Splunk Search

Community Activity

Limit Users search Hi Everyone...I want to put restrictions on users search as presently users can search for as long as they like. This... by ramprakash Explorer in Splunk Search 02-09-2019 0 8	0	8
Regex help Hi All Below are my sample events am trying to use regex and extract Time to run brinson for all days in Parallel a... by mbyreddy03 New Member in Splunk Search 02-09-2019 0 9	0	9
Regex issue Having trouble with the below regex generated from the field extractor application \w+:\\w+\\w+\(?P\w+\\w+) When add... by approachct Path Finder in Splunk Search 02-09-2019 1 8	1	8
mvexpand multiple multi-value fields [MACRO BASED SOLUTION] There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/ans... by dmanojbaba Explorer in Splunk Search 02-09-2019 0 1	0	1
Systemd unit with pid tracking for Splunk With a simple systemd unit file you can tell systemd how to start and stop a Splunk instance, but if the Splunk insta... by mwirth Explorer in Splunk Search 02-08-2019 5 5	5	5
Help with regex Below is the sample event 01/15/2019 03:49:15 PM LogName=Security SourceName=Microsoft Windows security auditing. Ev... by vrmandadi Builder in Splunk Search 02-08-2019 0 8	0	8
Did some math on a chart but need to take results to a timechart Have a working query, but the boss has now asked me to timechart for SuccessRateByPlatformPCT per week and I am havin... by nqjpm Path Finder in Splunk Search 02-08-2019 0 5	0	5
Splunk Encoding Issue with Not Sign (¬) Hello, I am trying to send some records to Splunk that are incorrectly getting written. This is what the message lo... by bveltre New Member in Splunk Search 02-08-2019 0 0	0	0
How do you regex multiple keywords that are shown in a log? If I'm trying to regex InteractionID and msg below, how do I get the results for all InteractionID and msg within the... by limalbert Path Finder in Splunk Search 02-08-2019 0 2	0	2
Can you help me with input lookup, tstats, and visualization? Hello, I have a lookup table for all the source types. I'm trying to use stats or tstats to show all the source typ... by maryamchar Explorer in Splunk Search 02-08-2019 0 1	0	1
Can queued searches from users/roles be prioritized? If searches are queuing, can searches from particular roles/users be prioritized over others to run next, regardless ... by jduganPaychex Engager in Splunk Search 02-08-2019 2 0	2	0
How do I filter out events from two separate event codes with similar fields? I'm trying to determine which Windows workstations a user is currently logged in to by: Examining logs from our Doma... by urasplunkronbur New Member in Splunk Search 02-08-2019 0 3	0	3
Can you help me with a search involving multiple AND conditions in eval w/ if statement? Hello there from someone in healthcare it industry. I'm working with multiple conditions, and I want to make sure m... by blindfire_bandi Explorer in Splunk Search 02-08-2019 0 2	0	2
meaning of match("-24h@h","^\d") Hello I have a query that create a field with a value i can't fully understand : eval earliestQual=match("-24h@h","... by astatrial Contributor in Splunk Search 02-08-2019 0 10	0	10
Test if host sends the same logs Hello, I have several hosts sending logs to Splunk. These logs depends on the version of the software creating these... by bntdumas Engager in Splunk Search 02-08-2019 0 5	0	5
How do you subtract values from an appended search? I'm trying to run the below searches and get the subtracted value from them. However, the eval command is not giving ... by jephillips Explorer in Splunk Search 02-08-2019 0 5	0	5
In a query using the tstats command, how do you add a "not" condition before the 'count' function? Hello, We use an ES ‘Excessive Failed Logins’ correlation search: \| tstats summariesonly=true allow_old_summaries=t... by AlexeySh Communicator in Splunk Search 02-08-2019 0 6	0	6
How do you join two fields with dedup? Hello folks, Trying to figure out how to go about joining 2 fields with a dash but only if they don't have the same... by splunker1981 Path Finder in Splunk Search 02-08-2019 0 1	0	1
How do you get Splunk to change timestamps from a lookup table? We are using a lookuptable with CSV's for reports. However, the _time field has the following format for time: 2015-... by UMDTERPS Communicator in Splunk Search 02-08-2019 0 4	0	4
edit datetime.xml for my custom date and time in source field Hi everyone, Can someone tell me what I'm suppose to edit in my datetime.xml file for my custom date and time to be r... by ips_mandar Builder in Splunk Search 02-08-2019 0 17	0	17
How do you create a crosstab with sparse data? My vulnerability data looks like this: Machine MachineType VulnCode Impact ------- ----------- -------- ------... by jfriedman_ofigl Explorer in Splunk Search 02-08-2019 0 4	0	4
How do you get all matching and non-matching rows from a Splunk search and lookup? Hi, I am working on a query where I have to match the responseCode from the search to the responseCode in a lookup ... by Shashank_87 Explorer in Splunk Search 02-08-2019 0 3	0	3
alert search with subsearch Hello, I have an alert which selects from the database and whenever entries come back, the alert is triggered. Now, ... by damucka Builder in Splunk Search 02-08-2019 0 3	0	3
Splunk username missing and unable to perform any search Hi, Why is that a particular user in my team is unable to see his name on the top in Splunk UI like anyother in my te... by Deepz2612 Explorer in Splunk Search 02-08-2019 0 4	0	4
How do you specify a list in WHERE condition? Hi All, I want to display only results which are present in a given list (please see below) : ....... \| xmlkv \| sta... by vaibhavvijay9 New Member in Splunk Search 02-07-2019 0 4	0	4