Splunk Search

Community Activity

Get top combination from a multi value field Hi, I have a multi value field who has data something like below which has been extracted from some web service. I a... by Shashank_87 Explorer in Splunk Search 08-28-2018 0 5	0	5
Is there a regex available to drop service account events from active directory to be used on the universal forwarder? Our security events count is in millions and we observed that we have more then 600 service accounts in our environme... by hrithiktej Communicator in Splunk Search 08-28-2018 0 0	0	0
Visualizations: How do you display all accounts in the same chart at the same time? How do I display all accounts in the same chart at the same time? There are three accounts！ account1 have 1000000$ ... by flzhang132 Explorer in Splunk Search 08-28-2018 0 1	0	1
How to search a string having multiple lines? I want to search a string "call_before_download = function(){<!-- --> showInstallInstructions(); } by Bhagyashri Explorer in Splunk Search 08-28-2018 0 2	0	2
Is there an alternative to using > in a search string? My basic question is as follows: Is there a text alternative for specifying greater or less than, rather than using ... by psymonkey New Member in Splunk Search 08-28-2018 0 4	0	4
Why is 'other' showing up? I have a couple simple saved searches, and they are on a dashboard. After upgrading to 4.3, "other" started showing u... by jgauthier Contributor in Splunk Search 08-28-2018 1 6	1	6
How to pass the value in main query from the lookup file in a list of servers? I have a list of server in lookup file and I want to create an alert. The list of server names in the lookup file(aro... by DataOrg Builder in Splunk Search 08-28-2018 0 7	0	7
How can I change the legend values for timechart to a different format? How can I change the values in the legend for a timechart? I use: index=indexone sourcetype=sourceone \| timechart co... by desi_stoitsova Engager in Splunk Search 08-28-2018 2 0	2	0
Using spath or xpath Below is my xml from which i need the Name and code under every option <options> <name>MESSAGING + DA... by yaminims New Member in Splunk Search 08-28-2018 0 2	0	2
eval with malformed in my nested if. Expected (. Hi, Need help urgently. I am running Splunk command in batch file but I keep on getting FATAL: Error in 'eval' com... by peiyee422 New Member in Splunk Search 08-28-2018 0 5	0	5
Can we use regex for counting fields? Hi I have one question, is it possible to count the number of event in regex format for writing in transforms.conf? by khanlarloo Explorer in Splunk Search 08-28-2018 0 8	0	8
Do I need to use these two searches because of the multikv with one table? So here is my search index=someindex sourcetype=somesourcetype source="someloglocation*" eventtype="nix_kernel_attac... by thefuzz4 Path Finder in Splunk Search 08-27-2018 0 4	0	4
Event correlation with specific event filtering I have following search: index=pfsense OR index=otherindex verdict=pass \| stats values(destip) AS fieldA, values(ot... by strangelaw Explorer in Splunk Search 08-27-2018 0 3	0	3
How do I use date_mday to create a table with multiple fields? Hi Splunkers, newish user here... I'm looking at firewall logs, I want to create a table with number of blocked IP fo... by jnames10 Explorer in Splunk Search 08-27-2018 1 2	1	2
What is the best way to generate a timechart count and overlay a trendline of expected goal growth? Hi, I want to generate a timechart count of actual values and overlay a trendline of expected goal growth. Basically ... by ahofmann Explorer in Splunk Search 08-27-2018 0 1	0	1
how to include the graphical chart in email Is it possible to include the graphical chart(not a pdf) along with tabular chart in the email alerts which are confi... by mag3690 Engager in Splunk Search 08-27-2018 1 4	1	4
Output multiple fields from query to csv via output lookup I have created a query that will extract specific information from my Active Directory logs, and output it into a nic... by iomega311 Explorer in Splunk Search 08-27-2018 0 1	0	1
timechart count for last status=up, each month So, I've simplified my real problem down to this example with as few variables as possible. I wish I could simply alt... by adamsmith47 Communicator in Splunk Search 08-27-2018 0 3	0	3
How do I table a transactionid value using regular expression? Below is my log, [ERL_ROUTE_ACK_INTERFACE] 2018-08-27 11:06:02 DEBUG [callUpdateERLRouteStatus] ERLRouteAckServiceI... by ppanchal Path Finder in Splunk Search 08-27-2018 0 2	0	2
How do I calculate median values for the column for 7 weeks? Dear all, There are two columns with data: time (time scale in steps of 10 minutes) and val (amount of transactions)... by belts New Member in Splunk Search 08-27-2018 0 2	0	2
How to extract the fields for kv pair syslog data? Hi All, How to extract the fields for the syslog data with kv values at indexing time? Aug 27 10:05:58 ciscoasa SFI... by knalla Path Finder in Splunk Search 08-27-2018 0 1	0	1
How can I get my inputlookup to exclude holidays? Hello I have a search that I use to calculate days between 2 dates. The search is like this: \|index=dev_tsv "B... by tkwaller_2 Communicator in Splunk Search 08-27-2018 0 11	0	11
How to create a timechart based on index time? I'm trying to create a timechart to show when logs were ingested. Trying to use _indextime but it doesn't seem to be... by DEAD_BEEF Builder in Splunk Search 08-27-2018 0 3	0	3
How to capture type of events in fields based on single event type? Hi All , 1)How do you capture INFO/ERROR/WARN events using regular expression ? 2)How do you capture the rest of the ... by raj_mpl Path Finder in Splunk Search 08-27-2018 0 3	0	3
How do I search for low counts of specific user logons per host? I'm trying to do some least common occurance hunting in our environment, and would like to see if I can make a search... by rwmilligan Explorer in Splunk Search 08-27-2018 0 3	0	3