Splunk Search

Community Activity

need to calculate number of request in iis for each month. I need to calculate number of request in iis for each month. I already stored the iis log in splunk. i need to get th... by nambir New Member in Splunk Search 01-03-2019 0 3	0	3
How do you compare a list of host names? All, I have a list of X hosts and another list of Y hosts. Seems to be Splunk should have an easy way to diff these... by daniel333 Builder in Splunk Search 01-03-2019 0 5	0	5
Why am I unable to extract values from the following logs? Every time I try extracting values for platform, testNames, testId and experience , I always get "\" Can you please... by saifullakhalid Explorer in Splunk Search 01-03-2019 0 2	0	2
Is it possible to export select fields to a CSV using the outputcsv command? I need to be able to take my data, export some of the fields to a CSV, and then use the rest of the data in the rest ... by nick405060 Motivator in Splunk Search 01-03-2019 0 1	0	1
WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file Hello I have a script that writes a log file of the current month. The information is exported from a database. It al... by max8006 Explorer in Splunk Search 01-03-2019 0 2	0	2
unable to post a question Hi team, I am unable to post a question, when i am posting a question getting 500 error Thanks by Laya123 Communicator in Splunk Search 01-03-2019 1 7	1	7
It does not show any data in my splunk from my FortiGate. I need to see the logs of my FortiGate os 5.6.4 in my splunk application by gpadilla070993 New Member in Splunk Search 01-03-2019 0 0	0	0
How do you convert a hostname to "netmask"? Hello all, I'm brand new to Splunk, so please have patience with me. I want to convert our hostnames to a net mas... by perbejder Engager in Splunk Search 01-03-2019 0 4	0	4
Why am I getting error "Could not use regex to parse timestamp..." for timestamps before November 2010? Using Splunk 6.4.0 on Ubuntu Server Trying to index a file that goes back in years. Working with the Timestamp to g... by TangentTexan New Member in Splunk Search 01-03-2019 0 5	0	5
Is it possible to mask the sensitive data from the configuration files during the search time? I am able to use "SEDCMD" to mask the sensitive data during the index time, but is it possible to mask the sensitive ... by splunkrocks2014 Communicator in Splunk Search 01-03-2019 0 4	0	4
Can you help me with event time subtraction? Need help with the following scenario. I want to be able to know how many users and how long each user was logged-in... by zacksoft Contributor in Splunk Search 01-03-2019 0 4	0	4
How do you get the count value by using tstats or stats command? Hi Team, I am using the below command for getting the total value of Payable_Column & show the total count: index=... by rakesh44 Communicator in Splunk Search 01-03-2019 0 4	0	4
Where splunk default alert action script will store Where splunk default alert action script will store.Once i created a script to execute in alert action then where it ... by raja8220 New Member in Splunk Search 01-03-2019 0 1	0	1
How do you get the value from a tabular event for alerting? Hi my log event will be in a tabular format like below program status Group Lag ... by raj_mpl Path Finder in Splunk Search 01-03-2019 0 14	0	14
Can you help me with my regex pattern match? Here is my code . I want my field record_type to contain only the events/records that contain either of the keywords ... by zacksoft Contributor in Splunk Search 01-03-2019 0 3	0	3
Where following a dc(field) I am looking at a firewall. I am trying to find only results where there are more than 20 distinct ports per source. ... by stakor Path Finder in Splunk Search 01-03-2019 0 3	0	3
Failing to extract to multivalue field with props.conf and transforms.conf Im not sure why I am not extracting into multivalue fields. It's only extracting the last matching group. I think its... by nkleck New Member in Splunk Search 01-02-2019 0 1	0	1
How do you use OR logic in lookup fields? Hello! Problem: Take .csv lookup file and search through an index in order to identify a match, if ipaddress OR us... by tomsterkw Engager in Splunk Search 01-02-2019 0 4	0	4
Can we create outputlookup table user based? Hi, As we know that, lookup table can be created as global, if file is located at '$SPLUNK_HOME/etc/system/looku... by sumangala Path Finder in Splunk Search 01-02-2019 0 8	0	8
Splunk search causes browser to crash One of the searches by our user caused his browser to crash. "index=oseventlog OR index=activedir OR index=oseventlo... by mlevsh Builder in Splunk Search 01-02-2019 0 8	0	8
Can you answer a couple of questions for me regarding the certification exam? folks, just checking your experience with Recertification and Splunk Enterprise Certified Architect Anyone have do... by koshyk Super Champion in Splunk Search 01-02-2019 0 4	0	4
Custom lookup table used in search I created a csv file that has two columns, name and ip. I've uploaded the csv and I want to use the name column as li... by mpunderw Engager in Splunk Search 01-02-2019 0 3	0	3
How to add a wild card to all the field values at the end of a field? I have a query as follows \| inputlookup hosts.csv \| table host \| format Which gives the result as follows ( ( h... by pavanae Builder in Splunk Search 01-02-2019 1 4	1	4
Index time extraction: How to field extract from source, with two capturing groups? This is an example of my source: /frameworks/app_console-ui_v656_web_0/runs/latest/errors.stdout I am using the fo... by splunkIT Splunk Employee in Splunk Search 01-02-2019 1 2	1	2
How do you change the background color of a timechart if there is a value of zero ? I have a simple timechart that looks at the _internal index for various hosts and makes a simple timechart span by ho... by DEAD_BEEF Builder in Splunk Search 01-02-2019 0 6	0	6