Splunk Search

Community Activity

How to get stats based on multiple values for a single source? I have 3 sources source1, source2, source3 and 5 sourcetypes sourcetype1, sourcetype2, sourcetype3, sourcetype4, sour... by Nidheesh Explorer in Splunk Search 08-06-2018 0 6	0	6
Why is [REGEX] Transforms.conf not able to apply a global flag? Hi Splunkies, I have configured a transforms.conf below: [ABCD] REGEX = (?m)^(.)("ABCD":")(\w+(\w{4}["].)) FORMAT... by qinghaogoh New Member in Splunk Search 08-06-2018 0 1	0	1
How to display field values in a dropdown? I have a field extracted called "IP" , I want to display the values of IP in a dropdown . But I want to do it based ... by navd New Member in Splunk Search 08-06-2018 0 7	0	7
How to read middle events from the event list? I am having n number of events but want to read 3 and 4th record. Eg: 2018-02-09 ABCD 1234 5678 2018-02-09 EFGH 133... by Rajkumarkbm Engager in Splunk Search 08-06-2018 0 6	0	6
Calculating utilization of nodes connected in Tree network topology I have been busting my brain on this for a few weeks with no clear solution, turning to the brainiacs in the Splunk c... by adlireza Path Finder in Splunk Search 08-06-2018 0 4	0	4
How to create a new field using eval by eventtype? Hi guys, I am trying to create an evaluated field, action, that will contain different values from different fields ... by jmteo Explorer in Splunk Search 08-06-2018 1 10	1	10
Can you do a data model search based on tstats and macros? Can you do a data model search based on a macro? Trying but Splunk is not liking it. It yells about the wildcards *... by david_casey Path Finder in Splunk Search 08-06-2018 0 2	0	2
Timechartで、10個以上のデータがOtherに丸められてしまう。 Timechartで10種類以上のデータを同時に表示・プロットしたいのですが、Othersに丸められてしまいます。 15種類など、より多く設定するにはどうすればよいでしょうか。 by Splunk_Shinobi Splunk Employee in Splunk Search 08-06-2018 0 2	0	2
How to match an IP to CIDR Range to get Criticality for ES? I'm trying to write a search for an asset lookup that I'm able to query to take a list of IPs and bring back the corr... by SMWickman Explorer in Splunk Search 08-06-2018 0 1	0	1
Can you have cascading automatic lookups? In some of my sourcetypes, I am using automatic CSV lookups to add some data to Splunk (as explained in the docs here... by danielpellarini Path Finder in Splunk Search 08-06-2018 0 3	0	3
Training a list of models in the ML Toolkit Hello, Using the ML Toolkit, I am looking to train and and apply the OneclassSVM algorithm on a list of models. Basi... by CarlAnners New Member in Splunk Search 08-06-2018 0 0	0	0
Overlaying a previous years data on chart I am displaying some data by Month for 2018/2019 (i.e. 01-2018, 02-2018) on a barchart. Search Query: ( sourcetype=s... by jackreeves Explorer in Splunk Search 08-06-2018 0 4	0	4
How to get percentage from customer of different reports? Hi community! I would like to make the number inside the red circle to be a percentage based on the total customer i... by andrehl Explorer in Splunk Search 08-06-2018 0 3	0	3
How to search for a field value with a wildcard and a variable? index="test_index" \|table Calendar, Job, Status \|eval dayNow=strftime(now(),"%A") \|search Calendar= ??? My 'Calenda... by asamajdwar New Member in Splunk Search 08-05-2018 0 1	0	1
unable to sun subsearch index="_internal" user!=admin \| [search index="_internal" \| stats count by user] I am trying to run above query but ... by kushagra9120 Explorer in Splunk Search 08-05-2018 0 2	0	2
How to get events that do not contain a particular string or a pattern? I have events coming in the below format "2018:04:04:11:19:59.926 testhostname 3:INFO TEST:NOTE FLAG 1234567894567890... by bkumarm Contributor in Splunk Search 08-05-2018 1 9	1	9
concatene 2 similar search hi i try to concatene 2 similar query \| join type=outer host [search earliest=-120d index=windows sourcetype=winreg... by jip31 Motivator in Splunk Search 08-05-2018 0 9	0	9
multiple like within if statement In our environments, we have a standard naming convention for the servers. For example, Front End servers: AppFE01_C... by karche Path Finder in Splunk Search 08-04-2018 0 6	0	6
Today count match with same day in last week and prior week Hi Experts, Below is my search, index=something source=something "error" \| stats count I want to create an alert f... by john_q Explorer in Splunk Search 08-04-2018 0 8	0	8
How to break the XML file into multiple events from search head? Hi All, I have indexed the XML file without breaking it into events, I need to break the events using on tag. Hence ... by nasrinmulani New Member in Splunk Search 08-04-2018 0 11	0	11
error of calculate in field of Lookup with the use strptime Hi, I have an alert if time is greater that the field end Time. The time field I extrated it from the log and fie... by Carolina Engager in Splunk Search 08-03-2018 0 4	0	4
What will be the Regex for creating the below alert? I have below two events which I hav separated by "=" line for better view.I want to extract the below mentioned lines... by abhi04 Communicator in Splunk Search 08-03-2018 0 12	0	12
How to list multiple fields separately and calculate stats? good afternoon It is possible to group in a variable the state of multiple fields? Currently I have several fields a... by efaundez Path Finder in Splunk Search 08-03-2018 0 8	0	8
What is the distinction between "events" versus "results"? I hear people talk about the difference between "events" and "results" in Splunk. What is the exact difference and wh... by LukeMurphey Champion in Splunk Search 08-03-2018 0 1	0	1
Better way to track sequence of web logs other than transaction command I am using the transaction command to follow the sequence of a successful WordPress login (and the URIs the user hits... by jwalzerpitt Influencer in Splunk Search 08-03-2018 0 2	0	2