Splunk Search

Community Activity

can i use "like" in search criteria if one of my fields is host, I want to do host like "startswith*" what is the syntax to do that? thanks, by alexl1 Path Finder in Splunk Search 02-12-2019 6 9	6	9
How do you use a lookup file to restrict unwanted IP addresses? Use case description: I have a set of IP address that I would like to restrict across all requires, saved searches/al... by as0813 New Member in Splunk Search 02-12-2019 0 3	0	3
Combine the count from 1 search to the result of another search Hello everyone, I have one search that is showing me a list of IP addresses of addresses. Lets call the field of IP ... by agolkar Explorer in Splunk Search 02-12-2019 0 5	0	5
In a search head cluster, how to find what host sent email? All, I have production environment with Alarm email notification. Sometimes it works, sometime it does not. Since I ... by GersonGarcia Path Finder in Splunk Search 02-12-2019 0 0	0	0
How do I match values with different file extensions in a lookup? I have a lookup table, but the match is not exact to the relevant indexed field. The field that is indexed has strin... by user93 Communicator in Splunk Search 02-12-2019 0 6	0	6
How do I get specific words within a text? The below table is what I get from a search on Splunk" ActiveLoadId Jabber_for_iOS-12.1.2.270036 Jabber_for_iOS-12.0... by shtom New Member in Splunk Search 02-12-2019 0 2	0	2
Fast searches for a count of events in various ways I've been looking for ways to get fast results for inquiries about the number of events for: All indexesOne indexOne... by wrangler2x Motivator in Splunk Search 02-12-2019 3 8	3	8
What reasons could cause a user to lose their Splunk search history? I have a user that lost his search history in Splunk search. Any ideas why? I did not lose mine but he did?!?! by brent_weaver Builder in Splunk Search 02-12-2019 0 2	0	2
What is better, MV search time extraction or split? My data in Splunk looks like so: geo { id: 0 internal_name: "TEST" type: LIST zip: 1 zip:... by tb5821 Communicator in Splunk Search 02-12-2019 0 8	0	8
How do you find details about results using the set command with a diff argument? I am using two searches Search1 search 2 1 1 2 2 3 3 5 ... by aa274t New Member in Splunk Search 02-12-2019 0 3	0	3
_meta not getting expected logs to splunk Hello, we have index "text-index" and region is passed as meta _meta = region::east sourcetype = testlogs when i q... by rajpalyalla Engager in Splunk Search 02-12-2019 0 3	0	3
Double spaces are suppressed in search results \|makeresults\| eval owner_realname="Andrew Gerber" \| where match (owner_realname,"\s{2}") Search above generates ou... by andygerberkp Explorer in Splunk Search 02-12-2019 0 5	0	5
How to make use of makeresults statement based on conditions ? If in case there are no results then dummy data should be added and returned from the subsearch ortherwise the actual... by nomadichunters Explorer in Splunk Search 02-12-2019 1 3	1	3
How do you Calculate _time difference between subsearch and main search? I'm trying to calculate the _time difference between the subsearch and main search; but if I try and pass the time th... by gregorymountfor Explorer in Splunk Search 02-12-2019 0 10	0	10
How do you pass a search result from one panel to a different panel? If I get a search result as like flag="AAA" in a Panel, how can I pass AAA to another Panel as a search variable lik... by olivier797 Loves-to-Learn in Splunk Search 02-12-2019 0 3	0	3
Correlating transaction results I have a dataset with timestamp, model, and ID. I am trying to correlate the events so that I can see all of the IDs ... by ellothere Explorer in Splunk Search 02-12-2019 0 1	0	1
Consecutive events by field - only show points in time where number of such events equals 5 I'm trying to find points in time where a consecutive event happens 5 times in a row. I currently have this query: p... by isvaljek New Member in Splunk Search 02-12-2019 0 2	0	2
Can you help me get a number value and average it? I am trying to get a value, in this case it is the # of seconds to respond, so that I can graph it or set alerts to i... by orchapellico Explorer in Splunk Search 02-12-2019 0 2	0	2
Lookup command returning incorrect null values and values for another entry I encountered a very weird behaviour. This has now also been reported as bug. Update: I did manage to create some fa... by Bastelhoff Path Finder in Splunk Search 02-11-2019 0 12	0	12
Need help with eval and if then statement - showing errors. \| inputlookup list.csv \| eval newbigfix=if(bigfix = 1,1,0) \| eval newnorton=if(norton = 1,3,0) \| eval newmcafee=if(m... by UMDTERPS Communicator in Splunk Search 02-11-2019 0 8	0	8
hi...can anyone please advise where to include stop option(path in GUI) to proceed the splunk query from searching can anyone please advise where to include stop option(path in GUI) to proceed the splunk query from searching, also s... by ramanir New Member in Splunk Search 02-11-2019 0 1	0	1
Search for the events with the same IP with two different field names from the two different index (index = intrusion dest_ip) OR (index = proxy r_ip) dest_ip should always be equal to r_ip by staparia Explorer in Splunk Search 02-11-2019 0 9	0	9
Can you help me in subtracting 2 times together? I have a time where a ticket is created called: \| eval start_time =strftime(start_time_epoch,"%Y-%m-%d %H:%M:%S") ... by louisawang New Member in Splunk Search 02-11-2019 0 2	0	2
Can you help me fix my regex to event break a multiline file? I have a multiline file that I'm trying to get Splunk to understand... note that I'm not using the .conf files, but r... by tb5821 Communicator in Splunk Search 02-11-2019 0 8	0	8
Hw to group the data by month Hi, I need help in group the data by month. I have find the total count of the hosts and objects for three months. n... by Paul_tcs Explorer in Splunk Search 02-11-2019 1 7	1	7