Splunk Search

Community Activity

How do you search all fields in a sourcetype with regex? The context: I'm looking for sensitive information patterns showing up in the IIS sourcetype that we have. What I ca... by CMSchelin Path Finder in Splunk Search 09-11-2018 0 3	0	3
How to create a scheduled job time to find the run time of each of the searches? I'm working w/ a similar issue as: https://answers.splunk.com/answers/512103/how-to-get-a-list-of-schedules-searches-... by moorvogi Path Finder in Splunk Search 09-11-2018 0 6	0	6
How do I use a sparkline within tstats to visualize data feed over the last 24 hours? I want to use a tstats command to get a count of various indexes over the last 24 hours. I also want to include the ... by DEAD_BEEF Builder in Splunk Search 09-11-2018 0 1	0	1
Simple XML drilldown link search won't recognize regex or rex I have a dashboard panel with a table. I am able to change the drilldown search when selecting a row in the panel tab... by flegel2 Explorer in Splunk Search 09-11-2018 2 9	2	9
How do I search for exact sequence of events? Hi All Wondering if anybody can assist. We're logging privilege user activity (GUI interactions etc) and looking to ... by kelvinJE Engager in Splunk Search 09-11-2018 0 3	0	3
How to show values and percentages on hover over columns in 100% stacked column chart? Hello, I have a graph that I'm displaying as a 100% stacked column chart. Even though the Y-Axis is set to 0-100 I ... by AlexMcDuffMille Communicator in Splunk Search 09-11-2018 0 3	0	3
Can you help me with my filtering search? Hi, I am trying to create a list of customers based on one event type but then show stats from all the events by tho... by simbug New Member in Splunk Search 09-11-2018 0 1	0	1
Problem Sourcetype - Extraction Hello, I receive logs from my server and I want to extract manually some field but I get this error : The events ass... by geantver0000 Engager in Splunk Search 09-11-2018 0 1	0	1
invalid search or missing required fields for thresholding Hi, I'm using ad hoc search for a glass table. By search, when run i'm able to get the value that i want. But in the... by faizolsaidin Explorer in Splunk Search 09-11-2018 0 3	0	3
How to graph the rate from firewall logs with only start and end session messages ? Hi, I have a network rate graph i build from my firewall logs with the timechart command: host=firewall_IP type=tra... by efourage New Member in Splunk Search 09-11-2018 0 1	0	1
Why when using "map" command, if I use the string argument with "map", results are not displayed? Splunk ver : 7.1.2 When I use the map command, if argument that pass to map is string, results are never displayed. ... by yutaka1005 Builder in Splunk Search 09-10-2018 0 5	0	5
Is it possible to clear unwanted stanzas out of transforms.conf? I am trying to filter unwanted events from a text file and am experimenting with the REGEX expression. I think I hav... by kylosplunk Engager in Splunk Search 09-10-2018 0 5	0	5
TIME_FORMAT AUTO works, but strptime defined does not for props.conf Why is TIME_FORMAT failing for importing data? I get the error: Could not use strptime to parse timestamp from "INF... by gwalford Path Finder in Splunk Search 09-10-2018 0 2	0	2
rex giving unrecognized character Regular expression "ParNew:" \| rex "(?i)\\), (?P[^ ]+)" \| rex "(?i).*?\\((?P\\d+\\w+)(?=\\))" \| rex "(?i)\\[ParNew:... by shobhitdesh New Member in Splunk Search 09-10-2018 0 4	0	4
How to calculate total disk size when using freediskspace collection? I am searching for a 'search' that will give me the following information: Disk usage (C:) in % Total Disk size (C:) ... by edwinmae Path Finder in Splunk Search 09-10-2018 0 5	0	5
How do I combine mv fields into a new field? I have events that have two multivalue fields, field1 and field2. They look like this: Field1 Field2 12345... by jambajuice Communicator in Splunk Search 09-10-2018 2 13	2	13
How to compare between individual values from two fields having multiple values ? I have 2 fields from my search, something like this - Errorcode, ErrorDescription Err1, "abcd password is missing xyz... by Upas02 Path Finder in Splunk Search 09-10-2018 0 8	0	8
How to modify rows and columns in the Splunk table? Hello, I have written a splunk search which produces the following table: from to parameter value A C ... by kiril123 Path Finder in Splunk Search 09-10-2018 0 2	0	2
How do you search an inputlookup for the results of your query? I'm a little stumped with what I am trying to achieve with the lookup of values from a CSV, which are based on the se... by DdanielbriemB New Member in Splunk Search 09-10-2018 0 1	0	1
How do you display response time results sorted in descending order ? I am trying to display response times in a chart for my services. But, how do I display the response times results in... by navd New Member in Splunk Search 09-10-2018 0 3	0	3
Why is my time token changing in a comparison timechart? I successfully put together a graph that compares bandwidth consumption over a period of time (currently hardcoded to... by everynameIwanti Explorer in Splunk Search 09-10-2018 0 2	0	2
How do I join multiple sourcetypes by different fields (ids)? I'm trying to join the result of three different sourcetypes into one result. These three sourcetypes are connected b... by ebruozys Path Finder in Splunk Search 09-10-2018 1 2	1	2
How do you get tabular event with field value pair? I have an event in the below format. INCIDENT_ID PROBLEM_KEY ... by twh1 Communicator in Splunk Search 09-10-2018 0 5	0	5
How do I calculate another time frame based on time input? I am trying to build a dash where I need to calculate another earliest and latest based on an input of time. The sec... by Kallantin New Member in Splunk Search 09-10-2018 0 0	0	0
Can we disable the drilldown for a specific field in pie chart? I have a pie chart which displays two things 1) ABC 2)XYZ When I click on ABC, it should go to other Dashboard via d... by Priya312 Explorer in Splunk Search 09-09-2018 0 3	0	3