Splunk Search

Community Activity

In the job inspection report what does the value 'command.search.expand_search' relate to? Hi, I'm very new to Splunk and I'm looking at a single node instance that's being used in our office to store a lar... by Ruttager Engager in Splunk Search 05-25-2018 1 1	1	1
charting time - using time within a lookup I have a lookup file with about 100K events. What I want to do is use timechart (span each day). There is a time fie... by brdr Contributor in Splunk Search 05-25-2018 0 5	0	5
Check that all executable binary files have matching source code? It shows this error when I package my application. I don't understand what source code I should add. I don't have any... by dnamal Explorer in Splunk Search 05-25-2018 0 0	0	0
Pass a variable form subsearch but it should not be used in parent search. I have two logs. First log contain start date and end date in second log. First log query : index=abc sourcetype=abc_... by max_jay New Member in Splunk Search 05-24-2018 0 0	0	0
How can regex extract multiple values? Hi, I have the below data and query (with Regex), what I'd like to have the Regex do is extract ALL occurrences of M... by dbcase Motivator in Splunk Search 05-24-2018 0 2	0	2
Use lookup and stop matching for each entry in lookup Hi All, I am trying to use a lookup to check how many domains in a white list are actually being used. The CSV has ... by gerald_contrera Path Finder in Splunk Search 05-24-2018 0 1	0	1
Tricky behavior of escaping backslash in regex Hey folks, I am doing some regex stuff by rex command and find some tricky behavior. Error: I tried to use \ to e... by ypeng_splunk Splunk Employee in Splunk Search 05-24-2018 1 2	1	2
Rex Field Question I have a message field in an event id that isn't extracting properly. The part I've having an issue with is when ther... by johnblakley Explorer in Splunk Search 05-24-2018 0 20	0	20
Why splunk is not comparing all values from 2 different fileds? Hi, I want to compare two fields in a certain timerange. I am working on 2 fields, those are process_ip and transfe... by chandana204 Communicator in Splunk Search 05-24-2018 0 1	0	1
eventcount - spanning over time I'm attempting to write a search using eventcount command. I want to graph the number of events in my index/sourcetyp... by brdr Contributor in Splunk Search 05-24-2018 1 2	1	2
How to search for firewall data showing source ip, source port, destination ip, and destination port in tabular form? Hello, I am new to Splunk and I need to get a report showing Firewall transactions with source IP and source port, d... by abassydo2018 Explorer in Splunk Search 05-24-2018 0 3	0	3
Splitting a multivalue field on carreige return good morning, I am in the process of breaking out data from a data source that in one field contains a list of simil... by jeffsegal Explorer in Splunk Search 05-24-2018 0 1	0	1
eval parsing issue? index=xyz CurrentAgentSnapshot.Contacts{}.State=ENDED \| table CurrentAgentSnapshot.Contacts{}.StartTime There is ... by mwibowo1 New Member in Splunk Search 05-24-2018 0 7	0	7
Need a help in creating a dashboard to get information on the IP address? Hi, I got a request to create a dashboard to get the information on the ipaddress, with multiple panels and one input... by Hemnaath Motivator in Splunk Search 05-24-2018 0 3	0	3
How to get only second field=value from all events? Hi. I have 500 events where only second line of event have value for me. How to get that information from all events? by test_qweqwe Builder in Splunk Search 05-24-2018 1 1	1	1
Why is the iplocation command not showing city/region for all ip? I have an index "index_A" that contains IP address of client. But when I execute the following query, it does not sho... by kapilbk1996 Explorer in Splunk Search 05-24-2018 0 3	0	3
How to retrieve the last occurrence of an event right before another event I have a log4j log as source on Splunk 6.2.2 As in the title, I would like to get the first event that matches a sear... by lbentin New Member in Splunk Search 05-24-2018 0 1	0	1
How to send mail to the user in one mail if the values are combined? Hi There, I'd like to send mails to the people from my search table, the table looks like below: No. username Si... by garujoey Engager in Splunk Search 05-24-2018 0 10	0	10
How to perform stats count on all three indexes, and combine them to show as a Timechart? I have log file say A,B,C and their corresponding index is say index_A,index_B,index_C. I want to perform stats coun... by kapilbk1996 Explorer in Splunk Search 05-23-2018 0 2	0	2
what are the possibilities of getting different results for same search what are the possibilities of getting different results for same search ( there is no change in query and time) ? by raghu0463 Explorer in Splunk Search 05-23-2018 0 2	0	2
remove column name from \|table result I have a search that provides a table result: host="host1" index="main" \| head 1 \| table index host Is it possible... by Chubbybunny Splunk Employee in Splunk Search 05-23-2018 4 5	4	5
How to remove a column if only one column exists from a search? I have a timechart that shows the timechart of errors in a timeframe. index=......\| eval error=if(apiHttpStatus!=20... by brajaram Communicator in Splunk Search 05-23-2018 0 1	0	1
How do I count users that have logged in at least once a month for the last 3 months? Hi everyone, I want to do a distinct count of users that have: 1) Logged in at least once a month AND 2) They've ... by sharonmok Path Finder in Splunk Search 05-23-2018 0 8	0	8
How to Extract Named Capture Groups Using a Single Line in Props.conf Trying to extract named capture groups in a txt file, with the stipulation that it must be done from a single line in... by Kcrowley55 New Member in Splunk Search 05-23-2018 0 1	0	1
splunk functions process list Hi Splunkers i am traying to execute the next search using the function process "list" search \| stats list(FullName... by evinasco Communicator in Splunk Search 05-23-2018 0 1	0	1