Splunk Search

Community Activity

what does dedup_splitvals argument for stats command do? I have a stats command in my correlation search spl which has an argument dedup_splitvals=t not sure what this argume... by manojsecsme Explorer in Splunk Search 12-19-2018 4 2	4	2
Setting up custom condition for alert Hello, I have the following search: host="x.x.x.x" OR host="x.x.x.x" Message_Type="Authen failed" PCI \| eval Source... by robK123 Explorer in Splunk Search 12-19-2018 0 6	0	6
How do you return a conditional count and grand-total in a query? Hi all, Novice here. I have two separate queries that are doing a simple calculation each, but I would like to combi... by skribble5 Explorer in Splunk Search 12-19-2018 0 4	0	4
We have planing to add azure application logs(Audit cloud logs) to splunk environment . in our environment we have 4 servers (A,B,C D) A >>Act as a(indexer ,search head ,license master ,Forwarder manageme... by satkan100 Path Finder in Splunk Search 12-19-2018 0 1	0	1
Can you help me convert the following field to epoch time? I'm stuck trying to figure out the conversion on this time format field from Active Directory data. Hoping someone ca... by joesrepsolc Communicator in Splunk Search 12-19-2018 0 5	0	5
Can I use a geospatial lookup to add state data to my data model? Using Splunk 6.6, I tried for the first time to create a Data Model. My Root Event Dataset consists of events which h... by pcsegal Explorer in Splunk Search 12-19-2018 0 3	0	3
Timechart group by 2 fields Hello, I am trying to find a solution to paint a timechart grouped by 2 fields. I have a stats table like: Time ... by ReddySk Explorer in Splunk Search 12-19-2018 0 2	0	2
Maintaining data integrity for exports from splunk Hi everyone, I know that Splunk is capable of maintaining its own data integrity via hashing the events. However, wh... by darthz0r Engager in Splunk Search 12-19-2018 0 0	0	0
Can you help me with a regex field extraction? Hi guys, I got some the strange events as follows: timestamp: xxxx controlType: xxxx criticality: false object: xxx... by season88481 Contributor in Splunk Search 12-18-2018 0 1	0	1
Does the timeline have any zoom limitations in the search bar? Hi Splunker, This is just my curiosity. I have a lot of logs that are 99,999 in 1 millisec. I have tried zooming ... by Shuhei052492 Path Finder in Splunk Search 12-18-2018 0 3	0	3
How do you display days in chronological order not alphabetically? Hi, I am using the below search to display the average transactions by day over a couple weeks. I need the days to s... by cwhurd1 New Member in Splunk Search 12-18-2018 0 5	0	5
\|stats count(sum) as a grouped TIMECHART Hello ...query \| bucket span=1month _time \| eval date=strftime(_time, "%Y/%m/%d ") \|stats count sum(2017_totals) ... by TCK101 New Member in Splunk Search 12-18-2018 0 1	0	1
How do you run a script on a column search result? Hi, I want to run a script on all values in a column like that: index="myindex" mysearch_filters \| table id \| scrip... by rolivet New Member in Splunk Search 12-18-2018 0 1	0	1
i would like to get the total bandwidth used by a particular subnet in my network i would like to get the total bandwidth used by a particular subnet in my network, please help, i am new in splunk, by ikaneng New Member in Splunk Search 12-18-2018 0 3	0	3
How to upgrade add-on infoblox v11.0.2 to v1.1.0 in a single clustered environment including SHC, HFs and single ES How to upgrade add-on infoblox v1.0.2 to v1.1.0 in a single clustered environment including SHC, HFs and single ES (... by bwidi New Member in Splunk Search 12-18-2018 0 0	0	0
Are there field extractions available for IPlanet web access logs? Here's the fields followed by a description: Hostname or IP address of client arrow.a.com. (In this case, the hos... by ndoshi Splunk Employee in Splunk Search 12-18-2018 0 4	0	4
Can you visualize text in Splunk? I am trying to see if I can visualize text in splunk. For example, I have results showing a build going through multi... by askarkz Explorer in Splunk Search 12-18-2018 0 7	0	7
How do I get a report of all alerts configured in Splunk? How do I get a report of all alerts configured in Splunk. When i click the alert tabs it shows the alerts but unable... by logloganathan Motivator in Splunk Search 12-18-2018 0 1	0	1
Can you help me with some predictive analytics for the current month? I want to forecast future values of a field. _time TOTAL 01-07-2018 200 01-08-2018 220 01-09-2018 ... by joydeep741 Path Finder in Splunk Search 12-18-2018 0 1	0	1
Can you help me with my tstats sub query? Hello, I have a tstats query that works really well. However, I am trying to add a sub search to it to attempt to id... by griggsy New Member in Splunk Search 12-18-2018 0 4	0	4
How to use regex on a field's value in a search? index=system* sourcetype=inventory order=829 I am trying to extract the 3 digit field number in this search with r... by splunkuser21 Engager in Splunk Search 12-18-2018 0 4	0	4
How do you apply a formula from another field to eval its value? Hi, I basically want to eval a result-field based on the formula contained in another field. The formula in the othe... by flopit Path Finder in Splunk Search 12-18-2018 0 4	0	4
Splunk DB Connect: Time conversion error while working with SQL Audit log data I have a SQL query using at Splunk DB Connect to pull the SQL audit log into Splunk as below: SELECT event_time, act... by jasonsun Explorer in Splunk Search 12-18-2018 0 1	0	1
How to dynamically set the y-axis scale of a chart with the max value needed + X%? Hi all! I have the following search which displays a stacked bar chart: <index, filters and sourcetype> \| stats cou... by andreafebbo Communicator in Splunk Search 12-17-2018 1 7	1	7
Why is the rename command not working post using fillnull? Can you please help check why below command is not working. index="app_batch_reports" "] ERROR [" NOT "MessageClient... by AnmolKohli Explorer in Splunk Search 12-17-2018 0 1	0	1