Splunk Search

Community Activity

How to create a table with months along with two other types of data summed? I would like to create a table out of a search with months (date_month) on the first column, then the sum of all uniq... by larswu New Member in Splunk Search 07-27-2018 0 8	0	8
How do I create a field consisting of the previous value for each row of another field? I currently have a list of HTTP events that I have formatted like so: Observe that at the bottom of the image, I h... by alcchang Engager in Splunk Search 07-27-2018 0 3	0	3
Why am I getting an error in 'eval' command "The expression is malformed. Expected ). No missing Parenthesis"? I have double and triple checked for parenthesis and found no issues with the code. <row> <panel> <title>V... by cacampbe Explorer in Splunk Search 07-27-2018 0 6	0	6
Passing search results to external python script I know it's just my lack of knowledge with Splunk causing me some grief here but... I want to pass search results to... by utpress Engager in Splunk Search 07-27-2018 4 12	4	12
How to do an open text search using a lookup table? I have an inventory csv file and want to do an open text search for all the hostnames in my lookup table. The reason... by DEAD_BEEF Builder in Splunk Search 07-27-2018 0 3	0	3
How to handle streamstats / delta assigning a 'zero' to the first row? My query is returning the total number of bytes received by various IP addresses at different points in epoch time. I... by AlexBryant Path Finder in Splunk Search 07-27-2018 0 2	0	2
How to join two searches? I need help joining the following 2 searches. Search 1: app="atlas" source="/usr/local/homeaway/atlas-production/l... by skphi13 New Member in Splunk Search 07-27-2018 0 16	0	16
Issues importing csv data I have exported some data from another Splunk server as a csv file. The file contains multiple source_types and multi... by Kerg New Member in Splunk Search 07-27-2018 0 0	0	0
How to extract string from a paragraph? Hi, Below is my paragraph and I want to extract the routeorder value from the paragraph. Please assist. other_app_l... by ppanchal Path Finder in Splunk Search 07-27-2018 0 5	0	5
Restrict timechart to business hours I am trying to create a timechart to count data for 7 days during business hours. I have the search working fine my p... by jmerry_splunk Splunk Employee in Splunk Search 07-27-2018 0 3	0	3
Use subsearch result as fulltext search in outer search Is it possible to use the result value of a subsearch as a fulltext (or wildcard) search in the outer search. I have ... by woezelmann Engager in Splunk Search 07-27-2018 0 6	0	6
Merging two data sources Hi.. Need some help in merging two search result. i have one source with below result as such - CommonIndex ... by keishamtcs Explorer in Splunk Search 07-27-2018 0 2	0	2
How do you modify your raw data in Splunk? Hello Splunkers, My original data looks like this for a particular day in a below example. Currently, there are 10... by m7787580 Explorer in Splunk Search 07-27-2018 0 8	0	8
Calculating file hashes and adding to events Looking for the best way to implement the following use case: Windows auditing is set up on a file share, so the add... by grantlindley New Member in Splunk Search 07-27-2018 0 1	0	1
How to use a timechart to get an average count of monthly sales? I want to use a timechart to get an average count of monthly sales. But when I use span=30d it calculates average of ... by zacksoft Contributor in Splunk Search 07-27-2018 0 8	0	8
what is the smart way to collect cloud watch logs in multiple S3 bucket? Hi teachers, I try to collect OS event logs in EC2 instance by using Cloudwatch logs, and archive into S3 Bucket by ... by syokota_splunk Splunk Employee in Splunk Search 07-27-2018 0 0	0	0
Extracting event using rex Hi ,Could anyone assist I am attempting to perform a query that extracts an event in splunk "fd-credit-darc-quotat... by HenryFitzerald New Member in Splunk Search 07-27-2018 0 3	0	3
Design question Hello everyone, I have a requirement where I have three servers in PROD and three in DR. UF agents are installed on ... by naomibn Explorer in Splunk Search 07-26-2018 0 0	0	0
Time chart of a field Hello experts, I am a novice and would need some help with my below requirement. My search return some thing like be... by naomibn Explorer in Splunk Search 07-26-2018 0 3	0	3
Transaction in postprocessing removes all results without reason I have a saved search, which is used as the base search for my dashboard. There is no issue getting events from the s... by luclepot Engager in Splunk Search 07-26-2018 2 2	2	2
Correlating data between two searches I have a query that goes into an index and filter a particular type of events of interest using stats and returns som... by rhinomike Explorer in Splunk Search 07-26-2018 0 2	0	2
Anyone have a good search on Detecting anomalies in file changes? All, We have Auditbeat in place as a FIM right now and it's returning great data on file system changes. But it's t... by daniel333 Builder in Splunk Search 07-26-2018 0 0	0	0
How to get alert info in JSON format instead of CSV- SPLUNK_ARG_8 I am currently using SPLUNK_ARG_8 in a python script after an alert is triggered to get the CSV file, but converting ... by MonicaRavichand Engager in Splunk Search 07-26-2018 0 0	0	0
bin with specific buckets Hello I want to use bin to categorize my runtimes into specific buckets. lets' say I want to show runtime and bucket... by dtakacssplunk Explorer in Splunk Search 07-26-2018 0 3	0	3
How can I perform a count and then average that count? I am investigating failed logins. I need to perform a count of all failed logins by user, take an average of that co... by rcarmack1 Engager in Splunk Search 07-26-2018 0 2	0	2