Splunk Search

Community Activity

Why would a time filter working in search but not in the dashboard? I built a dashboard and am trying to include a time filter on Purchase Date and not the default _time field. At first... by cromm Explorer in Splunk Search 08-07-2018 0 4	0	4
How to map index in active directory to splunk instance? Hello guys I have an index, stored in active directory. Is there a possibility to make my splunk instance extract da... by denys_k Explorer in Splunk Search 08-07-2018 0 2	0	2
How to create a rex for search? I have the below log line: Slow GraphQL query [8447ms] How can I grab only the value "8447"? by super_virus New Member in Splunk Search 08-06-2018 0 2	0	2
Search from web UI not working We are in a process of setting up new splunk env on CentOS 7. As part of it we have configured 1 search head and 1 in... by aksharp Explorer in Splunk Search 08-06-2018 0 3	0	3
How to extract one field from the data listed? How would I go about performing a field extraction when the data is structured as follows: ->Message.[some random nu... by chrisschum Path Finder in Splunk Search 08-06-2018 0 5	0	5
In PDF generation why are the bar columns too small? When I generate a pdf of a dashboard, the columns on the chart are too narrow. The values that are shown on each bar ... by rajindurbal Path Finder in Splunk Search 08-06-2018 1 3	1	3
Specify More Than One Host? Hey everyone! I have a pretty simple question. Below is a sample search string: index=os sourcetype=df mount="/etc" ... by eboniebutler New Member in Splunk Search 08-06-2018 0 3	0	3
How to get stats based on multiple values for a single source? I have 3 sources source1, source2, source3 and 5 sourcetypes sourcetype1, sourcetype2, sourcetype3, sourcetype4, sour... by Nidheesh Explorer in Splunk Search 08-06-2018 0 6	0	6
Why is [REGEX] Transforms.conf not able to apply a global flag? Hi Splunkies, I have configured a transforms.conf below: [ABCD] REGEX = (?m)^(.)("ABCD":")(\w+(\w{4}["].)) FORMAT... by qinghaogoh New Member in Splunk Search 08-06-2018 0 1	0	1
How to display field values in a dropdown? I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based ... by navd New Member in Splunk Search 08-06-2018 0 7	0	7
How to read middle events from the event list? I am having n number of events but want to read 3 and 4th record. Eg: 2018-02-09 ABCD 1234 5678 2018-02-09 EFGH 133... by Rajkumarkbm Engager in Splunk Search 08-06-2018 0 6	0	6
Calculating utilization of nodes connected in Tree network topology I have been busting my brain on this for a few weeks with no clear solution, turning to the brainiacs in the Splunk c... by adlireza Path Finder in Splunk Search 08-06-2018 0 4	0	4
How to create a new field using eval by eventtype? Hi guys, I am trying to create an evaluated field, action, that will contain different values from different fields ... by jmteo Explorer in Splunk Search 08-06-2018 1 10	1	10
Can you do a data model search based on tstats and macros? Can you do a data model search based on a macro? Trying but Splunk is not liking it. It yells about the wildcards *... by david_casey Path Finder in Splunk Search 08-06-2018 0 2	0	2
Timechartで、10個以上のデータがOtherに丸められてしまう。 Timechartで10種類以上のデータを同時に表示・プロットしたいのですが、Othersに丸められてしまいます。 15種類など、より多く設定するにはどうすればよいでしょうか。 by Splunk_Shinobi Splunk Employee in Splunk Search 08-06-2018 0 2	0	2
How to match an IP to CIDR Range to get Criticality for ES? I'm trying to write a search for an asset lookup that I'm able to query to take a list of IPs and bring back the corr... by SMWickman Explorer in Splunk Search 08-06-2018 0 1	0	1
Can you have cascading automatic lookups? In some of my sourcetypes, I am using automatic CSV lookups to add some data to Splunk (as explained in the docs here... by danielpellarini Path Finder in Splunk Search 08-06-2018 0 3	0	3
Training a list of models in the ML Toolkit Hello, Using the ML Toolkit, I am looking to train and and apply the OneclassSVM algorithm on a list of models. Basi... by CarlAnners New Member in Splunk Search 08-06-2018 0 0	0	0
Overlaying a previous years data on chart I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype=s... by jackreeves Explorer in Splunk Search 08-06-2018 0 4	0	4
How to get percentage from customer of different reports? Hi community! I would like to make the number inside the red circle to be a percentage based on the total customer i... by andrehl Explorer in Splunk Search 08-06-2018 0 3	0	3
How to search for a field value with a wildcard and a variable? index="test_index" \|table Calendar, Job, Status \|eval dayNow=strftime(now(),"%A") \|search Calendar= ??? My 'Calenda... by asamajdwar New Member in Splunk Search 08-05-2018 0 1	0	1
unable to sun subsearch index="_internal" user!=admin \| [search index="_internal" \| stats count by user] I am trying to run above query but ... by kushagra9120 Explorer in Splunk Search 08-05-2018 0 2	0	2
How to get events that do not contain a particular string or a pattern? I have events coming in the below format "2018:04:04:11:19:59.926 testhostname 3:INFO TEST:NOTE FLAG 1234567894567890... by bkumarm Contributor in Splunk Search 08-05-2018 1 9	1	9
concatene 2 similar search hi i try to concatene 2 similar query \| join type=outer host [search earliest=-120d index=windows sourcetype=winreg... by jip31 Motivator in Splunk Search 08-05-2018 0 9	0	9
multiple like within if statement In our environments, we have a standard naming convention for the servers. For example, Front End servers: AppFE01_C... by karche Path Finder in Splunk Search 08-04-2018 0 6	0	6