Splunk Search

Community Activity

Network file permission error (-5000) when starting Splunk enterprise Recently installed Enterprise 60d trial from the Splunk website download on OS X and first, and subsequent startup in... by mikeah21 Explorer in Splunk Search 11-29-2018 2 3	2	3
field extraction from some multivalued fields seperated by comma Log event x: This is the name of the group#2 target(s) [name3] Log event y: This is the name of the group#1 target(s)... by christythomas Explorer in Splunk Search 11-29-2018 0 2	0	2
How do you show unique downloads and their location using the geomap command? I am trying to show unique downloads and their location using the geomap command. Without geomap, my download query ... by mistydennis Communicator in Splunk Search 11-29-2018 0 2	0	2
Make my splunk query more performetric or efficient I have write the below query , Can someone rewrite the query in more efficient way. Basically I am trying to see bre... by saifullakhalid Explorer in Splunk Search 11-29-2018 1 5	1	5
Creating new field on each regex match Hello Splunk Community! As I am quite new to Splunk/Regex, I've got a silly question that may be simple for you: I ... by llacoste Path Finder in Splunk Search 11-29-2018 0 3	0	3
Suitable Sourcetype for uploading a file in json format Hello, I am parsing a file in JSON format to splunk entrprise but the sourcetype is not selected automatically, when ... by dinaabdelhakam Path Finder in Splunk Search 11-29-2018 0 1	0	1
How do you make a regex to remove a string from file path in inputs.conf? I want to change a source by removing a "hostname" from file path (string) using inputs.conf Currently, the source i... by meet_vadaria Engager in Splunk Search 11-29-2018 0 8	0	8
Please see the followings outputs. Data is there which is confirmed using outputtext command but it is not getting displayed as shown in 1st picture. by a_m_s Explorer in Splunk Search 11-29-2018 0 0	0	0
How do you make a regex to extract the following value? Hi, I want to extract a value from the following line: systemGuid=9516e36a-e5e9-4ec5-a449-edcaeb5f227f, I need th... by abhishekgandhe Explorer in Splunk Search 11-29-2018 0 3	0	3
Custom Search Command - Can I emit multiple records for each input record? I'm have a custom command that parses an input field in each given record and emits 0 to N records as its output. I'm... by kmarx Explorer in Splunk Search 11-29-2018 0 0	0	0
Help on stats and on regex in a same query hello I use the code below index="windows-wmi" (sourcetype="WMI:LastLogon" OR sourcetype="WMI:LastReboot") \| dedup h... by jip31 Motivator in Splunk Search 11-28-2018 0 8	0	8
Is there an alternative to the Appendcol command? Need help!!! I am intending to make a table with the country wise sum(percent90). If i do the below, it will just su... by VI371887 Path Finder in Splunk Search 11-28-2018 0 5	0	5
How do I do maths with the results of a search for the results that I'm actually after I have a search similar to this that gets me stats that are the first step in what I'm after: index=balloons \| stats... by ruiner314 New Member in Splunk Search 11-28-2018 0 4	0	4
Why can't I search in Splunk ? "Splunk cannot authenticate the request CSRF validation failed" I can no longer search anything on any local splunk instance from my firefox browser. Firefox + plugins Splunk 6.5.... by maraman_splunk Splunk Employee in Splunk Search 11-28-2018 0 2	0	2
How to search events with matching IP addresses from two different indexes? Is there any way I can match an IP address from two different Indexes & provide a result? For Example: If there is a... by vinay_kadagave Explorer in Splunk Search 11-28-2018 1 9	1	9
Impossible not to use a join: Prove me wrong Hi, I have a situation in which I cannot think of any other way to do it besides using a join. This is less than ide... by mrstrozy Path Finder in Splunk Search 11-28-2018 0 4	0	4
How do I skip words in a field extraction? I am working two extract fields and I have the following two lines: "ActionName processing for AccountName completed... by aohls Contributor in Splunk Search 11-28-2018 0 2	0	2
How do you write a Regular expression in props.conf for only one field? Hi All, How do I write a regular expression in props.conf for only one field ? like rex field=ab "regex" thanks Ra... by rakeshksingh New Member in Splunk Search 11-28-2018 0 7	0	7
How to provide permissions for kvstore lookups? I am setting up permissions for kv store collections. I tried to give permission in local.meta in my app for all the ... by spyme72 Path Finder in Splunk Search 11-28-2018 1 8	1	8
How do I merge values from two fields into key/value pairs in one field? We have the following sample event data: Timestamp=2018-11-27_14:32 Hostname=xxxxx Service=xxxxx Domain=xxxx JVM=xxx... by luke222010 Engager in Splunk Search 11-28-2018 0 5	0	5
checkpoint Log R80.10 with log forwarder to Splunk (win) field extraction Hi - We're on R80.10 and the logs are coming through fine into a separate index. I've installed the Check Point App ... by sworton Explorer in Splunk Search 11-28-2018 0 0	0	0
How to get previous field value where other fields are equal? Im trying to find out how streamstats work, but the documentation is way off compared to the actual results in Splunk... by sboogaar Path Finder in Splunk Search 11-28-2018 0 1	0	1
How do I get the second datetime from the following log ? Hi Expert, I have the below log. In this, I have 2 different time with different formats. I need to set a second da... by vikas_gopal Builder in Splunk Search 11-28-2018 0 5	0	5
How can i use the append command based on an If condition ? Hi All, i have a base search ,with field A , If field A >0 , I have to append another search query that returns ... by harishalipaka Motivator in Splunk Search 11-28-2018 0 4	0	4
Search & timechart: faster and slower when using fields command? Hello! I have an index with more than 25 million events (and there are going to be more). There is a saved search th... by orinciog New Member in Splunk Search 11-28-2018 0 4	0	4