptime($earliest$,"%Y/%m/%d %H:%M:%S")<518400,... by henriq_c Explorer in Splunk Search 02-27-2019 0 1	0	1
Correlation 2 sourcetype with common fields different name Hello guys, I have 2 sourcetype, the sourcetype A have the fields [ IP , hostname , source_mac ] , the sourcetype B ... by pgbr7 Explorer in Splunk Search 02-27-2019 0 8	0	8
Missing data after I increase the numeric data in my where clause Greetings I'm using the following query over 24hrs. \| initial search \| timechart useother=f span=1h avg(field1) by ... by cquinney Communicator in Splunk Search 02-27-2019 0 9	0	9
How do I make a Splunk query to find where X is greater than 0? I have a log: "TOTAL NUMBER OF RECORDS IS:0" I need to Query it in a way that it finds a log message if the number o... by compguy New Member in Splunk Search 02-27-2019 0 4	0	4
Filtering data based on results of another sub-query Hi team, I have a query about sub-queries. I've searched this forum for a while and tried a few different things but... by skribble5 Explorer in Splunk Search 02-27-2019 0 9	0	9
minspan ?? for transaction Is there such thing to display a minspan for transaction... Trying to looking for users from building A to Buildin... by Sp3ctre1 New Member in Splunk Search 02-27-2019 0 1	0	1
Can someone help me with a search that parses through two lookup tables? Hi, I have two lookup tables lookup1: RealName, username Smith, J ( LDN), smithj Andy, H (LDN),andyh Tan, Y ... by ajith_sukumaran Explorer in Splunk Search 02-27-2019 0 5	0	5
Can you help me with dedup and date field. How to get the latest record? I figured out how to use the dedup command by the user (see example below) but I still want to get the latest record ... by joesrepsolc Communicator in Splunk Search 02-27-2019 1 18	1	18
Sme search with same slot time doesnt returns same number of events Hi I have something strange when I execute the search below, I have 47 events on a one week slot time eventtype="App... by jip31 Motivator in Splunk Search 02-27-2019 0 4	0	4
How do you retrieve particular data from one field? Hi, i have a CSV file that contains a few persons names and teamname(column names is "name" and "Team"). The team na... by ramesh12345 Explorer in Splunk Search 02-27-2019 0 1	0	1
Can a eval field name used as string in SPL search ? i have a lookup hostlist.csv which have list of host names and other metrics related to it. i need to filter out eac... by gowtham495 Path Finder in Splunk Search 02-26-2019 1 5	1	5
How to write lookup file for splunk query I have a requirement to use lookups instead of queries in Splunk Dashboards. How can I get them and how to convert t... by asplunk789 Loves-to-Learn Everything in Splunk Search 02-26-2019 0 7	0	7
Time-based exclusion on a search Is it possible, and if so, how would I, filter specific terms but only for a certain time range within a broader sear... by mhale1982 Path Finder in Splunk Search 02-26-2019 0 1	0	1
How do you search using a specific value found in a CSV column? I am trying to put together a search that will incorporate two fields used in a CSV file ("RoleInstance" and "Environ... by beetlegeuse Path Finder in Splunk Search 02-26-2019 0 5	0	5
Identify all transactions running when an error occurs I am attempting to merge two datasources to find every transaction (not to be confused with a Splunk transaction!) th... by eoszej123 Engager in Splunk Search 02-26-2019 0 0	0	0
Can you help me with a stats command error for limit reached? Hi, I have a report about hosts and vulnerabilities. It has about 30k hosts with list of vulnerabilities they are af... by mbasharat Builder in Splunk Search 02-26-2019 0 9	0	9