Splunk Search

Community Activity

Windows password reset/creation: Will you help me create a search that returns Event "A" and NOT Event "B" within a given period of time? Hi All, We've set up an alert to flag AD Service account passwords are reset. Below is the alert condition: index=... by utsav45 Explorer in Splunk Search 10-04-2018 0 4	0	4
How do I get min/max of a column chart PER field? I created values for the average CPU, memory and swap memory usage and managed to get it in a column chart. I'd like ... by josephinemho Path Finder in Splunk Search 10-04-2018 0 8	0	8
Why does removing a search term reduce the number of results returned? My data looks like this: { [-] computer_dns_name: computer.domain.com computer_sid: 22264db9ce59... by jfriedman_ofigl Explorer in Splunk Search 10-04-2018 0 4	0	4
How do you search a value from one query in another second query? We have two different search queries with no unique fields and we would like to get the below info: we would like t... by dsha Engager in Splunk Search 10-04-2018 0 8	0	8
How do I break a chart with too many columns into several charts within the same report? I created a chart with too many columns, like following: source="/abc/def/aaa.log \| chart count(eval(searchmatch("12... by qhma New Member in Splunk Search 10-04-2018 0 1	0	1
How do I show the sum of events that occurred before a specific time on a line chart? I currently have a search that shows a line chart of events according to a "Created" date field, but would like to sh... by anlai2 Engager in Splunk Search 10-04-2018 0 0	0	0
Typecast an integer to a float? \| makeresults \| eval a=1024.0 \| eval b=.15 \| eval c=a*(1.0-b) \| table a b c gives a b c 1024.0 0.15 870 ... by nick405060 Motivator in Splunk Search 10-04-2018 0 3	0	3
Best practice for dealing with Unicode codepoints in Splunk ? Dear Splunkers, I face logs, where special characters have been encoded into Unicode codepoints (e. g. \u0301 instea... by smichalski Explorer in Splunk Search 10-04-2018 3 3	3	3
Can someone help me fix my search that uses the sort command? I'm getting strange behavior with a sort, and wondered if anyone knows why. If I run: index=os source=/var/log/sla... by mitchellthom Engager in Splunk Search 10-04-2018 0 2	0	2
OR connection with missing fileds Hello Folks, i have folowing question I have folowing search index=indexA OR index=indexB OR indexC user=alex OR ip... by alex_kh Explorer in Splunk Search 10-04-2018 0 2	0	2
How do I filter values with at least one zero in time? Hello! I want to find local IPs that communicate with outside IPs every 5 minutes, for example: ... by Shark2112 Communicator in Splunk Search 10-04-2018 0 1	0	1
Can you help me with the following conditional streamstats issue? Hi splunkers, Suppose I have the following table: Date ItemsPurchased UnitPrice 1/1/1111 20 0.5 2/1/1111 10 1 3/1... by ADRIANODL Explorer in Splunk Search 10-03-2018 0 7	0	7
Can you help me with a regex expression(multiple in one query)? Trying to capture multiple groups, basically after the colon MacAddress : 7A:AA:82:31:24:B1 Manufactu... by JoshuaJohn Contributor in Splunk Search 10-03-2018 0 4	0	4
In a search, Is there an alternative for the eventstats command? I need to find another way instead of eventstats for my search. Is there a way where I can tag the events and add an... by patricianaguit Explorer in Splunk Search 10-03-2018 0 2	0	2
Is there a way where I can tag events and add another field based on hierarchy? is there a way where I can tag events and add another field based on hierarchy? For example: Id 1 has different ini... by patricianaguit Explorer in Splunk Search 10-03-2018 0 4	0	4
Can you help me to extract a specific event from a log? Hello In a report, i used the code below in order to search for an error code in my events. But, when a code is fou... by jip31 Motivator in Splunk Search 10-03-2018 0 2	0	2
In a search, how do you group similar URL patterns? I am doing a search and evaluating count, avg RT based on some URL patterns. Below are the URLs for my category pages... by alex129 New Member in Splunk Search 10-03-2018 0 8	0	8
Can you help me with my query that uses multiple where conditions? I have a search to identify when a particular server activates "hardware mode" and doesn't exit within a certain time... by jcleary47 Path Finder in Splunk Search 10-03-2018 0 2	0	2
How do I return lookup events only if they match certain field values? Hi, I have two lookup files below: masterinventory.csv type make model year storeID keycode... by russell120 Communicator in Splunk Search 10-03-2018 0 3	0	3
How to extract values where the field name has multiple spaces? Hello, I'm trying to figure out a way to extract values where the field has multiple spaces in it. When I do a sim... by gnoellbn Explorer in Splunk Search 10-03-2018 0 8	0	8
i have a join query which i need to optimize using OR and Stats, Since i am dealing with timestamp and fetching last(field), i am struggling, Can any one help? index="index1 sourcetype="sourcetype1" \| join deviceId [ search index="index2" sourcetype="sourcetype2" productFamil... by m4sucess New Member in Splunk Search 10-03-2018 0 7	0	7
How can I get time picker earliest and latest epoch values before doing a search? Hi, How can I get 'raw' earliest and latest value before doing search? I need the epoch seconds format, so -1d@d co... by lukasz92 Communicator in Splunk Search 10-03-2018 1 10	1	10
How do you show a row count in a dashboard panel? Hello All I am not sure how to show the row count in my dashboard. I have one panel that searches a list of hosts... by edwardrose Contributor in Splunk Search 10-03-2018 0 2	0	2
How do I extract the latest occurrence of a field from multiple lines? Want to capture the latest occurrence of "working_condition_check - status -" which is "Stopped". Please help me in... by nkchaitanya Explorer in Splunk Search 10-03-2018 0 2	0	2
Can you help me use the rex command to parse API's JSON? I have the following JSON, but I'm not really familiar with Splunk's rex function. I tried this command without succe... by gcescatto New Member in Splunk Search 10-03-2018 0 1	0	1