Splunk Search

Community Activity

help to remove an empty line hI I use the request below sometimes I have only value for Free_Space and sometimes only value for TotalSpace instea... by jip31 Motivator in Splunk Search 02-19-2019 0 7	0	7
Can you help me a make regular expression for input.conf on a Splunk forwarder ? Hi, I am collecting all log file to a syslog server where I have a Splunk forwarder installed. To override source of... by meet_vadaria Engager in Splunk Search 02-19-2019 0 2	0	2
Can I tag with search? I would like to tag you at search time. I'd like to tag the result of the calculation when searching. ex ) LogID ... by kawashita_t Explorer in Splunk Search 02-19-2019 0 2	0	2
Timechart limit 1000 results per series, can I increase this? Example: I want a second-by-second stat for the past 24 hours. The following message shows: "These results may be tru... by paddygriffin Path Finder in Splunk Search 02-19-2019 1 3	1	3
Can you help me plot some data on a chart's X and Y axes? I have two values a) The time when a breach occurs. b) The amount of memory consumed during the memory breach. I w... by zacksoft Contributor in Splunk Search 02-19-2019 0 3	0	3
Not getting data for all day I am running timechart command for sum of free space and used space with span of 1 day. I am missing data for few day... by twh1 Communicator in Splunk Search 02-19-2019 0 7	0	7
How do you extract a new field from a source field? I have a log with below as a source field from which I need to extract the field Gateway name (My_Gateway_NONPROD). ... by pbsuju Explorer in Splunk Search 02-19-2019 0 3	0	3
Removing a subset of data from average calculation Hi everyone, I need some help figuring out how can I exclude certain users' data from my calculation of average of a... by skribble5 Explorer in Splunk Search 02-19-2019 0 3	0	3
Trying to find Inactive distribution Lists Hi, I am new to using Splunk and have been tasked with trying to find all inactive distribution lists within our en... by ryanhindley92 New Member in Splunk Search 02-19-2019 0 0	0	0
Joining two searches on different indexes based on lookup values and return calculated values from both searches Hi folks, This is a complex question, so bear with me. We have 2 heavy searches that return calculated and lookup va... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 1	0	1
How to set a token with eval? I'm trying to set a token with eval. However, my logic doesn't seem to be working. I haven't been able to find a work... by jamesmarlowww Path Finder in Splunk Search 02-18-2019 2 12	2	12
How do you Join two searches based on lookup values? Hi folks, I have 2 searches that return equivalent values based on the result of a lookup, as such: Search 1 index... by ADRIANODL Explorer in Splunk Search 02-18-2019 0 3	0	3
Can you help me create a search for failed logons? How would I write a search to look for failed logons coming from the same account happening across different systems?... by johann2017 Explorer in Splunk Search 02-18-2019 0 4	0	4
How to display SLA status based on SLA times defined in lookup file? Lookup file sla_jobs.csv: Business AppName RunDays BatchStartJob AvgBatchStartTime BatchEndJob SLA_time Same... by bud9 New Member in Splunk Search 02-18-2019 0 3	0	3
joining results from 2 different indexes where field in one of the search is extracted using rex I would like to join the result from 2 different indexes on a field named OrderId (see details below) and show field ... by jainkul123 Explorer in Splunk Search 02-18-2019 0 15	0	15
HI NOT "/healthCheck" NOT "/healthCheck" , what the point of using this n search ? I want to know is it searching for string health chec... by rajneeshdba Explorer in Splunk Search 02-18-2019 0 2	0	2
Splunk Search: Lateral Movement Hello! I am wanting to build a search that can help detect lateral movement. I want to see when the same user is logg... by johann2017 Explorer in Splunk Search 02-18-2019 0 1	0	1
Should I use Lookup or mvexpand in the following search? I have a search that returns a list of namespace values. I want to take each one of those namespace values and run ... by tb5821 Communicator in Splunk Search 02-18-2019 0 25	0	25
Can you help me with my search query? I am running the below search index=main sourcetype="aws:description" state=* image.attributes.name!=emr* id=i-069ff... by vrmandadi Builder in Splunk Search 02-18-2019 0 18	0	18
How do you get a description field with the output result fields? I have the below query index=main AND sourcetype="abc" AND id=* AND ((state="terminated" AND image.attributes.name!... by vrmandadi Builder in Splunk Search 02-18-2019 0 6	0	6
=SUM(COUNTIFS(F38:F800,"<"&[@Week],$D38:$D800,"<>Status1",D38:D800,"<>Status2",D38:D800,"<>Status3",D38:D800,"<>Status4")) Could you please help me to convert above excel formula into query ?? Thanks in advance. Need to filter one date and ... by kvr New Member in Splunk Search 02-18-2019 0 7	0	7
Can I extract a field from a subsearch by comparing two fields in both the search and subsearch? Hello, I'm trying to extract a customer number by having two searches pull web service calls and compare one field ... by charlesxavier New Member in Splunk Search 02-18-2019 0 9	0	9
How do you Insert Hour, Mins & Seconds in an extracted time? I have a table that populates something to the effect of: Name Start Time End Time R... by cquinney Communicator in Splunk Search 02-18-2019 0 2	0	2
Change background color in Single Value Visual? Hello, I'm trying to change the background color of a label I have created. I created the label by just running the... by dfrench151 Explorer in Splunk Search 02-17-2019 1 6	1	6
How to use value of a one field as field name? Hi, I'm a Splunk beginner here. I'm not even sure if I'm using the right terms. Kindly bear with me. My input is a J... by computernachi New Member in Splunk Search 02-17-2019 0 0	0	0