Splunk Search

Community Activity

What is a good approach to run a search multiple times in time batches? Hi all, I am trying to run a search that returns one row of results over a long historical time window on a per hour... by stanwin Contributor in Splunk Search 02-28-2019 0 7	0	7
How do you make a query to see logs not sent by a forwarder? Guys, I need to see which forwarders do not send events in a period of 3 hours. For example: if a forwarder does no... by wvalente Explorer in Splunk Search 02-28-2019 0 5	0	5
How to apply colors of a choropleth map on a field other than count? Choropleth map applies different colors depending on the range of the "count" field. How can I use another field? If ... by hylam Contributor in Splunk Search 02-28-2019 1 5	1	5
How do you use the rex command to parse out the IP between fix characters? Hi all, I was wondering how can i write a Splunk rex to parse out the IP between two words. for example <IpAd... by AbubakarShahid New Member in Splunk Search 02-28-2019 0 2	0	2
How do you retrieve date from the following string using regex? Hi, Test-20190212-0912 from this string. I want to retrieve date like this 2019-02-12 How do I write this in regex? by ramesh12345 Explorer in Splunk Search 02-28-2019 0 21	0	21
Splunk search does not return event data when there is multiple json in same event I have a created a splunk alert when there is a failure occurs. I have query as follows: index=* source=*** \|spath p... by karthi25 Path Finder in Splunk Search 02-28-2019 0 7	0	7
How to change the default color formatting on a table header? I just want to color the column headers and not the cells of my dashboard tables by surekhasplunk Communicator in Splunk Search 02-28-2019 1 14	1	14
Populate field based on subsearch I have a Splunk query that parses out some Windows event log data. One of the things that I examine is the user name... by evetsleep New Member in Splunk Search 02-28-2019 0 4	0	4
How do you match on multiple fields in a lookup table? Hi all, I've been banging my head against the wall trying to get this to work. What I'm trying to do is to use a lo... by tljohnson Engager in Splunk Search 02-28-2019 2 2	2	2
How to get earliest time and latest time token in JOB Hi splunk comuniti! I have a job in splunk. In "Edit Search" i have two fields - Earliest time and Latest time. How ... by mishaaaaaaaaaa Explorer in Splunk Search 02-28-2019 0 4	0	4
Can you help me with a stats count that returns a percentage? Hi, I use the search below in order to count event number. I want to do the same calculation, but in percent event... by jip31 Motivator in Splunk Search 02-28-2019 0 7	0	7
Can you help me use multiple regex for a single field? Hi all, We are trying to do the following: At index time we want to use 4 regex TRANSFORMS to store values in two f... by MattibergB Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you create a regex that keeps only specific events? I'm looking to send junk data to nullque on our heavy forwarder and I only want to key in on specific events in the r... by fisuser1 Contributor in Splunk Search 02-27-2019 0 5	0	5
Extract numeric value from CHKDSK event A schedule task on a Windows server runs a CHKDSK /SCAN on every logical drive. The resultant Message field looks lik... by dorgra Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you remove special characters from a token? What would be the easiest one line solution to remove special characters from a token? I'm taking a text input (mac ... by clintla Contributor in Splunk Search 02-27-2019 0 6	0	6
Time picker : can we convert presets, relative time into date range ? Hello, I am doing: case(strptime($latest$,"%Y/%m/%d %H:%M:%S")-strptime($earliest$,"%Y/%m/%d %H:%M:%S")<518400,... by henriq_c Explorer in Splunk Search 02-27-2019 0 1	0	1
Correlation 2 sourcetype with common fields different name Hello guys, I have 2 sourcetype, the sourcetype A have the fields [ IP , hostname , source_mac ] , the sourcetype B ... by pgbr7 Explorer in Splunk Search 02-27-2019 0 8	0	8
Missing data after I increase the numeric data in my where clause Greetings I'm using the following query over 24hrs. \| initial search \| timechart useother=f span=1h avg(field1) by ... by cquinney Communicator in Splunk Search 02-27-2019 0 9	0	9
How do I make a Splunk query to find where X is greater than 0? I have a log: "TOTAL NUMBER OF RECORDS IS:0" I need to Query it in a way that it finds a log message if the number o... by compguy New Member in Splunk Search 02-27-2019 0 4	0	4
Filtering data based on results of another sub-query Hi team, I have a query about sub-queries. I've searched this forum for a while and tried a few different things but... by skribble5 Explorer in Splunk Search 02-27-2019 0 9	0	9
minspan ?? for transaction Is there such thing to display a minspan for transaction... Trying to looking for users from building A to Buildin... by Sp3ctre1 New Member in Splunk Search 02-27-2019 0 1	0	1
Can someone help me with a search that parses through two lookup tables? Hi, I have two lookup tables lookup1: RealName, username Smith, J ( LDN), smithj Andy, H (LDN),andyh Tan, Y ... by ajith_sukumaran Explorer in Splunk Search 02-27-2019 0 5	0	5
Can you help me with dedup and date field. How to get the latest record? I figured out how to use the dedup command by the user (see example below) but I still want to get the latest record ... by joesrepsolc Communicator in Splunk Search 02-27-2019 1 18	1	18
Sme search with same slot time doesnt returns same number of events Hi I have something strange when I execute the search below, I have 47 events on a one week slot time eventtype="App... by jip31 Motivator in Splunk Search 02-27-2019 0 4	0	4
How do you retrieve particular data from one field? Hi, i have a CSV file that contains a few persons names and teamname(column names is "name" and "Team"). The team na... by ramesh12345 Explorer in Splunk Search 02-27-2019 0 1	0	1