Splunk Search

Community Activity

How do you edit props.conf to correctly parse data from a PowerShell script? I have a powershell script which feeds data into Splunk via a UDP port. The output of the script is as follows: Abat... by ckeller2791 Explorer in Splunk Search 02-01-2019 0 3	0	3
How to match the values from different rows on a table and compare result. I have 2 tables contains random msisdn which can be repeated in one another as follows: Table1 \| Table2 msisdn1 ... by mandarpim New Member in Splunk Search 02-01-2019 0 5	0	5
Can someone explain concurrent historical searches to me? I do not understand what is meant by concurrent historical searches. Can someone else explain what it means to me? ... by sboogaar Path Finder in Splunk Search 02-01-2019 0 7	0	7
In a table output that uses the stats command, how do you convert a row to a header? How do I convert the output of a table from stats command that looks like this: TIME VALUE METRIC time1 ... by dtakacssplunk Explorer in Splunk Search 02-01-2019 0 3	0	3
How to set height for bar chart Bars? I have created a few bar charts. In that few of the charts have 10 bars,5 bars, and 1 bar. All of these charts bars s... by sajithpm101 New Member in Splunk Search 02-01-2019 0 1	0	1
How do I extract a field between two strings using a regular expression? I have logs having string like: 127.0.0.1\|> GET /alldata 127.0.0.1\|> GET /somedata 127.0.0.1\|> GET /nodata 127.0.0.1... by rohanmiskin Explorer in Splunk Search 02-01-2019 0 2	0	2
Data models slow after restart - tstats HI Every Saturday we do a full stop of Splunk and we do a full back up + restart. The issues is come Monday morning ... by robertlynch2020 Influencer in Splunk Search 02-01-2019 0 6	0	6
Search query required to lookup a csv file Hi, I need to check if the source address from the firewall logs is in private ip address range. How would i check u... by ajayrejin Explorer in Splunk Search 02-01-2019 0 4	0	4
String compare regex wildcard (( host="vwp054" AND source="E:\\Apache\\apisit\\")) \| eval site = if(match(source,"E:\A."),1,0) \| eval aba = if(... by darioapis Explorer in Splunk Search 01-31-2019 0 1	0	1
How can I add a matched lookup field to my stats command output? Hi all, My apologies if the title was a bit vague, wasn't sure how to word it! I have a search which identifes keyw... by danfinan Explorer in Splunk Search 01-31-2019 0 1	0	1
Change table representation I have a table as follows: CN\|Lev\|ref1\|ref2\|ref3\|ref4\|ref5\|ref6 cn1\|1\|1\|2\|3\|4\|\|\| cn2\|2\|\|\|\|\|5\|6\| The representation ... by anisgupt New Member in Splunk Search 01-31-2019 0 2	0	2
How do you set date_mday for yesterday? If I run the following search, adjust the time picker to the last 7 days, AND the 28th falls within the time picker d... by dorgra Path Finder in Splunk Search 01-31-2019 0 2	0	2
Rex to extract text that ends with either one of multiple words Hello all, I have data like this reason="abc";appName=.... reason="xyz";ERServer=... reason="dfg",ClientBob=... Ho... by Cbr1sg Path Finder in Splunk Search 01-31-2019 0 17	0	17
How do you build a panel with different source inputs? I am trying to build a panel where I would like to input the source and present in a radial guaze. The simple query ... by pranay04 Explorer in Splunk Search 01-31-2019 0 3	0	3
How do you get a distinct count of one field based on the value of another? I need to count the total based on status, but also the number of sessions for each status. The number of sessions i... by weidertc Contributor in Splunk Search 01-31-2019 0 2	0	2
Configure an emailed report with timechart to display in local time rather than GMT? I have a report of proxy logs that is emailed to me every evening. The logs themselves are in GMT. I set the time f... by DEAD_BEEF Builder in Splunk Search 01-31-2019 0 0	0	0
Why are log events indexed from GZip archive with a specified source type missing extracted fields? Hi there, I have a custom source type (papertrail) that is a tab delimited source and have verified it works correct... by statmuse Engager in Splunk Search 01-31-2019 0 7	0	7
What exactly is Archiver (Archiving large_file) doing? In splunkd.log we see: 01-31-2019 12:38:03.683 -0800 INFO Archiver - Archiving large_file=/opt/splunk/etc/apps/sear... by the_wolverine Champion in Splunk Search 01-31-2019 0 2	0	2
Can I have an accelerated search summary for 1 year if the index retention time is set to 90? I am attempting to come up with a solution to hold log data for 180 days for data within an index that has a retentio... by ericg57 Engager in Splunk Search 01-31-2019 0 4	0	4
how can i do to make this events into Splunk? hello team! We have this logs comming in a port 10162 (say that this is a kind of "syslog" but it comes with a lot o... by lightech1 Path Finder in Splunk Search 01-31-2019 0 2	0	2
allow-custom-value doesn't work in Splunk 7.2.3 I've built a custom alert action with a UI. One of my inputs is dynamic, and populated from a splunk search. Here is ... by asemle Explorer in Splunk Search 01-31-2019 1 2	1	2
Restrict results by count > 30? This is my query: index=mtickets MovieRating=R CustomerAge<17 \| stats count by MovieName Can I restrict the results... by jmgilpin New Member in Splunk Search 01-31-2019 0 2	0	2
Inner Join Returns Different Results When Reversing Search Order Been working on a proof of concept that seems to be eluding me. From my work with SQL I would expect that an Inner Jo... by ravencr0ss New Member in Splunk Search 01-31-2019 0 2	0	2
Problem with token eval I am trying to rest one hour to fiel1latest What I am doing wrong, I am trying to rest one hour to fiel1latest <label>otro</label> <fieldset submitButton=... by rutdesanti New Member in Splunk Search 01-31-2019 0 2	0	2
Using the Send to File app, why am I getting the following error?: "No such file or directory" error Hello @Damien Dallimore - I am using your app Send to File and see the following errors in the View log events. Th... by arock New Member in Splunk Search 01-31-2019 0 1	0	1