Splunk Search

Community Activity

Can you help me improve the performance of a custom search? Hi, We have Linux Auditd data coming into Splunk with sourcetype=linux:audit. In Auditd logs, Record Types define ev... by att35 Builder in Splunk Search 01-15-2019 0 6	0	6
Splunk Cluster keeps showing Peers as BatchAdding The Peers keep showing up as BatchAdding....they stabilize and then go back.... by jmcclure Explorer in Splunk Search 01-15-2019 0 1	0	1
mvlist functionality My search (1) transaction PG SessionID mvlist=SessionEventNet nullstr=0\|eventstats sum(SessionEventNet) as SessionNe... by javiles1960 Explorer in Splunk Search 01-15-2019 1 9	1	9
I have installed splunk enterprise version on windows 2008 R2 server. I am not able to access the splunk web outside the server. We have installed the splunk enterprise version 7.0.2 on a windows server 2008 R2. However we are not able to access ... by naagaraj Engager in Splunk Search 01-15-2019 0 4	0	4
I'm unable to connect to splunk using java application. I'm accessing splunk via a VPN. So if I'm trying to access splunk via browser, after logging in using username and pa... by spideyweb008 New Member in Splunk Search 01-15-2019 0 1	0	1
apply apache field extractions to nonstandard sourcetype Hello, I have some apache access logs coming in that I'd like to label sourcetype="aem:access" instead of sourcetyp... by zhatsispgx Path Finder in Splunk Search 01-15-2019 0 7	0	7
Finding Historical Gaps in Data I have an existing search that shows devices that currently are not logging i.e. gaps however, I didn't have an aler... by neely_hpe New Member in Splunk Search 01-14-2019 0 1	0	1
SWAGGER URL for SPLUNK Hi All, I have downloaded SPLUNK Enterprise -Trial We are trying to use SPLUNK Enterprise for Automation using cloud... by abedeen Engager in Splunk Search 01-14-2019 1 0	1	0
Question : I am facing issue in Regular expression want to print substring from string Hello Sir , I am new for this Regular expression . in our log has different value for field. want to remove char upt... by su_kumar New Member in Splunk Search 01-14-2019 0 5	0	5
Field Extraction help for user and email The following is one of the sample raw logs. 01/14/19 2:05:25.000 PM 2019-01-14 19:05:24.915 INFO 1234 --- [abcd-2... by pavanae Builder in Splunk Search 01-14-2019 0 2	0	2
Hot folder does not index some files Good morning everyone I'm having trouble crawling multiple files at once. Today I copied 100 files and placed them i... by gabrielgarciia New Member in Splunk Search 01-14-2019 0 2	0	2
Can Splunk charts display a logrythmic Axis? Hi, Is there an option for Splunk to display chart axis logrythmically? I don't see an option in the standard chart... by a212830 Champion in Splunk Search 01-14-2019 1 2	1	2
How do you add a blank row after each unique host in search results? I have a search statement in a customized dashboard to show the disk utilization of my servers. I would like to add a... by kenntun Engager in Splunk Search 01-14-2019 0 8	0	8
Need to hide data in DB connect Hi Team, I have 2 sources & have 12 months of data in DB connect app , Can we hide particular month of data in DB co... by rakesh44 Communicator in Splunk Search 01-13-2019 0 5	0	5
Query substring of value stored in token I have a $token$ with value 192.168.25.2. How do I perform a query for all addresses that have 192.168.25.* excluding... by burchl New Member in Splunk Search 01-13-2019 0 7	0	7
Why is my search head sorting columns when displaying statistics/visualizations? We have two search heads, one for general use and one for Enterprise Security. Any table/stats searches on the ES se... by gf13579 Communicator in Splunk Search 01-13-2019 0 7	0	7
How do you extract an XML tag from _raw field? Hi all, I'm new to Splunk and don't have much idea of regex. I'm trying to extract the content of "faultstring" tag... by mukesh2019 Explorer in Splunk Search 01-13-2019 0 3	0	3
Can I exclude certain columns in a table from drilldown? Hello, Basically, I just want to know if there is a way in the Splunk XML to exclude certain columns in a table from... by mal81394 New Member in Splunk Search 01-12-2019 0 3	0	3
Reindex a file on 3000 machines All, I indexed a 30-line config file off all our Linux hosts. But accidentally used the wrong source-type and index... by daniel333 Builder in Splunk Search 01-12-2019 0 4	0	4
interesting regex Hi, I have data that looks like this 2018-06-11 23:37:11,035 pool-10-thread-1 DEBUG c.i.w.i.s.WholesaleCVRService ... by dbcase Motivator in Splunk Search 01-12-2019 0 5	0	5
Dynamic eval if match from a list of values - foreach? A standard eval if match example is below. Any ViewUrl value which starts with /company/.* has the entire string re... by DanielFordWA Contributor in Splunk Search 01-12-2019 0 8	0	8
How do I get the timechart results for a summary index query? I have a query which uses the summary index and some lookup tables with eval conditions and ends with... \| chart co... by pavanae Builder in Splunk Search 01-12-2019 0 6	0	6
Multiple If Statements (Comparing Two Columns) Hello, I have information being indexed from a website that does constant ping tests. The information that I am retr... by dfrench151 Explorer in Splunk Search 01-12-2019 0 4	0	4
ID of the max value event Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z, 8... by kvaga Explorer in Splunk Search 01-12-2019 0 7	0	7
How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios? I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version... by splunkot New Member in Splunk Search 01-11-2019 0 2	0	2