Splunk Search

Community Activity

How do I return a field(s) from a specific index, where the query has multiple search indexes? index=security sourcetype=symantec OR (sourcetyoe=WinHostMon (Path="malwarebytes")) \| fillnull value="" \| table H... by mmercola New Member in Splunk Search 01-09-2019 0 1	0	1
run a splunk query using a hyperlink Hi, I am creating a dashboard that will present various aspects of a given session, with the goal being to additiona... by kylegoldberg New Member in Splunk Search 01-09-2019 0 0	0	0
sum an unknown number of fields (with wildcards) I have event like _time host1=1 host2=10 host3=20 _time host1=2 host3=12 host3=30 The number of fields is not defin... by sbsbb Builder in Splunk Search 01-09-2019 1 5	1	5
How to query data that has no value? Hi fellow Splunkers! I'm hoping you can help my manager and I with a certain problem we're trying to solve. We have ... by dscott198 New Member in Splunk Search 01-09-2019 0 6	0	6
Trick to manage business hours / weekdays at search time Hello guys, this isn't a question just a trick  Add this to your query : \| appendcols [\| makeresults \|... by splunkreal Influencer in Splunk Search 01-09-2019 0 0	0	0
How to alert when we are receiving data from hosts that are not in a lookup, or are not receiving data from hosts in the lookup? Hi, We have a lookup table "hostlist" of hosts that need to be present in Splunk. For example host dns1 dn... by mlevsh Builder in Splunk Search 01-09-2019 0 10	0	10
Can you help me with a percentage calculation in Splunk? Hello, I need to do a percentage calculation, but I cannot. I have the data as follows: It is just a field named a... by hjsabdjahbd Observer in Splunk Search 01-09-2019 0 4	0	4
Using the foreach command, how do you reset the value of a field based on another field? How do you reset a value of a field (to 0) based on another field's 0 value (using foreach - as this needs to be done... by sahil237888 Path Finder in Splunk Search 01-09-2019 0 7	0	7
Transaction grouping between disparate logs with the same hostname hi there- trying to put together a query that will search two different sourcetypes for a hit within 1 minute where t... by daryllj Path Finder in Splunk Search 01-09-2019 0 4	0	4
Optimize transaction query Hello I have a transaction query which I would like to optimize. It is impossible to run the query for a few hours. I... by AnujaJ Path Finder in Splunk Search 01-09-2019 0 5	0	5
Easier navigation: How do you un drill down in Splunk-web? Drill down is one of the best features of Splunk, making it easy to use as a diagnostic tool when looking for unknown... by DarrinWest Engager in Splunk Search 01-08-2019 4 7	4	7
How can I filter different values from the same field ? Hi Experts, I have a field called "Login" in my events, which has various types of values such as "1111@domain1.com"... by pgadhari Builder in Splunk Search 01-08-2019 0 15	0	15
Splunk Enterprise Flow data indigestion limits Hi all, Can some one tell about Network flows indigestion capacity of Splunk enterprise solution.Like how much flo... by hariskhan Explorer in Splunk Search 01-08-2019 0 4	0	4
How do you Join tables using a common field? Hi all I am very new to Splunk, hoping someone can help me. I am working on creating a dashboard that gives us a ... by umakanth_k New Member in Splunk Search 01-08-2019 0 3	0	3
Why is my subsearch not working? I am trying the below subsearch, but it's not giving any results. "No results found. Try expanding the time range. " ... by utk123 Path Finder in Splunk Search 01-08-2019 0 3	0	3
IS there anything special required to move cold data to hot data? I am currently restructuring our logging architecture and want to move existing cold data to hot data but wanted to e... by lhanich1 Path Finder in Splunk Search 01-08-2019 0 1	0	1
Why is the calculated count for a field showing way more than the actual events? Hello, I am having trouble understanding why the counts for a particular field are off. The time frames for both the... by jordanking1992 Path Finder in Splunk Search 01-08-2019 0 2	0	2
Splunk Dynamic search using lookup I wish to populate a list of index names ( > 1) from a lookup table to a search query. Indexlookup.csv --> COL1 ... by rishiaggarwal Explorer in Splunk Search 01-08-2019 0 4	0	4
How do you pull data from a previous event? So here is what my Splunk data looks like... these 4 events are consistently sequential. › 1/7/19 1:02:11.211 PM ... by muzicman61 New Member in Splunk Search 01-08-2019 0 1	0	1
Log correlation for login without active (VPN) session First post so: hi all! I need some help to set up an alert if a user logs in on one of our systems without an active... by rgerritse New Member in Splunk Search 01-08-2019 0 1	0	1
Can you help me get the count by user from the following query? I am pulling information from the authentication datamodel by modifying the Excessive Failed Logins tstats command: ... by richardphung Communicator in Splunk Search 01-08-2019 0 6	0	6
How do you sum values by day? Hi, I'm new to Splunk and have written a simple search to see 4 trending values over a month. auditSource XXX audit... by jyar1 Engager in Splunk Search 01-08-2019 0 3	0	3
How come our AND operator is not working? Hi , I am trying the checkbox with multiple selections. I have four options grey, red, yellow and green. Once I am s... by kumar_pashupati New Member in Splunk Search 01-08-2019 0 10	0	10
How do you indirectly access a field value? In the following query, I want to use the value of b as a field: \| makeresults \| eval a=1 \| eval b="a" \| eval c=som... by doton New Member in Splunk Search 01-08-2019 0 6	0	6
How do I do a field extraction with a special character? Hello, I have some logs that required to extract the fields. the raw data is in the format as below. "xxx","yyy","zz... by kcchu01 Explorer in Splunk Search 01-08-2019 0 3	0	3