Splunk Search

Community Activity

Unable to sinl logs from oracle user on webui Unable to sink logs from user Oracle on webui, but can able to sink logs from tmp. can you please suggest. Thanks. by ahmemohs03 Explorer in Splunk Search 07-23-2018 0 0	0	0
eval duration/latency My timestamp-in and timestamp-out fields are in this format 2018-07-23T15:53:11.588Z how do i calculate duration ? i ... by Mohsin123 Path Finder in Splunk Search 07-23-2018 0 1	0	1
How to execute a script and display results on a search page? I need to execute a python script from Splunk search and display the return value on the same page. How can this be d... by tusharsaran1 Path Finder in Splunk Search 07-23-2018 0 5	0	5
How to take the time from the field I am interested in and compare that to the current time to mark as an alert? I am exporting data out of AD and trying to look for devices that are older than a certain time frame. From my data ... by willadams Contributor in Splunk Search 07-23-2018 0 5	0	5
NOT Inputlookup not working I am trying to perform a search and trying to add an inputlookup to filter information I don't need to know about. F... by willadams Contributor in Splunk Search 07-22-2018 0 5	0	5
Can Splunk find similar strings in a log? Hi Does Splunk can do similar string search? For example the given string is mystring, and I want to return any log... by samlinsongguo Communicator in Splunk Search 07-22-2018 0 7	0	7
How do YOU use splunk! (Search/Query Examples) Hello everyone, Our company just started using Splunk, and after experimenting with some basic commands it certainly... by ktrumpol Path Finder in Splunk Search 07-22-2018 1 4	1	4
calculate percentage from the results of two reports I'm having a difficult time calculating a percentage based on two reports (searches). Search 1 \| inputlookup mydata... by jdlocklin526 Observer in Splunk Search 07-22-2018 0 3	0	3
How to get other field on x-axis other than _time? I'm fetching data by hitting an API, and the data I get will be a single event which consists of cpu_used and corresp... by bollam Path Finder in Splunk Search 07-21-2018 0 2	0	2
Transaction very slow I have to calculate the response time from an application that depends on the response of another application. For th... by iberecamara Engager in Splunk Search 07-20-2018 0 15	0	15
Creating a join when first search contains multiple values for a single field Hey all, this one has be stumped. I'm trying to join two searches where the first search includes a single field w... by richnavis Contributor in Splunk Search 07-20-2018 0 7	0	7
Help with "set diff" (need to keep the time of the events in the results)? I'm trying to get a result table of all he hosts in our OSSEC environment that have changed status over the past 24 h... by tmeader Contributor in Splunk Search 07-20-2018 2 6	2	6
Why is _time storing incorrect value? I use the below saved search and scheduled it and enabled the summary index. \| dbxquery connection=connectionname qu... by angelinealex Communicator in Splunk Search 07-20-2018 0 5	0	5
Current Month Estimated Billing not displaying Account ID in drop-down Unable to get billing details in Splunk App for AWS. I have configured the billing input in Splunk Add-on apps. by nehaprasad14 New Member in Splunk Search 07-20-2018 0 6	0	6
Would you create rex or regex to extract a string and create a new field? I have the raw data below. How do I get the strings after the "action": and put all the results into a new field? ... by dwong2 New Member in Splunk Search 07-20-2018 0 10	0	10
Issue at selection with Time Range picker Hi, we use in our environment (indexer cluster, searchhaed/deployment server) Splunk enterprise version 7.1.1. If w... by krusty Contributor in Splunk Search 07-20-2018 0 3	0	3
How do you search for events that match the exact text of a raw text? Hello index="cs_test" "Splunktest" "Refund succeeded" OR "action"=>"refund" I have a below raw text log, I want ... by Danielle2018V New Member in Splunk Search 07-20-2018 0 2	0	2
need help with eval query hi want to compare the email header and count by dest_port =25. (Im trying to detect a phishing email via email title... by weicheng98 Path Finder in Splunk Search 07-20-2018 0 13	0	13
,Is it possible to collect inventory, performance information, and status events from VPLEX? ,Is it possible to collect inventory, performance information, and status events from DellEMC VPLEX? by mstrigl New Member in Splunk Search 07-20-2018 0 0	0	0
How to create a bar chart where the bar colors change dynamically if they are above or below an SLA line? Hi. I have a bar chart that shows an SLA line and response times for today and the previous day. What I want is whe... by neilhiley Explorer in Splunk Search 07-20-2018 1 2	1	2
Add another condition Help Hello, please help create a search add another condition to fire this alert if there are no results Here is the splu... by dave0970 Engager in Splunk Search 07-20-2018 0 2	0	2
Multiple values extraction and join common filed to other events at index time Hi All, I am wondering if someone has implemented multi value fields at index time similar to the following The fol... by kuljeetss Explorer in Splunk Search 07-20-2018 0 2	0	2
How to refer root search from data model to build a tstats query? I have a data model with root events, but now as per the latest requirement added root search as well in the same dat... by payal23 Path Finder in Splunk Search 07-20-2018 0 0	0	0
Could someone please let me know why there is a difference in cold bucket for % and GB Hello All, When I ran a query to check disk usgae in GB & % ,I could see for hot bucket looks same for both GB & % b... by ajayathmakuri Engager in Splunk Search 07-20-2018 0 1	0	1
How to create a regex to extract field values? Hi, I need a regex to extract the value 'Fred' in quotes after the User declaration below; ,"User:"Fred", So any v... by jacqu3sy Path Finder in Splunk Search 07-20-2018 0 4	0	4