Splunk Search

Community Activity

How to map metadata ACS value to a public domain? Hi, I have deployed a splunk enterprise server on AWS ec2 so that I have a public domain name. When I configure the ... by jameszeng Engager in Splunk Search 06-22-2018 0 2	0	2
Use a field as the search in searchmatch I would like to use a field as the string for searchmatch, but that results in an error stating: Error in 'eval' co... by triest Communicator in Splunk Search 06-22-2018 0 4	0	4
How do you use the rex command to calculate a value? Hello, I'm new to Splunk and I have the following field and want to grab the subtotal of the field total using the r... by Danielle2018V New Member in Splunk Search 06-22-2018 0 6	0	6
How to use OR or AND in searchmatch(X) function? I am trying to use following query to generate some report put seems OR and AND is not working in searchmatch. index... by dniraula New Member in Splunk Search 06-22-2018 0 2	0	2
Merge two search results and add difference I have result of one search1 stored in csv by outpootlookup. I use this lookup for the search2 as a criteria, e.g. wh... by malekseev New Member in Splunk Search 06-22-2018 0 1	0	1
How to use Foreach using multiple columns? Hello there, I am having a hard time figuring out how to use / how is working foreach + eval. I have something like... by D2SI Communicator in Splunk Search 06-22-2018 0 3	0	3
Why do my extractions not work? Hello everyone! I have an event that looks like this (I omitted the sensitive information): 2018-06-07 09:55:16 ERR... by thomastaylor Communicator in Splunk Search 06-22-2018 0 10	0	10
How to use lookup for CIDR IP addresses? Hello, I am trying to lookup corresponding IP Addresses with my lookup table I created. Here is what I am trying to... by jmartelon New Member in Splunk Search 06-22-2018 0 4	0	4
Any example for MAP command Can i have a sample of MAP command? Please give sample events and final outputs also. I'm not able to understand doc ... by ma_anand1984 Contributor in Splunk Search 06-22-2018 3 5	3	5
how to customize a report or dashboard as i mentioned below? Hai All, I need to achieve a Dashboard or Report in the format I mentioned below. Here Measures, Detail, value are s... by Shan Builder in Splunk Search 06-21-2018 0 11	0	11
Multivalue field extraction Hi, I'm struggling to get this extracted correctly so it's usable. The raw data is presented as: Privileges: Se... by cdstealer Contributor in Splunk Search 06-21-2018 1 11	1	11
How can I produce a timechart with 1 month span the average of count per day? How can we produce a timechart (span is monthly) but the 2nd column is (instead of count of the events for that month... by morethanyell Builder in Splunk Search 06-21-2018 1 5	1	5
Use results from one search in another query How do I take the results of one query and use it in another. I want to take the results of trackedsessions and use ... by dwong2 New Member in Splunk Search 06-21-2018 0 1	0	1
How to search for a count > X in one hour increments by IP? How would I build a query to search for any time there is a count of > X amount in one-hour increments by IP? For e... by jwalzerpitt Influencer in Splunk Search 06-21-2018 0 4	0	4
Sumary index not extracting fields as in source index Hi team, I want to copy complete data to summary just because it has longer retention period in my environment. I am... by anantdeshpande Path Finder in Splunk Search 06-21-2018 0 2	0	2
Syslog event count with lookup table assistance Hello, I have a lookup table full of syslog hosts that are sending data to Splunk. My goal is to identify which sysl... by salbro Path Finder in Splunk Search 06-21-2018 0 2	0	2
How can I get Streamstats to Calculate all Fields? I am using the following search which returns a table with three rows: \| streamstats current=f last(_time) as Ne... by aohls Contributor in Splunk Search 06-21-2018 0 1	0	1
How to update a timestamp field in a lookup csv that has many fields, but when you only want to update one field? I have a lookup with 4 fields per record. I want to update one of the fields, a timestamp with the last seen event ... by john_glasscock Path Finder in Splunk Search 06-21-2018 0 0	0	0
Wanted to convert a search to a drop down listing, but not certain where to place the token. I found this search and it works well for the information I need. However, I have been unable to create a drop-down ... by nls7010 Path Finder in Splunk Search 06-21-2018 0 1	0	1
stats and timechart count not returning count of events. instead uses last value in the first column I am trying to get a simple count of events, instead i am getting the value of the first column as the count. Below ... by scc00 Contributor in Splunk Search 06-21-2018 0 3	0	3
Extract common user who encounters different values for the same field over time Hello, Splunk noob here. I'd like to find in my index users who encounters an error during a phase of a process but ... by BoGiulio New Member in Splunk Search 06-21-2018 0 6	0	6
Can I use lookup instead of join? Hello guys So I have a table where there are Index and Role. In another table, there is Index and Description. So wha... by LxSenpai Explorer in Splunk Search 06-21-2018 0 2	0	2
Arrange fields in bar chart in specific order Search is <param name="search">eventtype="metrics" \| stats count(eval(JobStatus="JOB.FINISHED")) as JobCompleted, c... by jangid Builder in Splunk Search 06-21-2018 0 6	0	6
Is it possible to customize the order of fields in the legend for a stacked column chart? Hi. I have a stacked column chart with stacked. The end of the search is the following: \| chart count over fields... by splunkrocks2014 Communicator in Splunk Search 06-21-2018 1 5	1	5
Break Events from a single Event Hi, I have this weird logging from one of the application where it is logging multiple users in a single event with a... by Shashank_87 Explorer in Splunk Search 06-21-2018 0 6	0	6