Splunk Search

Community Activity

How to create a new field using eval by eventtype? Hi guys, I am trying to create an evaluated field, action, that will contain different values from different fields ... by jmteo Explorer in Splunk Search 08-06-2018 1 10	1	10
Can you do a data model search based on tstats and macros? Can you do a data model search based on a macro? Trying but Splunk is not liking it. It yells about the wildcards *... by david_casey Path Finder in Splunk Search 08-06-2018 0 2	0	2
Timechartで、10個以上のデータがOtherに丸められてしまう。 Timechartで10種類以上のデータを同時に表示・プロットしたいのですが、Othersに丸められてしまいます。 15種類など、より多く設定するにはどうすればよいでしょうか。 by Splunk_Shinobi Splunk Employee in Splunk Search 08-06-2018 0 2	0	2
How to match an IP to CIDR Range to get Criticality for ES? I'm trying to write a search for an asset lookup that I'm able to query to take a list of IPs and bring back the corr... by SMWickman Explorer in Splunk Search 08-06-2018 0 1	0	1
Can you have cascading automatic lookups? In some of my sourcetypes, I am using automatic CSV lookups to add some data to Splunk (as explained in the docs here... by danielpellarini Path Finder in Splunk Search 08-06-2018 0 3	0	3
Training a list of models in the ML Toolkit Hello, Using the ML Toolkit, I am looking to train and and apply the OneclassSVM algorithm on a list of models. Basi... by CarlAnners New Member in Splunk Search 08-06-2018 0 0	0	0
Overlaying a previous years data on chart I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype=s... by jackreeves Explorer in Splunk Search 08-06-2018 0 4	0	4
How to get percentage from customer of different reports? Hi community! I would like to make the number inside the red circle to be a percentage based on the total customer i... by andrehl Explorer in Splunk Search 08-06-2018 0 3	0	3
How to search for a field value with a wildcard and a variable? index="test_index" \|table Calendar, Job, Status \|eval dayNow=strftime(now(),"%A") \|search Calendar= ??? My 'Calenda... by asamajdwar New Member in Splunk Search 08-05-2018 0 1	0	1
unable to sun subsearch index="_internal" user!=admin \| [search index="_internal" \| stats count by user] I am trying to run above query but ... by kushagra9120 Explorer in Splunk Search 08-05-2018 0 2	0	2
How to get events that do not contain a particular string or a pattern? I have events coming in the below format "2018:04:04:11:19:59.926 testhostname 3:INFO TEST:NOTE FLAG 1234567894567890... by bkumarm Contributor in Splunk Search 08-05-2018 1 9	1	9
concatene 2 similar search hi i try to concatene 2 similar query \| join type=outer host [search earliest=-120d index=windows sourcetype=winreg... by jip31 Motivator in Splunk Search 08-05-2018 0 9	0	9
multiple like within if statement In our environments, we have a standard naming convention for the servers. For example, Front End servers: AppFE01_C... by karche Path Finder in Splunk Search 08-04-2018 0 6	0	6
Today count match with same day in last week and prior week Hi Experts, Below is my search, index=something source=something "error" \| stats count I want to create an alert f... by john_q Explorer in Splunk Search 08-04-2018 0 8	0	8
How to break the XML file into multiple events from search head? Hi All, I have indexed the XML file without breaking it into events, I need to break the events using on tag. Hence ... by nasrinmulani New Member in Splunk Search 08-04-2018 0 11	0	11
error of calculate in field of Lookup with the use strptime Hi, I have an alert if time is greater that the field end Time. The time field I extrated it from the log and fie... by Carolina Engager in Splunk Search 08-03-2018 0 4	0	4
What will be the Regex for creating the below alert? I have below two events which I hav separated by "=" line for better view.I want to extract the below mentioned lines... by abhi04 Communicator in Splunk Search 08-03-2018 0 12	0	12
How to list multiple fields separately and calculate stats? good afternoon It is possible to group in a variable the state of multiple fields? Currently I have several fields a... by efaundez Path Finder in Splunk Search 08-03-2018 0 8	0	8
What is the distinction between "events" versus "results"? I hear people talk about the difference between "events" and "results" in Splunk. What is the exact difference and wh... by LukeMurphey Champion in Splunk Search 08-03-2018 0 1	0	1
Better way to track sequence of web logs other than transaction command I am using the transaction command to follow the sequence of a successful WordPress login (and the URIs the user hits... by jwalzerpitt Influencer in Splunk Search 08-03-2018 0 2	0	2
Query running time I want to run a query every 5 minutes starting from today 7 AM to next day 5 AM and so on. Throughout my run earliest... by Kwip Contributor in Splunk Search 08-03-2018 0 13	0	13
With regular expression how to auto extract JSON elements? I've created a Field Transform that attempts to extract all JSON key-value pairs, via the following regex: (?:\"\|\'... by dijikul Communicator in Splunk Search 08-03-2018 0 20	0	20
Are there any good lispy docs out there? Has anyone come across any good references or resource material explaining lispy? This is visible from the search in... by Lowell Super Champion in Splunk Search 08-03-2018 0 2	0	2
Reload commands.conf without restarting splunk Is there a way where I do not have to restart splunk to enable a new custom search command? How to reload commands.co... by lpolo Motivator in Splunk Search 08-03-2018 0 3	0	3
Displaying stats count as single value but with sparkline and trend indicator Hi fellow Splunkers, I've read Single Value support docs and it seems to have distinct application for Stats or Timec... by eddychuah Path Finder in Splunk Search 08-03-2018 1 7	1	7