Splunk Search

Community Activity

Can I REGEX a string and assign to field? I have Graylog forwarding Windows events and I use this command in my props.conf to parser FIELDALIAS-winlogbeat_as... by pfabrizi Path Finder in Splunk Search 08-29-2018 0 10	0	10
Is there a way to avoid the join command between indexes? I'm trying to get my head around the alternatives, but can't see how I could get rid of the join in the following que... by Esperteyu Explorer in Splunk Search 08-29-2018 0 8	0	8
Can someone help me chart JSON values? I have a JSON just like this. I want to chart data of the values inside values key. The keys of the data in the value... by sarnathkj Explorer in Splunk Search 08-29-2018 0 1	0	1
Lookup matching question Hi, I used the code below. In a first version of the code, my code began by \| inputlookup append=t NZDL.csv And afte... by jip31 Motivator in Splunk Search 08-29-2018 0 1	0	1
Is it possible to extract dimensions from the source field for metrics imported from CSV files? We already use a custom CSV formt to report application metrics. The format is very similar to the one introduced in ... by krdo Communicator in Splunk Search 08-29-2018 0 7	0	7
How to check if the field exists and extract the value? Hi. I need to use IP Address in iplocation, but O365 returns 2 different logs. one with "ClientIP" field and others w... by avtandil Engager in Splunk Search 08-29-2018 0 2	0	2
Remove CN= string and the rest from my search results Hi guys! I'm loking for a search like this: source="WinEventLog:Security" name = "A member group" Group_Name="*ad... by jnahuelperez35 Path Finder in Splunk Search 08-29-2018 0 4	0	4
Find Hosts which do their searches in alphabetical order Hi there I have many log-entries with the two fields "host_address" (an IP address) and "query" (a search query). On... by switch_dast Explorer in Splunk Search 08-29-2018 1 6	1	6
How to join two searches that both have subsearches and transactions I have an index with email data. With it, I have two separate searches that utilize subsearches to put together a se... by DEAD_BEEF Builder in Splunk Search 08-28-2018 0 1	0	1
Why doesn't "Wrap results" fit to the screen (or is there a way?) After I perform a search and click the "Format" Icon above the search results, there is an option for "Wrap Results".... by briancronrath Contributor in Splunk Search 08-28-2018 0 1	0	1
charts: How can I calculate median for each type on the hourly aggregation? Dear all, There are three columns with data: time (time scale in steps of 10 minutes) , val (amount of transactions)... by belts New Member in Splunk Search 08-28-2018 0 2	0	2
How to use stats as a filtered self join? I have groups of events that have the same GroupID field. For events matching given criteria I need to find anothe... by pm771 Communicator in Splunk Search 08-28-2018 1 4	1	4
Dbxlookup Functioning When we call a dbxlookup in a search query, does the lookup search for the matching filed values in the entire datab... by nawazns5038 Builder in Splunk Search 08-28-2018 0 0	0	0
From fields values make a table with calculated fields Hi Everyone, I'm new to Splunk: our Data looks like this: > id;name;Field1;Field2;Field3;Field4;field5;field6;fi... by dfofie New Member in Splunk Search 08-28-2018 0 4	0	4
Table Row Highlighting, using non numeric I am using the table_row_highlighting.js and the table_decorations.css from the 'latest Splunk 6.x Dashboard examples... by edwinmae Path Finder in Splunk Search 08-28-2018 0 5	0	5
JSON Field Extraction and Charting I have a sample JSON just like this. {"Domain":"DotComMobile","Metrics":"city","Brooklyn":782,"Bronx":450,"New York"... by sarnathkj Explorer in Splunk Search 08-28-2018 0 1	0	1
How do I capture the repeating pattern on multiple lines with REX? With this dataset, the linebreaker is zone: zone: zone_1wwns 00:00:00:00:00:00:00:01 zone: zone_2wwns ... by clintla Contributor in Splunk Search 08-28-2018 0 3	0	3
Get top combination from a multi value field Hi, I have a multi value field who has data something like below which has been extracted from some web service. I a... by Shashank_87 Explorer in Splunk Search 08-28-2018 0 5	0	5
Is there a regex available to drop service account events from active directory to be used on the universal forwarder? Our security events count is in millions and we observed that we have more then 600 service accounts in our environme... by hrithiktej Communicator in Splunk Search 08-28-2018 0 0	0	0
Visualizations: How do you display all accounts in the same chart at the same time? How do I display all accounts in the same chart at the same time? There are three accounts！ account1 have 1000000$ ... by flzhang132 Explorer in Splunk Search 08-28-2018 0 1	0	1
How to search a string having multiple lines? I want to search a string "call_before_download = function(){<!-- --> showInstallInstructions(); } by Bhagyashri Explorer in Splunk Search 08-28-2018 0 2	0	2
Is there an alternative to using > in a search string? My basic question is as follows: Is there a text alternative for specifying greater or less than, rather than using ... by psymonkey New Member in Splunk Search 08-28-2018 0 4	0	4
Why is 'other' showing up? I have a couple simple saved searches, and they are on a dashboard. After upgrading to 4.3, "other" started showing u... by jgauthier Contributor in Splunk Search 08-28-2018 1 6	1	6
How to pass the value in main query from the lookup file in a list of servers? I have a list of server in lookup file and I want to create an alert. The list of server names in the lookup file(aro... by DataOrg Builder in Splunk Search 08-28-2018 0 7	0	7
How can I change the legend values for timechart to a different format? How can I change the values in the legend for a timechart? I use: index=indexone sourcetype=sourceone \| timechart co... by desi_stoitsova Engager in Splunk Search 08-28-2018 2 0	2	0