Splunk Search

Community Activity

How do you make a regex expression to capture everything after the timestamp? Hello, Cannot crack this one. I have the following event: Fri Oct 26 07:19:41 2018 STATS: GATHER_STATS_JOB encounte... by MikaJustasACN Path Finder in Splunk Search 10-27-2018 0 2	0	2
How do you use a variation of the stats command on different fields? I have 3 fields: IPAddress, ServiceStatus, BackupStatus. ServiceStatus field consists of "Services Fine", "Services ... by sxddhxrthx Engager in Splunk Search 10-27-2018 0 1	0	1
How do you calculate the average across columns in a table? Hello Splunkers I tried a few of the suggested solutions, but none of them got me where I need to be, so i'm asking... by splunker1981 Path Finder in Splunk Search 10-26-2018 0 1	0	1
Is there a possibility in splunk to pull records by one field ( uniqueID) and generate a report with custom fields? I would like to get a report based on a unique customer id. Is there an option in splunk to generate this Query by ... by sharmilad New Member in Splunk Search 10-26-2018 0 1	0	1
How do you create a transaction out of a 500 error? Hi, I want to create a single transaction out of a 500 error and a specific type of error thrown immediately after th... by thompsonsgg New Member in Splunk Search 10-26-2018 0 2	0	2
How do you find a search that finds open windows locked-screen sessions? Trying to figure out a string to find open windows locked-screen sessions Monitored all security events when doing a... by ShaunBaker Path Finder in Splunk Search 10-26-2018 0 0	0	0
How do you combine one REST search with one of the _internal license_usage.log? The REST search \| REST /services/data/indexes \| search NOT title=_* NOT title=splunklogger NOT title=firedalerts NO... by wrangler2x Motivator in Splunk Search 10-26-2018 0 2	0	2
Can you help me with my multi-field field extraction query? I have a field in an event that contains a number of separate individual fields. What would be the most efficient way... by jpolcari Communicator in Splunk Search 10-26-2018 0 3	0	3
Which is the best approach to use with an eval+case+wildcard+chart by 2 fields? I've read as many examples as I can and I still can't figure out how to get this to work. We are using 6.6.2. I am t... by wilsonds Loves-to-Learn Lots in Splunk Search 10-26-2018 0 4	0	4
Limit for chart with split-by clause ? Hi, i have this search: index=foo \| eval length=length(_raw) \| chart eval(sum(length)/1024/1024) as MiB by applicat... by JensT Communicator in Splunk Search 10-26-2018 0 5	0	5
Combining events into one We're experiencing a problem with having indexed data with the default MAX_EVENTS value of 256. While this can be fix... by echalex Builder in Splunk Search 10-26-2018 1 3	1	3
How do you route windows event logs based on filters on a heavy forwarder? Hi, We have had this working in the past, but for some reason, now, i am unable to forward filtered events to one Tc... by shivarpith Path Finder in Splunk Search 10-26-2018 0 6	0	6
How to do regex based on commas I have data like this: 21,enrollmentgroup,19936,40:G6:7Q:G6:89:FG,,nitro - Circle.one10,Phone,11.1.11313,C,10/25/18 ... by JoshuaJohn Contributor in Splunk Search 10-26-2018 0 7	0	7
Is it possible to list the filters of the initial search with the results of a subsearch? Here is the scenario. I have two indexes (index=AV and index=Packet_Analysis) I use index=AV to find attack signatu... by Log_wrangler Builder in Splunk Search 10-26-2018 0 5	0	5
Collect values from syslog logging Hello, I am new to splunk and have the following question. Below is snippet from a syslog logging. I would like to s... by admin_fred New Member in Splunk Search 10-26-2018 0 4	0	4
How do I list unique IPs of infected computers per day and then list new IPs from the previous day? I have a query that looks at SEP logs. index=SEP Sig_String='Attack: Bad Stuff" Remote_IP=10.* \| bin _time span=1d... by Log_wrangler Builder in Splunk Search 10-26-2018 0 5	0	5
What is the best way to pull out IP Addresses from a multivariate field? Basically, I have a multi value field where each value is a free form piece of text corresponding to dated text entri... by mumblingsages Path Finder in Splunk Search 10-26-2018 0 4	0	4
How do I get a subtraction of two fields when they share a common value? I am having three columns in primary_key, service_name , timestamp. I want to get a subtraction of values present in... by pal_sumit1 Path Finder in Splunk Search 10-26-2018 0 2	0	2
How to group by month if we have data from. Hello everyone. Want to display the output only for the time which crosses 18 months (earliest time) by rajhemant26 New Member in Splunk Search 10-26-2018 0 2	0	2
Eval round gives inconsistent half-rounding results I tried setting up a Splunk alert to check for inconsistencies between a rounded total and a raw total, but the alert... by pentwist Engager in Splunk Search 10-26-2018 0 5	0	5
Extracting unique Null Pointer Exception from the logs via Splunk I am looking to extract unique NullPointerException from the Splunk Logs. Unfortunately somehwere my regex is isnt ex... by ashirgao New Member in Splunk Search 10-25-2018 0 1	0	1
Can you help me with my stats count? hello I use the request below, which works: index="windows" sourcetype="wineventlog:Application" "SourceName=*" Typ... by jip31 Motivator in Splunk Search 10-25-2018 0 4	0	4
How do I use the eval command to calculate error rates and show them as percentages? Hello, I am creating a dashboard in which I am displaying total logins, successful logins, failed logins, error rate... by moizmmz Path Finder in Splunk Search 10-25-2018 0 20	0	20
How do I rename the values in the following field? https://drive.google.com/file/d/13tgNyaelfyPwxIvgAOA1Gn1hI628dGB2/view?usp=sharing[link text]1 I want to rename the ... by moizmmz Path Finder in Splunk Search 10-25-2018 0 2	0	2
search time data masking Hi I am trying to mask indexed data using following props.conf comfig for linux_secure. [linux_secure] EXTRACT-ip ... by melonman Motivator in Splunk Search 10-25-2018 0 3	0	3