Splunk Search

Community Activity

How do you do an automatic extraction based on the SPL 'extract' command? Using: index=default sourcetype=my:sourcetype \| extract pairdelim="][", kvdelim="=", auto=f Feb 19 09:44:02 fooba... by pkeller Contributor in Splunk Search 02-19-2019 0 2	0	2
How do you search one lookup field and display another lookup field's information if a matching event occurs? For example, I have lookup xyz.csv with two fields, A and B. I want to search for the value of A field. If any matc... by N92 Path Finder in Splunk Search 02-19-2019 0 7	0	7
How to implement corrolation base on 2 fileds Hello everyone! We have a log file contains the following information, status 0 means server is up, 1 means down: Da... by atpsplunk11 Explorer in Splunk Search 02-19-2019 0 0	0	0
How can we identify a particular search using lookup or lookup definition? How can we identify a particular search using lookup or lookup definition? in the case where a lookup file is enable... by N92 Path Finder in Splunk Search 02-19-2019 0 3	0	3
Listonly desired accounts Splunk Enterprise 7.1.3, SCCM Current Branch with univesal forwarder configured to forward event logs and WMI. I hav... by noy72 New Member in Splunk Search 02-19-2019 0 3	0	3
help to remove an empty line hI I use the request below sometimes I have only value for Free_Space and sometimes only value for TotalSpace instea... by jip31 Motivator in Splunk Search 02-19-2019 0 7	0	7
Can you help me a make regular expression for input.conf on a Splunk forwarder ? Hi, I am collecting all log file to a syslog server where I have a Splunk forwarder installed. To override source of... by meet_vadaria Engager in Splunk Search 02-19-2019 0 2	0	2
Can I tag with search? I would like to tag you at search time. I'd like to tag the result of the calculation when searching. ex ) LogID ... by kawashita_t Explorer in Splunk Search 02-19-2019 0 2	0	2
Timechart limit 1000 results per series, can I increase this? Example: I want a second-by-second stat for the past 24 hours. The following message shows: "These results may be tru... by paddygriffin Path Finder in Splunk Search 02-19-2019 1 3	1	3
Can you help me plot some data on a chart's X and Y axes? I have two values a) The time when a breach occurs. b) The amount of memory consumed during the memory breach. I w... by zacksoft Contributor in Splunk Search 02-19-2019 0 3	0	3
Not getting data for all day I am running timechart command for sum of free space and used space with span of 1 day. I am missing data for few day... by twh1 Communicator in Splunk Search 02-19-2019 0 7	0	7
How do you extract a new field from a source field? I have a log with below as a source field from which I need to extract the field Gateway name (My_Gateway_NONPROD). ... by pbsuju Explorer in Splunk Search 02-19-2019 0 3	0	3
Removing a subset of data from average calculation Hi everyone, I need some help figuring out how can I exclude certain users' data from my calculation of average of a... by skribble5 Explorer in Splunk Search 02-19-2019 0 3	0	3
Trying to find Inactive distribution Lists Hi, I am new to using Splunk and have been tasked with trying to find all inactive distribution lists within our en... by ryanhindley92 New Member in Splunk Search 02-19-2019 0 0	0	0
Joining two searches on different indexes based on lookup values and return calculated values from both searches Hi folks, This is a complex question, so bear with me. We have 2 heavy searches that return calculated and lookup va... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 1	0	1
How to set a token with eval? I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a work... by jamesmarlowww Path Finder in Splunk Search 02-18-2019 2 12	2	12
How do you Join two searches based on lookup values? Hi folks, I have 2 searches that return equivalent values based on the result of a lookup, as such: Search 1 index... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 3	0	3
Can you help me create a search for failed logons? How would I write a search to look for failed logons coming from the same account happening across different systems?... by johann2017 Explorer in Splunk Search 02-18-2019 0 4	0	4
How to display SLA status based on SLA times defined in lookup file? Lookup file sla_jobs.csv: Business AppName RunDays BatchStartJob AvgBatchStartTime BatchEndJob SLA_time Same... by bud9 New Member in Splunk Search 02-18-2019 0 3	0	3
joining results from 2 different indexes where field in one of the search is extracted using rex I would like to join the result from 2 different indexes on a field named OrderId (see details below) and show field ... by jainkul123 Explorer in Splunk Search 02-18-2019 0 15	0	15
HI NOT "/healthCheck" NOT "/healthCheck" , what the point of using this n search ? I want to know is it searching for string health chec... by rajneeshdba Explorer in Splunk Search 02-18-2019 0 2	0	2
Splunk Search: Lateral Movement Hello! I am wanting to build a search that can help detect lateral movement. I want to see when the same user is logg... by johann2017 Explorer in Splunk Search 02-18-2019 0 1	0	1
Should I use Lookup or mvexpand in the following search? I have a search that returns a list of namespace values. I want to take each one of those namespace values and run ... by tb5821 Communicator in Splunk Search 02-18-2019 0 25	0	25
Can you help me with my search query? I am running the below search index=main sourcetype="aws:description" state=* image.attributes.name!=emr* id=i-069ff... by vrmandadi Builder in Splunk Search 02-18-2019 0 18	0	18
How do you get a description field with the output result fields? I have the below query index=main AND sourcetype="abc" AND id=* AND ((state="terminated" AND image.attributes.name!... by vrmandadi Builder in Splunk Search 02-18-2019 0 6	0	6