Splunk Search

Community Activity

Value expiration in query Hi all, I'm wondering if there is a way to make a query with values that expire. For example my query is: index=che... by Harjit456 New Member in Splunk Search 02-11-2019 0 4	0	4
Do you have any suggestions on how to get Splunk to recognize fields to be extracted automatically? We are importing Linux Syslogs and Windows NTSyslogs and fields are not getting automatically extracted. The only f... by jason_perkins New Member in Splunk Search 02-11-2019 0 0	0	0
what are different types of Searches in splunk Dear All, Hope Everyone is enjoying Splunking. I have one quick question. I had attended one interview morning they... by gajananh999 Contributor in Splunk Search 02-11-2019 0 3	0	3
How to create a report with a date determined by adding one month to the current _time and subtracting one day? HI Guys , Am quite new to Splunk. Am trying to generate a report where it prints the current time from the _time fi... by pinku_mano New Member in Splunk Search 02-11-2019 0 6	0	6
How do you get the sum of columns by system? I am trying to figure out how to get the sum of systems_score column by systems. The data model is below: systems ... by UMDTERPS Communicator in Splunk Search 02-11-2019 0 4	0	4
stats count which dont returns the same number of events between 2 different query hi I use two request which normally have to count the same number of events the first is : \| eventtype=Periph \| ded... by jip31 Motivator in Splunk Search 02-11-2019 0 1	0	1
How to restrict a user role to have access only to limited set of views in search app? I have defined a role my_users for which I want to limit available views in a default search app to "Search" and "Al... by pkarpushin Path Finder in Splunk Search 02-11-2019 1 6	1	6
How do you use transaction or stats to filter different parts of a query? Hi Experts! I'm looking for a way to show where i get bookingresponses with the SAME (duplicate) platformid but dif... by luckyman80 Path Finder in Splunk Search 02-11-2019 0 3	0	3
How do I create new columns with the foreach command? Hello, I have a question about the use of the foreach command. I have a good idea what the foreach command can do for... by kiamco Path Finder in Splunk Search 02-11-2019 0 2	0	2
Create a table with diferent values Hi, I need to create or design the following table. Is posible in Splunk Enterprise? by Carolina Engager in Splunk Search 02-11-2019 0 4	0	4
Why is my query with the eval command not replacing dashes (MAC Address Formats)? so, I'm working on implementing this: https://answers.splunk.com/answers/588964/how-can-we-make-multiple-mac-address... by richardphung Communicator in Splunk Search 02-11-2019 0 5	0	5
How do you use regex to parse the following text? Hi, I have the following text to parse. I want to break when I encounter the ** date *. I tried the following, ... by dbashyam Explorer in Splunk Search 02-10-2019 0 3	0	3
How can I iterate through an inputlookup? I have the following query - index=_internal host = <host1> OR host = <host2> OR host = <host3> \| ta... by ddrillic Ultra Champion in Splunk Search 02-10-2019 1 5	1	5
How do you extract out relevant message from _raw, trimming the timestamp part? How can I trim the date timestamp from _raw. My _raw is as follows: [1/13/19 10:18:20:577 GMT] 00000097 LogOut O IN... by jainkul123 Explorer in Splunk Search 02-10-2019 0 5	0	5
How to get upcoming friday date I have a date field in my feed as "2/15/2019" , want to compare this with upcoming friday date value in search. pleas... by vb1612 New Member in Splunk Search 02-10-2019 0 1	0	1
how to calculate the starttime and endtime between duration ? actually iam new to splunk in my logs starttime and endtime is there need to calculate duration starttime endtime \|0... by babukumarreddy Loves-to-Learn Lots in Splunk Search 02-10-2019 0 3	0	3
how to calculate starttime and Endtime duration how to calculate starttime and Endtime duration \|08-feb-2019 01:30:18\|08-feb-2019 01:30:28 by babukumarreddy Loves-to-Learn Lots in Splunk Search 02-10-2019 0 3	0	3
View the parameters, e.g. from limits.conf using the search Hello, Is it possible to view the configuration files / parameters, e.g. limits.conf using the search? I do not have... by damucka Builder in Splunk Search 02-09-2019 1 2	1	2
Limit Users search Hi Everyone...I want to put restrictions on users search as presently users can search for as long as they like. This... by ramprakash Explorer in Splunk Search 02-09-2019 0 8	0	8
Regex help Hi All Below are my sample events am trying to use regex and extract Time to run brinson for all days in Parallel a... by mbyreddy03 New Member in Splunk Search 02-09-2019 0 9	0	9
Regex issue Having trouble with the below regex generated from the field extractor application \w+:\\w+\\w+\(?P\w+\\w+) When add... by approachct Path Finder in Splunk Search 02-09-2019 1 8	1	8
mvexpand multiple multi-value fields [MACRO BASED SOLUTION] There are already several Splunk Answers around mvexpand multiple multi-value fields. https://answers.splunk.com/ans... by dmanojbaba Explorer in Splunk Search 02-09-2019 0 1	0	1
Systemd unit with pid tracking for Splunk With a simple systemd unit file you can tell systemd how to start and stop a Splunk instance, but if the Splunk insta... by mwirth Explorer in Splunk Search 02-08-2019 5 5	5	5
Help with regex Below is the sample event 01/15/2019 03:49:15 PM LogName=Security SourceName=Microsoft Windows security auditing. Ev... by vrmandadi Builder in Splunk Search 02-08-2019 0 8	0	8
Did some math on a chart but need to take results to a timechart Have a working query, but the boss has now asked me to timechart for SuccessRateByPlatformPCT per week and I am havin... by nqjpm Path Finder in Splunk Search 02-08-2019 0 5	0	5