Splunk Search

Community Activity

tstats peformance issues: admin vs user Hi Splunk experts, I am running below query and the results get loaded much faster for admin users compared to regul... by dvg06 Path Finder in Splunk Search 06-11-2018 0 0	0	0
How to count events from 5 pm today to 5 am the next day? Hi Guys, Our operations changed their schedule from 5 pm to 5 am. How can I count events from these times daily? I ... by auaave Communicator in Splunk Search 06-11-2018 0 4	0	4
rex capture groups - windows file name and path I'm attempting to capture 2 groups; a windows path and filename. I've successfully written the rex syntax and it work... by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How do I get the number of daily logins over all days since the first event? Sorry for the confusing title. I'm trying to find out: 1) How many days a user has logged on (doesn't matter how ma... by sharonmok Path Finder in Splunk Search 06-11-2018 1 5	1	5
command to check if a field is binary does splunk have a command that can check to see if a field is binary or has binary characters in it? by brdr Contributor in Splunk Search 06-11-2018 0 2	0	2
How can I find users who had a particular event occur more than once within X days? I want to get a list of all users who had a particular event occur less than 30 days apart. The events look roughly ... by braveterry Engager in Splunk Search 06-11-2018 0 2	0	2
Multiple failed logins to corporate wifi I wanted to go over the following use case idea I had that I’ve been working. Basically, I am looking to gather abnor... by Ghanayem1974 Path Finder in Splunk Search 06-11-2018 0 0	0	0
fill in 0 when there is no data i have an index that calc amount of events for a specific domain name this index have 3 fields: date,domain_name, eve... by mcohen13 Loves-to-Learn in Splunk Search 06-11-2018 0 7	0	7
I am trying to run CLI searches and output it to a file but its only giving 100 results. Hello Everyone, I am trying to run below query everyday at 6AM through CLI and output the result to new text file. B... by jsuryaprakash Path Finder in Splunk Search 06-11-2018 0 5	0	5
Compare multi value fields to get Count Hi, I have a multi value field which contains some product codes separated by a code. Now the 2 events can have the s... by Shashank_87 Explorer in Splunk Search 06-11-2018 0 4	0	4
Lookup OUTPUTNEW Behavior Hello, I have a wrong behavior on lookup command with OUTPUTNEW options. What I'm trying to achieve is to update th... by olivier_ma Explorer in Splunk Search 06-11-2018 0 4	0	4
When the value is not showed in the result also i need to dispaly value as 0 in the result set .. In the below query. When i filter the sectodate count greater than 5. I’m missing the count of values “Cool","Super .... by Shan Builder in Splunk Search 06-11-2018 0 4	0	4
RegEx Extract value after string I'm trying to build an extraction to find the uptime from this data (example below) .1.3.6.1.4.1.789 Enterprise Spec... by arrowecssupport Communicator in Splunk Search 06-11-2018 0 1	0	1
"status = 404" does not appear in the field status. Hi, there! I installed the "Splunk Forwarder" on an Apache web server configured as "access_combined". The logs are ... by cesarfabre Explorer in Splunk Search 06-11-2018 0 1	0	1
Correct Search string for Memory and CPU utilization Hello, I am trying to create a dashboard report of CPU Utilization and Memory used for each of my application comp... by anzar_ahsan New Member in Splunk Search 06-11-2018 0 1	0	1
How to get filtered data with spath? I am trying to build stats for a set of JSON data which looks like this: { "ts":1527498793267, "version":"1.12... by developer_de New Member in Splunk Search 06-11-2018 0 2	0	2
help regex hello in a log file i want to extract every tetx which starts with EU\SH but i dont succeed could you help me please?... by jip31 Motivator in Splunk Search 06-10-2018 0 3	0	3
Lookup error: Could not find all of the specified lookup fields Hi! I'm trying to use lookup table but I get the error I wrote in the title. My .conf files are props.conf: [mobile... by emaccaferri Communicator in Splunk Search 06-10-2018 0 7	0	7
How to create a new _time field by merging two separate fields I have a sample event log below: 2018-05-04 06:59:50 AAA="1", BBB="2", CCC="3", XXX="70029", ZZZ="2018-05-04 00:00:0... by dailv1808 Path Finder in Splunk Search 06-10-2018 0 1	0	1
Spliting a transaction from multiple events in a column, to seperate columns So i'm looking to find users that are going from Building A --> to Building B.. Problem is the transaction is showin... by Sp3ctre1 New Member in Splunk Search 06-10-2018 0 0	0	0
help regex hello in a log file i want to extract every tetx which starts with EU\SH but i dont succeed could you help me please?... by jip31 Motivator in Splunk Search 06-09-2018 0 0	0	0
help with a sub search and pie chart I have a pie chart that works great with a current search. I have been asked to add something to the pie chart that ... by chadman Path Finder in Splunk Search 06-09-2018 0 1	0	1
Seperate Multivalue Fields with Carriage Return Delimiter Hi all - I have data that appears like this: Field=Animal Cat Dog Fish Dog Fish Horse Cat Dog Pig .....where mult... by mistydennis Communicator in Splunk Search 06-08-2018 0 1	0	1
Sum value from distinct hosts over time I have a bunch of hosts streaming logs that show metrics like cpu count. The problem is that they all send those log... by caviman2201 Path Finder in Splunk Search 06-08-2018 0 1	0	1
Lookup stating that it cannot find all specified lookup fields in the lookup table. I am attempting to find first time logons to new servers. I am trying to use a lookup to list a EventID Description ... by aarontmartin165 Explorer in Splunk Search 06-08-2018 0 7	0	7