Splunk Search

Community Activity

How to monitor USB plug and remove on server 2008 R2? OS: CentOS 7 Component: Search Head, Indexer Product: Splunk Enterprise Version: 7.2.1 OS: Windows server200... by aojie654 Path Finder in Splunk Search 12-17-2018 0 5	0	5
In a search, how would I get the difference between the primary region and all other regions? I have this query that is supposed to get the difference between the primary region and all other regions, but for so... by kiamco Path Finder in Splunk Search 12-17-2018 0 3	0	3
How do I make a custom alert message with variables? Hello, I have a search with several OR statements in it. Example, Microservice=this OR Microservice=that. When the s... by rbrisseyii Explorer in Splunk Search 12-17-2018 0 5	0	5
How do I make a Splunk query that generates stats grouped by account name? Here is my current query: index=wineventlog sourcetype=WinEventLog:Security EventCode=4625 \| rex ".*Account\sName:\s... by bm1391 New Member in Splunk Search 12-17-2018 0 3	0	3
Can you help me create a regex expression that would extract a field? Hi All, I'm trying to extract a field. However, the field I want to extract isn't at the same location each time.... by itionet New Member in Splunk Search 12-17-2018 0 8	0	8
Can you help me to create a query with a timechart? Hi all, with the query below I have extracted the sum of overtime per day. index="effort_tracker" \| stats count by... by kingwaras Engager in Splunk Search 12-17-2018 0 1	0	1
How can I split IIS logs from Amazon Kinesis stream on "- -" ? Hello - Is there a way to split the line below : with '--". This is from the IIS logs of Amazom Kinesis. 200 is h... by jmajumdar Explorer in Splunk Search 12-17-2018 0 2	0	2
How can we make multiple MAC address formats be readable in one search, regardless of format? I'm still pretty new so the answer is probably easy, but am stuck trying to making this search form work. The goal i... by rpquinlan Path Finder in Splunk Search 12-17-2018 0 9	0	9
How do I send Kubernetes Node name to Splunk? We are running a Kubernetes cluster and are shipping pod logs to Splunk Cloud. Our current setup: 1. Universal forw... by catchaj88 Explorer in Splunk Search 12-17-2018 0 1	0	1
Striftime Error or Settings questions For some reason when I have Time as below, and use (\| eval SortingTime=strftime(SortingTime, " %H:%M:%S") I always... by hyungjoon New Member in Splunk Search 12-17-2018 0 4	0	4
How to extract field using mode=sed for name extraction? How to extract field using mode=sed for name extraction? index=test Sender=PEGAS \| rex field= URI"^(?.+?)(\?\|\z)" \|... by karthi2809 Builder in Splunk Search 12-17-2018 1 7	1	7
Is using the transaction command an overkill in this case? If I have two searches as below (uniqueId is a common field exists in both searches, while field1, field2 are unique... by jliu531 Engager in Splunk Search 12-17-2018 0 1	0	1
How do I sort my search events by week? I am new to Splunk. I am having a problem sorting my search results by week. I tried using the following dates as my ... by ronniemakhombi Explorer in Splunk Search 12-17-2018 0 8	0	8
how can i reset splunk.com login password how can i reset splunk.com login password, the email id in the account has a typo, so the reset password option is no... by soumyasaha25 Contributor in Splunk Search 12-17-2018 0 3	0	3
multiple field in geostats HI, i am trying to display multiple fields like num1, num2, num 3 in map and trying to gets its lat and long from ex... by vikashperiwal Path Finder in Splunk Search 12-17-2018 0 3	0	3
Is it violating license agreement to bring in data from external system? We index a lot of data in Splunk, but we also have a lot of other tools, we would like to use Splunk as single pane o... by xchang1226 Path Finder in Splunk Search 12-17-2018 0 6	0	6
Single query to an external REST API I am working on an app that will have an interactive UI where you could input a hash value and afterwards the app wou... by JerryLives Engager in Splunk Search 12-17-2018 0 0	0	0
Is there a Splunk command to find out configuration errors or typos? Hi, I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props ... by kteng2024 Path Finder in Splunk Search 12-17-2018 0 7	0	7
How do you compare the average memory performance of 2 servers? Hi All, Please help me create a query that compares cpu and memory with threshold performance in 1 month ( 4 data ) ... by mboiz New Member in Splunk Search 12-16-2018 0 5	0	5
Can you help me create a regex that would extract a host from a path? How can I extract hostname from the path for host_regex in data input on directory monitoring? I need only host name... by mlevsh Builder in Splunk Search 12-16-2018 0 3	0	3
How do I write a regex for different field extractions according to event value? I have events like the ones below. I want to make a different field extraction according to the value of field MODEL.... by eyirik Explorer in Splunk Search 12-16-2018 0 9	0	9
How can i retrieve the values of a correlation matrix from Splunk web into a text file (name of the fields)? hello , can anyone tell how can i retrieve the values of a correlation matrix from Splunk web into a text file (nam... by marounb98 New Member in Splunk Search 12-16-2018 0 0	0	0
How can I display our search results as a percent in a single value panel? Hi my basesearch... index = lc source= X \|stats count by status ...gets me the amount status by status: Status Am... by j_r Path Finder in Splunk Search 12-16-2018 0 6	0	6
How do I search data for the time & date that it was generated by the system? I have big data in an Index, but I am looking for the specific data of time & date of system generated. I have a thi... by rakesh44 Communicator in Splunk Search 12-15-2018 0 1	0	1
How can I optimize a search that times out? This search is looking back one month over a large dataset. I would like it to be accelerated, and run once a month o... by ridwanahmed Path Finder in Splunk Search 12-14-2018 0 5	0	5