Splunk Search

Community Activity

What is a better way of comparing EPOCH times? I have the query below that checks for the expiration date of a certificate, converts it to epoch time, and then basi... by Kendo213 Communicator in Splunk Search 05-15-2018 0 3	0	3
How to report to see how much time a user spends on a PC? I have a search that captures when a user logs in and logs out of his PC: index=win* (EventCode=4800 OR EventCode=48... by vpatsalos New Member in Splunk Search 05-15-2018 0 1	0	1
Unicode characters in dashboards/searches Hi Is it fine to use Unicode characters as a quick way to to set checklist marks & various other formatting/make pr... by stanwin Contributor in Splunk Search 05-15-2018 5 4	5	4
Regex or rex LDAP extraction I keep trying to figure things out myself but my head is getting bruised from hitting it against my desk... I am try... by ccsfdave Builder in Splunk Search 05-15-2018 0 4	0	4
How to edit timestamp to one day previously? I have a report running in SPLUNK on a daily basis. The timestamp for this report is the "Report Date" field (i.e. to... by jackreeves Explorer in Splunk Search 05-15-2018 0 9	0	9
How to format data in a table column to print one entry on a line? Is there a way to format data in a table column to print one entry on a line? In my alert the table data shows up so... by OldManEd Builder in Splunk Search 05-15-2018 0 5	0	5
How to cluster "SMS messages" ? how to do the Grouping of text messages based on the sms content? I have a CSV file with fields mentioned below: Updated Date, SMSMessage,Sender,SMS Date,userID The SMSMessage field ... by simon21 Path Finder in Splunk Search 05-15-2018 0 1	0	1
Extract wrapped field for auto extraction Today we have messages from our application like this: 2018-May-1 12:00:00.000 [Thread=4d2ce108-c322-49ff-bcc0-380d7... by azulcactus New Member in Splunk Search 05-15-2018 0 0	0	0
How to convert field date into week values? Good Day all, I have a query, I am uploading a CSV regularly onto splunk. Since its uploaded in a random time, splunk... by ranjitbrhm1 Communicator in Splunk Search 05-15-2018 0 2	0	2
How to display the time field? In one of the search queries, I am displaying the Latest and Oldest value of a field. Please refer the below sample q... by akarivaratharaj Communicator in Splunk Search 05-15-2018 0 2	0	2
Question regarding brute force query Please see this query for brute force detection- index="wineventlog" sourcetype=wineventlog:security \| search (Event... by rahul_mckc_splu Loves-to-Learn in Splunk Search 05-15-2018 0 3	0	3
How to search a matching string using lookup? I have a query like this, which prints the number of message matches and an abbreviation: sourcetype=source1 \| rex "... by equick Explorer in Splunk Search 05-15-2018 1 6	1	6
How to rearrange columns in a timechart result? Hi, I have a timechart result with two columns as shown in the 1st screenshot. Hour column contain a count for each... by Allampally Path Finder in Splunk Search 05-15-2018 0 2	0	2
Would like timechart (count) to show a legend with overall % next to each item I've been looking at some similar questions .. (for instance, this showed how to have timechart display % each day in... by bhartmann New Member in Splunk Search 05-14-2018 0 0	0	0
How do you restore the local.meta if it has been corrupted The local.meta file on our splunk 5.0.4 version on the Search Head/Deployer server has had data removed (assuming acc... by nls7010 Path Finder in Splunk Search 05-14-2018 0 3	0	3
How to group by object's keys? I would like to create stats from the data whose structure looks like mentioned below: { data: { ... by developer_de New Member in Splunk Search 05-14-2018 0 4	0	4
search to find users that worked most events i want to know who worked the most splunk events per day. We have corelation searches that fire on specific use cases... by ahmar74 Explorer in Splunk Search 05-14-2018 0 0	0	0
How to Eval urldecode and then regex? I have some URL encoded logs. ...\| eval decoded_raw = urldecode(_raw) how would I write a rex to find any decoded_... by Log_wrangler Builder in Splunk Search 05-14-2018 1 4	1	4
subtraction of timestamp from two search i would like to calculate response time by extracting timestamp from two different search then subtracting Response=S... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 9	0	9
How to calculate concurrent operations on a server in a timechart? Hi, I'm trying to show the concurrent number of 2 operations(eg, data 'export', and data 'import') on a server in a ... by jackie_1001 New Member in Splunk Search 05-14-2018 0 4	0	4
How to count the number of alerts with various time ranges and displays, together? I want to create a visualization that shows the number of sales in the last 1, 2, and 7 days all within the same visu... by DEAD_BEEF Builder in Splunk Search 05-14-2018 0 5	0	5
Unable to use regex to index logs Hi, I wish to configure splunk forwarder to pick logs from a directory that match any of the below patterns. Essentia... by pimco_rgoyal Observer in Splunk Search 05-14-2018 0 6	0	6
How to populate a column that generates time difference for the results which are generated from a stats command? I have this query. index=azure Operation=UserLoggedIn user!=Unknown\|sort - _time \| iplocation ClientIP \| eval Tim... by pkhedwal New Member in Splunk Search 05-14-2018 0 2	0	2
TimeChart implemention over two grouping i have log file as below need to calculate Execution time for each events and dispay data by grouping with Errorcode ... by jayaraj1717 New Member in Splunk Search 05-14-2018 0 3	0	3
Splunk freezing for other users when doing large base search. Hi Other users are unable to open splunk screens for up to 1 minute while one user is running a large base search? ... by robertlynch2020 Influencer in Splunk Search 05-14-2018 0 22	0	22