Splunk Search

Community Activity

It appears you do not have an active Support Contract or entitlement and as a result, cannot open a Support case ! Hello splunkers, I tried to submit a new case but unfortunately i got this error : "It appears you do not have an ... by baroudiem New Member in Splunk Search 01-22-2019 0 6	0	6
match and count in numerical from events Hello, I have a CSV file containing two columns URL and IP. I'm using it to retrieve only events were a match is fou... by adabud6267 Explorer in Splunk Search 01-22-2019 0 0	0	0
How to change the timestamp of duplicate events I tried to change the time stamp of duplicate events. Can any one suggest me a solution. by sesharao92 Explorer in Splunk Search 01-22-2019 0 1	0	1
Need to find the ADM accounts with help of Normal accounts We have 2 types of accounts in our organization user adm-user I can find the disabled users in the organization, b... by deepak007 Explorer in Splunk Search 01-22-2019 0 0	0	0
Can you help me with my multi-line field extraction? Hi, I am looking to extract fields from multi-line events. Some of the events are more than 20 lines. When I am tryi... by AKG1_old1 Builder in Splunk Search 01-22-2019 0 4	0	4
How do you get an average based on a date field? I have a Splunk log in JSON format as follows: {"SCMSplunkLog":{ "SCMSuccessLog":{ "payload":{ "sourceCount":0,"leve... by karthi25 Path Finder in Splunk Search 01-21-2019 0 1	0	1
Can you tell me the difference between two boolean expressions? Hi, I am currently figuring out what is wrong with my boolean expression. Currently, I'm making a whitelist of app... by y2kbcm Explorer in Splunk Search 01-21-2019 0 2	0	2
Cant ingest csv with £ sign, changes to \XA Good evening one and all, I have CSV files that have monetary values in them, however when they are ingested into sp... by rossparfect Path Finder in Splunk Search 01-21-2019 0 2	0	2
How do you create dummy values in a trellis chart? I have locations 1-6, and I am needing them to stay in the same spot, even if in the time event, there is not a quant... by tseale New Member in Splunk Search 01-21-2019 0 7	0	7
How do I get results of all values in 2 subqueries? i have 2 of the same subqueries in my search with different time periods. So, both results are different. If I use ... by Anantha123 Communicator in Splunk Search 01-21-2019 0 2	0	2
How do you extract multiline fields based on a different string? Hi, I am looking to extract fields from multi line events. I have two different types of events. I'm looking to dist... by AKG1_old1 Builder in Splunk Search 01-21-2019 0 6	0	6
How do you find the difference between the following two events? Hi, I have two events: event1: field1="A",field2="ABC",.....,fieldN="12" event2: field1="B",field2="ABC",.....,fiel... by yko84109 Loves-to-Learn in Splunk Search 01-21-2019 0 2	0	2
Is it possible to display\calculate the ISO year number for a date ? With strftime(_time, "%Y-%V"), I can create a period to sort on a year and ISO weeknumber. When I have events on 30-... by dirkpeter New Member in Splunk Search 01-21-2019 0 4	0	4
How to create a field with selected values of the same field Hi , I have OS field which has many rows .In that i need to filter only the below values and create a field , Windo... by umsundar2015 Path Finder in Splunk Search 01-21-2019 0 2	0	2
How do you search for a specific word when you don't know what the field is? Heya Guys, I'm very new to Splunk and this is likely an obvious answer or I have skimmed across documentation and mi... by brewster88 New Member in Splunk Search 01-21-2019 0 3	0	3
Deploy search head cluster Hello, I'm deploying a search head cluster and I have a doubt about the steps described on the following link: http... by siemteam Explorer in Splunk Search 01-21-2019 0 4	0	4
Why are delimited field extractions not working? Hello, we are inputting data via the HTTP Event collector. The "event" member has this format, which we are trying to... by richardAtOmni Path Finder in Splunk Search 01-20-2019 0 4	0	4
Field extract NOT search. Hi My data format is as follows. A=123456789 Field was extracted for every three digits from field A. My field extra... by khyoung7410 Communicator in Splunk Search 01-20-2019 0 2	0	2
subsearch for failed login hi guys i wanted to search for a list of failed login attempts by privileged users from existing successful logons (E... by hok2010 New Member in Splunk Search 01-19-2019 0 1	0	1
Trying to get month over month with detail. My current working and pretty one is this: \|eval Owner=ProductName \| stats sum(Cost) as Total by TimePeriod, Owne... by tmblue Engager in Splunk Search 01-19-2019 0 6	0	6
How to specify a particular aggregate value in query for Single Value Visualization Chart? how do i specify a particular value to be displayed in single value visualization chart? i only want the totalCount (... by jaj Path Finder in Splunk Search 01-19-2019 0 6	0	6
When do you put a \| (pipe) as the first character in a search I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa... by coleman07 Path Finder in Splunk Search 01-19-2019 2 5	2	5
Want to confine splunk process running on servers as required by our audit. How to achieve? Issue: Splunk is running as unconfiged daemon ps -eZ \| egrep "initrc" \| egrep -vw "tr\|ps\|egrep\|bash\|awk" \| tr ':' ' ... by sdubey_splunk Splunk Employee in Splunk Search 01-19-2019 0 1	0	1
i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query is ... by vkrishnachand New Member in Splunk Search 01-18-2019 0 1	0	1
Count of values in a multi-value field Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k... by hpendela New Member in Splunk Search 01-18-2019 0 2	0	2