Splunk Search

Community Activity

How to push out an indexer bundle after rebuilding a server? Hi, I had to rebuild an indexer, and it's now up and running, but it doesn't have the most recent updates that we ha... by a212830 Champion in Splunk Search 12-10-2018 0 7	0	7
How do I run the Splunk CLI command using the scripted input and the path file? We have Windows servers blocked for executing batch scripts. So, how do I run the below Splunk CLI command schedul... by ankithreddy777 Contributor in Splunk Search 12-10-2018 0 1	0	1
token. how can I, configuring one token for filter search? Hi I have this search in my dashboard and i want create a token filter for search the result of the field "sucursal... by medvelsplunk Engager in Splunk Search 12-10-2018 0 2	0	2
How do I filter tenable scan results by lastSeen value? I'm trying to filter my Tenable results to show only vulnerabilities seen within the last 7 days. Here is my current ... by lball Explorer in Splunk Search 12-10-2018 0 3	0	3
How do I combine search results from two different date time ranges into 1 table? I am trying to combine results from two different time lines into a single table. The search query for 1 day as fol... by angersleek Path Finder in Splunk Search 12-10-2018 0 2	0	2
How do you color code a cell? I've read through a lot of articles, but I can't figure out how to make this work. My query is below. For ease of rea... by jsights New Member in Splunk Search 12-10-2018 0 1	0	1
Can you help me visualize my input lookup file? Hello There, I have a file CSV as shown in the attached screenshot. I want someone to help me to draw these dates on... by dinaabdelhakam Path Finder in Splunk Search 12-10-2018 0 1	0	1
How do I reconstruct the path of a message across multiple events? I have a log file from our ESB that has multiple events for each message. I want to join those back together so I can... by asturt Explorer in Splunk Search 12-10-2018 0 2	0	2
How do you compare a previous average with the current actual count? Hello, I am trying to write an SPL to do the below but hitting a road block. Can someone please help!! Date ... by rohitmaheshwari Explorer in Splunk Search 12-10-2018 0 1	0	1
How do i display the latest event from two event IDs by computer name? Hello, I am trying to complete a query that allows me to see both the latest failed and successful backups from eve... by willsy Communicator in Splunk Search 12-10-2018 0 4	0	4
What would be the best way to use index and source type for multiple projects? Hi everyone, I am new to Splunk and i have a quite a few projects in my organization. I know that an index can have ... by casmond New Member in Splunk Search 12-10-2018 0 2	0	2
Can you help me combine 2 queries into a timechart? Hi all, I have the following data and I need some help to progress further. I have fields: _time uniqueId action us... by cindywee New Member in Splunk Search 12-09-2018 0 2	0	2
How do you use the value of the lookup filename as a field in the search result? Here is the search and lookup, I need to capture the value, last_logon_lookup_20180928.csv We need the value in bold... by roayers Explorer in Splunk Search 12-09-2018 0 3	0	3
Drilldown on results of a subsearch not working Woodcock - As a new question to the previous one that you help resolve - do you have any idea why the drilldown isn't... by doogan12 Engager in Splunk Search 12-09-2018 0 16	0	16
How to use a different time range within a subsearch? Splunk rookie here, so please be gentle. I am hoping someone can help me with a date-time range issue within a subse... by lblackey Engager in Splunk Search 12-09-2018 1 8	1	8
How to add % symbol with data labels in charts? I want to add % symbol with both the y-axis legend and data labels Thanks in advance! by ny34940 Path Finder in Splunk Search 12-09-2018 0 13	0	13
How to get Splunk btool command to return an exact match? Hi, I have savedsearches like: dev_sudo dev_sudo mod dev_sudo mod2 How to dump the first with btool? If I use spl... by lukasz92 Communicator in Splunk Search 12-08-2018 0 3	0	3
How do you extract a hostname from a source path? Hello all , I've configured Splunk to monitor directory , i.e. /usr/home/test/* for new CSV files ( periodically ... by rkatsnel New Member in Splunk Search 12-08-2018 0 6	0	6
Join Earlier Joins with Later I'm doing a join where I want to only get subsearch events that happened before the parent search event. Thus, I'm u... by grex2595 New Member in Splunk Search 12-08-2018 0 1	0	1
How to trigger the DMC Alert - Near Critical Disk Usage alert on the monitoring console? Hello, I've been asked to set up an alert for disk space exceeding 80%. I enabled the DMC Alert - Near Critical Di... by moizmmz Path Finder in Splunk Search 12-07-2018 0 3	0	3
Why am I seeing several thousand skipped searches per day in the Splunk Deployment Monitor app? Using Splunk 7.2.0. While looking at the Monitoring Console and performing this search (see below) , I see almost 70... by juanlazarosanch New Member in Splunk Search 12-07-2018 0 1	0	1
Subsearch leading to I notice that the below query results in 0 events, whereas the baseSearch alone results in 11 events and the sub-sear... by samtheman Engager in Splunk Search 12-07-2018 0 3	0	3
How can I make my table results in 3s time intervals? Query I am running: index="dcg-video-eng-live-services-stage" \| spath "message.req.originalUrl" \| search "message.re... by moizmmz Path Finder in Splunk Search 12-07-2018 0 8	0	8
How can I split JSON into multiple events? Hi, can anyone help me a bit? i am trying to split an event in more lines or more events, every events got multiple ... by 0xlc Path Finder in Splunk Search 12-07-2018 0 2	0	2
How do I convert epochtime = -1 to a human readable format? I am creating a dashboard for Tenable results and some entries have a Patch Publication Date value of -1. I'm having ... by lball Explorer in Splunk Search 12-07-2018 0 3	0	3