Splunk Search

Community Activity

Design question Hello everyone, I have a requirement where I have three servers in PROD and three in DR. UF agents are installed on ... by naomibn Explorer in Splunk Search 07-26-2018 0 0	0	0
Time chart of a field Hello experts, I am a novice and would need some help with my below requirement. My search return some thing like be... by naomibn Explorer in Splunk Search 07-26-2018 0 3	0	3
Transaction in postprocessing removes all results without reason I have a saved search, which is used as the base search for my dashboard. There is no issue getting events from the s... by luclepot Engager in Splunk Search 07-26-2018 2 2	2	2
Correlating data between two searches I have a query that goes into an index and filter a particular type of events of interest using stats and returns som... by rhinomike Explorer in Splunk Search 07-26-2018 0 2	0	2
Anyone have a good search on Detecting anomalies in file changes? All, We have Auditbeat in place as a FIM right now and it's returning great data on file system changes. But it's t... by daniel333 Builder in Splunk Search 07-26-2018 0 0	0	0
How to get alert info in JSON format instead of CSV- SPLUNK_ARG_8 I am currently using SPLUNK_ARG_8 in a python script after an alert is triggered to get the CSV file, but converting ... by MonicaRavichand Engager in Splunk Search 07-26-2018 0 0	0	0
bin with specific buckets Hello I want to use bin to categorize my runtimes into specific buckets. lets' say I want to show runtime and bucket... by dtakacssplunk Explorer in Splunk Search 07-26-2018 0 3	0	3
How can I perform a count and then average that count? I am investigating failed logins. I need to perform a count of all failed logins by user, take an average of that co... by rcarmack1 Engager in Splunk Search 07-26-2018 0 2	0	2
How to convert an invalid field to a date? index=pltwg_shopflex \| eval Time=typeof(event.InventoryEventCarpet.InventoryEventCreateDateTime) "http://cimsplunk/en... by tcupp New Member in Splunk Search 07-26-2018 0 2	0	2
How to filter on DC after applying stats? I have the following search in which I am looking for a list of each source IP, the list of websites they hit, the co... by jwalzerpitt Influencer in Splunk Search 07-26-2018 0 2	0	2
Timechart Span problem Hi , Question regarding splunk timechart if i ran the command : index=_internal earliest=-1@d latest=now() \| timech... by jadengoho Builder in Splunk Search 07-26-2018 0 3	0	3
Math function return only 17 most significant digits Hello everyones, Every math operations or functions seem to round the number to the 17th most significants digits. ... by jeromesauve Engager in Splunk Search 07-26-2018 0 1	0	1
Best Practice for saved searches and own APPs / TA Hi there, we have a SH-cluster and index-cluster (and Dextra deploy-server). We defined some automatic lookup and se... by tfechner Path Finder in Splunk Search 07-26-2018 0 4	0	4
Calculate average count by hour & day combined Hi, I am wanting to calculate the average count of "incidents" per hour/day (i.e. Mon-07:00, Mon-08:00) over a 12 mo... by jackreeves Explorer in Splunk Search 07-26-2018 0 2	0	2
using a lookup file to populate a search query I have a lookup table containing a list of building names - which I think may be useful in creating the query I need ... by vincenp2 New Member in Splunk Search 07-26-2018 0 2	0	2
Best query to check who modified an AD group smtp address for the AD group was changed by an admin.Would like to check who made the changes in AD by renaming the ... by sebasu New Member in Splunk Search 07-26-2018 0 1	0	1
Search for regimented connections Hey Guys, So i'm looking at multiple methods for detecting command and control connections, obviously 1 method alone... by AaronMoorcroft Communicator in Splunk Search 07-26-2018 0 2	0	2
How to construct columns with the same data, and then use these pseudo columns to calculate I want to get data ,as following How to construct columns with the same data, and then use these pseudo columns to... by flzhang132 Explorer in Splunk Search 07-26-2018 0 3	0	3
How to create an eval column in a table that says "match" or "no match" if the value of all columns is the same/or not for each row? test host1 host2 host3 temp test1 x1 x1 x1 Match test2 y1 y2 y1 No match test3 z1 z1 z3 No ma... by samiksha86 New Member in Splunk Search 07-26-2018 0 2	0	2
How to exclude fields from LinearRegression command/use subsearch to generate fields for LinearRergession ? Consider fit LinearRegression \| fit LinearRegression "name2predict" from "f1" "f2" into "test_model" Question 0 W... by achervov Engager in Splunk Search 07-25-2018 0 2	0	2
Extract string from text based on character position Hi, I’m looking to extract a numerical value from a string, however struggling as there is nothing to use as a delimi... by kharlow New Member in Splunk Search 07-25-2018 0 1	0	1
Splunk support telecom protocols We have requirement to setup monitoring for telecom customer , Does Splunk below listed Protocols • IuPS Ranap - DTAP... by SagarSplunk Engager in Splunk Search 07-25-2018 0 0	0	0
filtering search to exclude all instances of field 1 for when certain results in field 2 I have a search that brakes down some router alarms . my fields are Host_IP & Alarm What I'm trying to do is filter... by shouldntdothat Explorer in Splunk Search 07-25-2018 0 3	0	3
I am using the code for date but this is the time the event was created, not when it really happened. See Details \| convert ctime(_time) AS Time timeformat="%m/%d/%y". Can "event.InventoryEventCarpet.InventoryEventCreateDateTime" ... by tcupp New Member in Splunk Search 07-25-2018 0 1	0	1
"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job." I just moved my whole dashboard to production environment but when I tried to test using a search string, following e... by dannili Communicator in Splunk Search 07-25-2018 0 2	0	2