Splunk Search

Community Activity

Why is _time storing incorrect value? I use the below saved search and scheduled it and enabled the summary index. \| dbxquery connection=connectionname qu... by angelinealex Communicator in Splunk Search 07-20-2018 0 5	0	5
Current Month Estimated Billing not displaying Account ID in drop-down Unable to get billing details in Splunk App for AWS. I have configured the billing input in Splunk Add-on apps. by nehaprasad14 New Member in Splunk Search 07-20-2018 0 6	0	6
Would you create rex or regex to extract a string and create a new field? I have the raw data below. How do I get the strings after the "action": and put all the results into a new field? ... by dwong2 New Member in Splunk Search 07-20-2018 0 10	0	10
Issue at selection with Time Range picker Hi, we use in our environment (indexer cluster, searchhaed/deployment server) Splunk enterprise version 7.1.1. If w... by krusty Contributor in Splunk Search 07-20-2018 0 3	0	3
How do you search for events that match the exact text of a raw text? Hello index="cs_test" "Splunktest" "Refund succeeded" OR "action"=>"refund" I have a below raw text log, I want ... by Danielle2018V New Member in Splunk Search 07-20-2018 0 2	0	2
need help with eval query hi want to compare the email header and count by dest_port =25. (Im trying to detect a phishing email via email title... by weicheng98 Path Finder in Splunk Search 07-20-2018 0 13	0	13
,Is it possible to collect inventory, performance information, and status events from VPLEX? ,Is it possible to collect inventory, performance information, and status events from DellEMC VPLEX? by mstrigl New Member in Splunk Search 07-20-2018 0 0	0	0
How to create a bar chart where the bar colors change dynamically if they are above or below an SLA line? Hi. I have a bar chart that shows an SLA line and response times for today and the previous day. What I want is whe... by neilhiley Explorer in Splunk Search 07-20-2018 1 2	1	2
Add another condition Help Hello, please help create a search add another condition to fire this alert if there are no results Here is the splu... by dave0970 Engager in Splunk Search 07-20-2018 0 2	0	2
Multiple values extraction and join common filed to other events at index time Hi All, I am wondering if someone has implemented multi value fields at index time similar to the following The fol... by kuljeetss Explorer in Splunk Search 07-20-2018 0 2	0	2
How to refer root search from data model to build a tstats query? I have a data model with root events, but now as per the latest requirement added root search as well in the same dat... by payal23 Path Finder in Splunk Search 07-20-2018 0 0	0	0
Could someone please let me know why there is a difference in cold bucket for % and GB Hello All, When I ran a query to check disk usgae in GB & % ,I could see for hot bucket looks same for both GB & % b... by ajayathmakuri Engager in Splunk Search 07-20-2018 0 1	0	1
How to create a regex to extract field values? Hi, I need a regex to extract the value 'Fred' in quotes after the User declaration below; ,"User:"Fred", So any v... by jacqu3sy Path Finder in Splunk Search 07-20-2018 0 4	0	4
How can I use a search result as a filename variable of a inputlookup statement Hi, I like to setup a kind of help-text library based on unique msgcode-xx.csv text files. (or internal/external tml... by apietersen Contributor in Splunk Search 07-20-2018 0 3	0	3
Compare stats of current day with previous day Hi all! I am currently getting stats of current day as followed Port Count 25 25 443 75... by aqudoos Explorer in Splunk Search 07-20-2018 0 1	0	1
TsidxStats Unknown function list Hi, in the doc I can see we can use the list function with the pivot commands, but when I tried I got this error mes... by lyanwoah2 Engager in Splunk Search 07-20-2018 0 0	0	0
VALUE FORMAT Hi i have a value like this in a field 2018067155420 and i want to format it with this format : yyyymmddhhmmss so co... by jip31 Motivator in Splunk Search 07-20-2018 0 8	0	8
How to correlate logs with different sources to detect events Hi, what I am trying to do is to create a search query based on two sources. Source 1 will be the logs I want to inv... by syh Engager in Splunk Search 07-19-2018 0 3	0	3
Converting Duration Field value to seconds I have a extracted field call CallDuration and in logs it in format %H:%M:%S.%2N like 00:00:38.60 That means the ca... by adityapavan18 Contributor in Splunk Search 07-19-2018 3 8	3	8
can i run curl command in the search head can i run curl command in the search head to access the rest api logs by Nadhiyaa Path Finder in Splunk Search 07-19-2018 0 2	0	2
Related Fields I have the following events: { "file_name": "java.exe", "process_id": "0fb9dcff-c345-4d76-ae53-af46cd34524a"... by spohara79 Explorer in Splunk Search 07-19-2018 0 4	0	4
How to avoid extracting fields from quoted values? We've noticed that key=value pairs inside a quoted value get extracted too. For example, with an event like foo="bar=... by krisreeves Path Finder in Splunk Search 07-19-2018 0 3	0	3
Stats to use for comparison for present VS previous time Hi, I have below search string: index=XYZ \| eval ip = mvindex(split(ip_address,"/"),0) \| lookup ABC IP as ip \| stat... by mbasharat Builder in Splunk Search 07-19-2018 0 2	0	2
How to you sort twice in chart? I've created my graph but the data is in the wrong order. I want to be able to rearrange the columns. How would i d... by corematrix New Member in Splunk Search 07-19-2018 0 3	0	3
Brute force detection This is my search for detecting brute force behavior- index="wineventlog" sourcetype=wineventlog:security \| stats dc... by rahul_mckc_splu Loves-to-Learn in Splunk Search 07-19-2018 0 1	0	1