Splunk Search

Community Activity

need help with showing eval in stats so I have this query (host=pnr-proxy-prod* OR host=master.menlosecurity.com OR host=pnr-webui-prod) (source= s... by kiamco Path Finder in Splunk Search 05-22-2018 0 2	0	2
Is the "type" field removed from Splunk metrics in 6.6? So we have this query: index=_internal type=Usage st!=splunk_metrics earliest=-1d@d latest=-0d@d \| bucket _time sp... by EricLloyd79 Builder in Splunk Search 05-22-2018 0 5	0	5
How to create an alert if there are more than 5 login_id(s) associated to any unique sourceIP I have an app behind a WAF, and I am looking at the WAF logs to see how many unique login IDs are coming from a singl... by Log_wrangler Builder in Splunk Search 05-22-2018 0 2	0	2
Lookup and powershell command hi i want to use the powershell code below in order to know if the computer ping or not PS C:> Test-Connection -Comp... by jip31 Motivator in Splunk Search 05-22-2018 0 1	0	1
how can test my search query to make sure splunk is giving correct output I want to test the data retrieved by Splunk query. How can I validate the results. by anandbharti New Member in Splunk Search 05-22-2018 0 2	0	2
How to find peak time and the low time of the requests with the span of every hour? Hi Team, I like to find the peak time of the success requests (http_status=200) and also the least time of the reques... by balamv Engager in Splunk Search 05-22-2018 0 3	0	3
How to create a case statement with NOT LIKE option? \| eval usage=case(like(_raw,"%FirstClass%"),"A_Grade",like(_raw,"%SecondClass%"),"B_Grade",like(_raw,"%ThirdClass%"),... by zacksoft Contributor in Splunk Search 05-22-2018 0 7	0	7
Multiple average time calculations in a single search for Trellis Display This is my log format. { servicename: ServiceOne end.timestamp: 20000 start.timestamp: 19920 } { s... by angersleek Path Finder in Splunk Search 05-22-2018 0 1	0	1
How to use Collect to push the Host, Source and Sourcetype from the Original index ? I want to use the collect command and want to push the Host, source and source-type coming from the Original index. ... by sagrl Explorer in Splunk Search 05-22-2018 0 1	0	1
How can I use lookup as a filter? Hello When the value of lookup equal to result of event = do not show that event. How to create kinda search? by test_qweqwe Builder in Splunk Search 05-22-2018 1 1	1	1
How can I snap to the last second of the month? I'm looking through time specifiers in Splunk doc. I don't see how I can snap towards the end of month. If I do this:... by brdr Contributor in Splunk Search 05-22-2018 0 2	0	2
Why is the Drilldown not working? When I use the below drilldown query without eval its working fine and I'm getting the result as expected. But when I... by Shan Builder in Splunk Search 05-22-2018 0 4	0	4
Efficient way of extracting data from different log files Hi I have three log files which provide information for file transmission. The File transmission information is in ... by Mubarish Path Finder in Splunk Search 05-22-2018 0 8	0	8
How can I convert column value to column? I have the following output from my query: Search Query \| eval DateHour=year."-".month."-".day."-".hour \| chart ... by liondancer Explorer in Splunk Search 05-22-2018 0 3	0	3
Most efficient way to exclude two fields from a lookup Hi, Whats the most efficient way to use a lookup table within a query to exclude results where 2 fields exist, i.e. ... by jacqu3sy Path Finder in Splunk Search 05-21-2018 0 7	0	7
Search query taking ages to finish in Splunk 7.0.1 Hello, I have upgraded Splunk Enterprise to 7.0.1. One of the search query is taking ages to finish it. Same query f... by AKG1_old1 Builder in Splunk Search 05-21-2018 1 13	1	13
Extracting the data from Table Hi All, I am new to SPLUNK and building dashboards and I have requirement to count the records from the table No of... by varunapj New Member in Splunk Search 05-21-2018 0 1	0	1
Trellis Display of two values? I am currently using a trellis layout successfully for a timechart. These show activity today. I'm interested in h... by mfrost8 Builder in Splunk Search 05-21-2018 0 2	0	2
Forwarder throughput - Metrics vs TSTATS We are having issues with a OPSEC LEA connector. The Checkpoint firewall is showing say 5,000,000 events per hour. ... by john_glasscock Path Finder in Splunk Search 05-21-2018 0 4	0	4
Search Events with "\" character I was making some SQL dashboard and i can't use some variables cause one of them is the kerberos USER that comes like... by jnahuelperez35 Path Finder in Splunk Search 05-21-2018 0 4	0	4
help with using table and stats to produce query output I need to take the output of a query and create a table for two fields and then sum the output of one field. The two ... by ebailey Communicator in Splunk Search 05-21-2018 2 5	2	5
Pushing certain syslog messages to an Index Trying to separate leostream "broker" events that come from syslog into it's own separate index called leostream. Wh... by dcroteau Splunk Employee in Splunk Search 05-21-2018 0 5	0	5
How to remove field names displaying in the pie chart? I have written a query which produces a pie chart but I do not wish to display fields name in the pie chart. Can some... by bollam Path Finder in Splunk Search 05-20-2018 0 3	0	3
How to create a column/field based on the max or value of another column This is my sample search and corresponding output: \| makeresults \| eval data = " 1 2017-12 A 1557... by HattrickNZ Motivator in Splunk Search 05-20-2018 0 3	0	3
How to expand table based on click to the column Hello there, I've generated a table with data as below showing the % of data computed for various type of products. ... by krusovice Path Finder in Splunk Search 05-20-2018 0 4	0	4