Splunk Search

Community Activity

How do I create new columns with the foreach command? Hello, I have a question about the use of the foreach command. I have a good idea what the foreach command can do for... by kiamco Path Finder in Splunk Search 02-11-2019 0 2	0	2
Create a table with diferent values Hi, I need to create or design the following table. Is posible in Splunk Enterprise? by Carolina Engager in Splunk Search 02-11-2019 0 4	0	4
Why is my query with the eval command not replacing dashes (MAC Address Formats)? so, I'm working on implementing this: https://answers.splunk.com/answers/588964/how-can-we-make-multiple-mac-address... by richardphung Communicator in Splunk Search 02-11-2019 0 5	0	5
How do you use regex to parse the following text? Hi, I have the following text to parse. I want to break when I encounter the ** date *. I tried the following, ... by dbashyam Explorer in Splunk Search 02-10-2019 0 3	0	3
How can I iterate through an inputlookup? I have the following query - index=_internal host = <host1> OR host = <host2> OR host = <host3> \| ta... by ddrillic Ultra Champion in Splunk Search 02-10-2019 1 5	1	5
How do you extract out relevant message from _raw, trimming the timestamp part? How can I trim the date timestamp from _raw. My _raw is as follows: [1/13/19 10:18:20:577 GMT] 00000097 LogOut O IN... by jainkul123 Explorer in Splunk Search 02-10-2019 0 5	0	5
How to get upcoming friday date I have a date field in my feed as "2/15/2019" , want to compare this with upcoming friday date value in search. pleas... by vb1612 New Member in Splunk Search 02-10-2019 0 1	0	1
how to calculate the starttime and endtime between duration ? actually iam new to splunk in my logs starttime and endtime is there need to calculate duration starttime endtime \|0... by babukumarreddy Loves-to-Learn Lots in Splunk Search 02-10-2019 0 3	0	3
how to calculate starttime and Endtime duration how to calculate starttime and Endtime duration \|08-feb-2019 01:30:18\|08-feb-2019 01:30:28 by babukumarreddy Loves-to-Learn Lots in Splunk Search 02-10-2019 0 3	0	3
View the parameters, e.g. from limits.conf using the search Hello, Is it possible to view the configuration files / parameters, e.g. limits.conf using the search? I do not have... by damucka Builder in Splunk Search 02-09-2019 1 2	1	2
Limit Users search Hi Everyone...I want to put restrictions on users search as presently users can search for as long as they like. This... by ramprakash Explorer in Splunk Search 02-09-2019 0 8	0	8
Regex help Hi All Below are my sample events am trying to use regex and extract Time to run brinson for all days in Parallel a... by mbyreddy03 New Member in Splunk Search 02-09-2019 0 9	0	9
Regex issue Having trouble with the below regex generated from the field extractor application \w+:\\w+\\w+\(?P\w+\\w+) When add... by approachct Path Finder in Splunk Search 02-09-2019 1 8	1	8
mvexpand multiple multi-value fields [MACRO BASED SOLUTION] There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/ans... by dmanojbaba Explorer in Splunk Search 02-09-2019 0 1	0	1
Systemd unit with pid tracking for Splunk With a simple systemd unit file you can tell systemd how to start and stop a Splunk instance, but if the Splunk insta... by mwirth Explorer in Splunk Search 02-08-2019 5 5	5	5
Help with regex Below is the sample event 01/15/2019 03:49:15 PM LogName=Security SourceName=Microsoft Windows security auditing. Ev... by vrmandadi Builder in Splunk Search 02-08-2019 0 8	0	8
Did some math on a chart but need to take results to a timechart Have a working query, but the boss has now asked me to timechart for SuccessRateByPlatformPCT per week and I am havin... by nqjpm Path Finder in Splunk Search 02-08-2019 0 5	0	5
Splunk Encoding Issue with Not Sign (¬) Hello, I am trying to send some records to Splunk that are incorrectly getting written. This is what the message lo... by bveltre New Member in Splunk Search 02-08-2019 0 0	0	0
How do you regex multiple keywords that are shown in a log? If I'm trying to regex InteractionID and msg below, how do I get the results for all InteractionID and msg within the... by limalbert Path Finder in Splunk Search 02-08-2019 0 2	0	2
Can you help me with input lookup, tstats, and visualization? Hello, I have a lookup table for all the source types. I'm trying to use stats or tstats to show all the source typ... by maryamchar Explorer in Splunk Search 02-08-2019 0 1	0	1
Can queued searches from users/roles be prioritized? If searches are queuing, can searches from particular roles/users be prioritized over others to run next, regardless ... by jduganPaychex Engager in Splunk Search 02-08-2019 2 0	2	0
How do I filter out events from two separate event codes with similar fields? I'm trying to determine which Windows workstations a user is currently logged in to by: Examining logs from our Doma... by urasplunkronbur New Member in Splunk Search 02-08-2019 0 3	0	3
Can you help me with a search involving multiple AND conditions in eval w/ if statement? Hello there from someone in healthcare it industry. I'm working with multiple conditions, and I want to make sure m... by blindfire_bandi Explorer in Splunk Search 02-08-2019 0 2	0	2
meaning of match("-24h@h","^\d") Hello I have a query that create a field with a value i can't fully understand : eval earliestQual=match("-24h@h","... by astatrial Contributor in Splunk Search 02-08-2019 0 10	0	10
Test if host sends the same logs Hello, I have several hosts sending logs to Splunk. These logs depends on the version of the software creating these... by bntdumas Engager in Splunk Search 02-08-2019 0 5	0	5