Splunk Search

Community Activity

Joining two searches on different indexes based on lookup values and return calculated values from both searches Hi folks, This is a complex question, so bear with me. We have 2 heavy searches that return calculated and lookup va... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 1	0	1
How to set a token with eval? I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a work... by jamesmarlowww Path Finder in Splunk Search 02-18-2019 2 12	2	12
How do you Join two searches based on lookup values? Hi folks, I have 2 searches that return equivalent values based on the result of a lookup, as such: Search 1 index... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 3	0	3
Can you help me create a search for failed logons? How would I write a search to look for failed logons coming from the same account happening across different systems?... by johann2017 Explorer in Splunk Search 02-18-2019 0 4	0	4
How to display SLA status based on SLA times defined in lookup file? Lookup file sla_jobs.csv: Business AppName RunDays BatchStartJob AvgBatchStartTime BatchEndJob SLA_time Same... by bud9 New Member in Splunk Search 02-18-2019 0 3	0	3
joining results from 2 different indexes where field in one of the search is extracted using rex I would like to join the result from 2 different indexes on a field named OrderId (see details below) and show field ... by jainkul123 Explorer in Splunk Search 02-18-2019 0 15	0	15
HI NOT "/healthCheck" NOT "/healthCheck" , what the point of using this n search ? I want to know is it searching for string health chec... by rajneeshdba Explorer in Splunk Search 02-18-2019 0 2	0	2
Splunk Search: Lateral Movement Hello! I am wanting to build a search that can help detect lateral movement. I want to see when the same user is logg... by johann2017 Explorer in Splunk Search 02-18-2019 0 1	0	1
Should I use Lookup or mvexpand in the following search? I have a search that returns a list of namespace values. I want to take each one of those namespace values and run ... by tb5821 Communicator in Splunk Search 02-18-2019 0 25	0	25
Can you help me with my search query? I am running the below search index=main sourcetype="aws:description" state=* image.attributes.name!=emr* id=i-069ff... by vrmandadi Builder in Splunk Search 02-18-2019 0 18	0	18
How do you get a description field with the output result fields? I have the below query index=main AND sourcetype="abc" AND id=* AND ((state="terminated" AND image.attributes.name!... by vrmandadi Builder in Splunk Search 02-18-2019 0 6	0	6
=SUM(COUNTIFS(F38:F800,"<"&[@Week],$D38:$D800,"<>Status1",D38:D800,"<>Status2",D38:D800,"<>Status3",D38:D800,"<>Status4")) Could you please help me to convert above excel formula into query ?? Thanks in advance. Need to filter one date and ... by kvr New Member in Splunk Search 02-18-2019 0 7	0	7
Can I extract a field from a subsearch by comparing two fields in both the search and subsearch? Hello, I'm trying to extract a customer number by having two searches pull web service calls and compare one field ... by charlesxavier New Member in Splunk Search 02-18-2019 0 9	0	9
How do you Insert Hour, Mins & Seconds in an extracted time? I have a table that populates something to the effect of: Name Start Time End Time R... by cquinney Communicator in Splunk Search 02-18-2019 0 2	0	2
Change background color in Single Value Visual? Hello, I'm trying to change the background color of a label I have created. I created the label by just running the... by dfrench151 Explorer in Splunk Search 02-17-2019 1 6	1	6
How to use value of a one field as field name? Hi, I'm a Splunk beginner here. I'm not even sure if I'm using the right terms. Kindly bear with me. My input is a J... by computernachi New Member in Splunk Search 02-17-2019 0 0	0	0
Use the "restricted search terms" of a role to filter a saved search Hello, I have a saved search, running each day with the following output Computer_Name \| DPT \| Install_status \| P... by mdtrandco New Member in Splunk Search 02-17-2019 0 3	0	3
How do you write a regular expression to extract a field which has characters, numbers and also special characters? How do you write a regular expression to extract a field which has characters, numbers and also special characters? T... by Deepz2612 Explorer in Splunk Search 02-17-2019 0 6	0	6
show send and receive from internet to my ftp server i want to show the how much user send and receive from the internet to my ftp server,is my search command right? ... by khanlarloo Explorer in Splunk Search 02-16-2019 0 4	0	4
_meta fields: why am I unable to search for all of the events? I am not able to search for all of the events from the fields. When i try field::value , I can see all of the events.... by godman Path Finder in Splunk Search 02-15-2019 1 3	1	3
Transpose or unpivot existing columns into other columns in a table Is there away to un-pivot a couple columns and relocate them to an existing columns using an Eval expression inside t... by TreeHut New Member in Splunk Search 02-15-2019 0 0	0	0
Help with multivalue field count Hello, I have a multivalue field with two values. segment_status: SUCCEEDED-1234333 FAILED-34555 I am trying to... by vrmandadi Builder in Splunk Search 02-15-2019 0 9	0	9
Is there a way that I can output my values as a fraction instead of a decimal? Is there a way that I can output my values as a Fraction? Example: A = 1 B = 2 eval New_Value = A/B New_Value = 1... by MatthewH007 Path Finder in Splunk Search 02-15-2019 0 2	0	2
Selective Replication of Lookups between Search Heads? I have two search heads in a cluster. SH-A is locked down and is only used by certain staff. SH-B is open to others... by mlorrette Path Finder in Splunk Search 02-15-2019 0 5	0	5
ldapsearch lastLogonTimestamp eval I found this in a search: hxxps://www.splunk.com/blog/2014/02/10/which-servers-are-inactive.html It is old but it d... by s0mar Explorer in Splunk Search 02-15-2019 0 6	0	6