Splunk Search

Community Activity

Can you help me use the eval command with a wildcard question? Is there a way to do a search for any version that begins with a 5* in an eval search? eval sofver = if (softwarever... by linuxology New Member in Splunk Search 01-04-2019 0 4	0	4
Can you help me with a MAC Address Search in a Splunk dashboard? Greetings--- I am trying to build a dashboard form for MAC address regardless of format. The goal is to simply have... by richardphung Communicator in Splunk Search 01-04-2019 1 5	1	5
Events 4656 and 4663 Hello, My intention is to create a report, based on the log below, that tells me when a new object (file or folder... by adrianmiron Explorer in Splunk Search 01-04-2019 0 11	0	11
sorting in specific requirement Below is my data in tabular format I want FUNCTION \| HK \| SG AGE ... by VI371887 Path Finder in Splunk Search 01-04-2019 0 1	0	1
Object Name filtering with Diffrent folder structrue we have one Network folder : clientreports Standard Reports Structure as : • Path/Foldername/Report Type/Client/R... by shishirkumar Engager in Splunk Search 01-04-2019 0 0	0	0
Can you help me with a complex subsearch? Hi I use the request below in order to count degradation stop performances by service name index="windows" sourcety... by jip31 Motivator in Splunk Search 01-04-2019 0 8	0	8
Does distinct_count() in a timechart count unique instances per time slice or per chart? Hi, I was reading Example 3 in this tutorial - to do with distinct_count(). I would like to know when you apply dis... by nosignal Explorer in Splunk Search 01-04-2019 1 6	1	6
How to add an additional backslash to source? I have an input that offers me x sources index="xxxxx" sourcetype=xxxxx \| dedup source \| table source The problem i... by edwinmae Path Finder in Splunk Search 01-04-2019 0 3	0	3
How to extract a multiple line content as a field ? Hi , I need to extract multiple lines of raw log into a message field example raw log: timestamp : The decision abo... by raj_mpl Path Finder in Splunk Search 01-04-2019 0 4	0	4
help on epoch time format number hi I would like to transform the epoch time number below in a standard format date 1546284113.000000 could you ple... by jip31 Motivator in Splunk Search 01-04-2019 0 1	0	1
Comparing Two Files with Eval and Set Hello! I started using Splunk about 3 hours ago and am getting stuck on something that may be very simple: I have t... by pradeepk_splunk Splunk Employee in Splunk Search 01-03-2019 0 3	0	3
need to calculate number of request in iis for each month. I need to calculate number of request in iis for each month. I already stored the iis log in splunk. i need to get th... by nambir New Member in Splunk Search 01-03-2019 0 3	0	3
How do you compare a list of host names? All, I have a list of X hosts and another list of Y hosts. Seems to be Splunk should have an easy way to diff these... by daniel333 Builder in Splunk Search 01-03-2019 0 5	0	5
Why am I unable to extract values from the following logs? Every time I try extracting values for platform, testNames, testId and experience , I always get "\" Can you please... by saifullakhalid Explorer in Splunk Search 01-03-2019 0 2	0	2
Is it possible to export select fields to a CSV using the outputcsv command? I need to be able to take my data, export some of the fields to a CSV, and then use the rest of the data in the rest ... by nick405060 Motivator in Splunk Search 01-03-2019 0 1	0	1
WatchedFile - File too small to check seekcrc, probably truncated. Will re-read entire file Hello I have a script that writes a log file of the current month. The information is exported from a database. It al... by max8006 Explorer in Splunk Search 01-03-2019 0 2	0	2
unable to post a question Hi team, I am unable to post a question, when i am posting a question getting 500 error Thanks by Laya123 Communicator in Splunk Search 01-03-2019 1 7	1	7
It does not show any data in my splunk from my FortiGate. I need to see the logs of my FortiGate os 5.6.4 in my splunk application by gpadilla070993 New Member in Splunk Search 01-03-2019 0 0	0	0
How do you convert a hostname to "netmask"? Hello all, I'm brand new to Splunk, so please have patience with me. I want to convert our hostnames to a net mas... by perbejder Engager in Splunk Search 01-03-2019 0 4	0	4
Why am I getting error "Could not use regex to parse timestamp..." for timestamps before November 2010? Using Splunk 6.4.0 on Ubuntu Server Trying to index a file that goes back in years. Working with the Timestamp to g... by TangentTexan New Member in Splunk Search 01-03-2019 0 5	0	5
Is it possible to mask the sensitive data from the configuration files during the search time? I am able to use "SEDCMD" to mask the sensitive data during the index time, but is it possible to mask the sensitive ... by splunkrocks2014 Communicator in Splunk Search 01-03-2019 0 4	0	4
Can you help me with event time subtraction? Need help with the following scenario. I want to be able to know how many users and how long each user was logged-in... by zacksoft Contributor in Splunk Search 01-03-2019 0 4	0	4
How do you get the count value by using tstats or stats command? Hi Team, I am using the below command for getting the total value of Payable_Column & show the total count: index=... by rakesh44 Communicator in Splunk Search 01-03-2019 0 4	0	4
Where splunk default alert action script will store Where splunk default alert action script will store.Once i created a script to execute in alert action then where it ... by raja8220 New Member in Splunk Search 01-03-2019 0 1	0	1
How do you get the value from a tabular event for alerting? Hi my log event will be in a tabular format like below program status Group Lag ... by raj_mpl Path Finder in Splunk Search 01-03-2019 0 14	0	14