Splunk Search

Community Activity

using foreach at the beginning of the query fetching less records than expected index="index1" tdr=tdr1 OR tdr=tdr2 transaction id \| foreach * [ rex field=<<FIELD>> mode=sed "s/{\|}//g"] \| eval _tim... by angelinealex Communicator in Splunk Search 05-01-2018 0 5	0	5
Cooked Connection A Google search indicates that that using the term "cooked" in realation to a network connection is exclusive to Splu... by JarrettM Path Finder in Splunk Search 05-01-2018 1 4	1	4
All splunk specific keywords at one place Hi Guys , I am looking for a cheatsheet kind of hing which has all splunk specific keywords at one place.. by prabhu77749 Explorer in Splunk Search 05-01-2018 0 2	0	2
Find a specific kind of event before event result I'm searching in our IIS logs. I'm looking for a web POST action. The problem is that this POST action happens after ... by CMSchelin Path Finder in Splunk Search 05-01-2018 0 3	0	3
creating a new field using Regex how do you create a field using regex with the following example below for example exsamplefield=cpe:/o:microsoft:w... by mr_t2083 Explorer in Splunk Search 05-01-2018 0 8	0	8
We have an app on a server for which we want to send logs to splunk. We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our ... by samqadir New Member in Splunk Search 05-01-2018 0 1	0	1
splunk forwarder is starting but not appearing in "Select Forwarder" Page I am trying to setup a universal splunk forwarder but I think I am missing something. On restart splunk forwarder is ... by ominfo Explorer in Splunk Search 05-01-2018 0 6	0	6
Strange Splunk Ports All 37 of my Splunk forwarders establish TLS 1.2 connections to Splunk on port 9997 as configured. No problem there. ... by JarrettM Path Finder in Splunk Search 05-01-2018 0 4	0	4
Why am I receiving the following exception "Read where response was expected" while trying to connect to Splunk? Hi all, I have the following code that tries to connect: try { var service = new Service(new Uri($"https://ec2... by Ralex1 New Member in Splunk Search 05-01-2018 0 4	0	4
What is the best way to learn and master Splunk searches? What is the best way of mastering the Splunk development in terms of writing splunk searches and other development in... by macadminrohit Contributor in Splunk Search 05-01-2018 0 9	0	9
Summarize field by specific field Hey All, I'm trying to accomplish a search here that seems so simple but I got stucked. I have this one where give ... by WesleyFranklin Explorer in Splunk Search 04-30-2018 0 4	0	4
trim out field using replace I'm reading from a file that has messages like these: Action (0x00000173): x.x.x.x; \|Performed by user "User 1" Acti... by brdr Contributor in Splunk Search 04-30-2018 0 4	0	4
extract fields from XML data showing in fields Hello Splunkers, I have following data showing in one of the field like "info" in Splunk. so my QS is there any wa... by Splunk_rocks Path Finder in Splunk Search 04-30-2018 0 7	0	7
Join is not working correctly for certain values I'm trying to join 3 types of data, we have recordings which belong to a shower which belongs to a user. For some us... by bshega Explorer in Splunk Search 04-30-2018 0 7	0	7
how to customize panel width in a row ? how do I customize or adjust width of panel ? my sample code <row> <panel> <title></title> <html> <p> ... by navd New Member in Splunk Search 04-30-2018 0 2	0	2
We are receving messages on captain in search head cluster like “The maximum number of concurrent historical scheduled searches on this cluster has been reached”. Any inputs on this ? number of searchheads in cluster including captain are 6. Splunk version is 6.6.5 by nilbak1 Communicator in Splunk Search 04-30-2018 0 1	0	1
Show up result only if its continuously coming up for 'n' number of days? I have created a query related to account lockouts, but my criteria is if user is continuously coming over last 3 day... by sarwshai Communicator in Splunk Search 04-30-2018 0 2	0	2
how to get items from a large json file? Hi everyone I´m new in splunk ,I need to get items from a json file but when i search in my file i see this in many ... by cleal New Member in Splunk Search 04-30-2018 0 1	0	1
using multiselect to concatenate fields into a compound key We have a dashboard where the user can select multiple in a multiselect input field. Those values correspond to colu... by mschellhouse Path Finder in Splunk Search 04-30-2018 0 4	0	4
Excel Like Pivot Table I'm trying to figure out how to build an excel-like pivot table using 3 or more columns. As example, I have this dat... by jperry_intact New Member in Splunk Search 04-30-2018 0 2	0	2
If i have 3 column in lookup table like column "A" has 10 entries column "B" has 5 entries and column "C" has 2 entries how can i match in search if i have 3 fields A,B,C and i need to match all entries for that fields index=main \|search [\|inputlookup abc.csv \| f... by rahul_mckc_splu Loves-to-Learn in Splunk Search 04-30-2018 0 2	0	2
Multi level table Hi, I am trying to build a multi-level pivot table in SPLUNK, where you can have multiple rows under one another lik... by jackreeves Explorer in Splunk Search 04-30-2018 0 1	0	1
Multivalue xml field extraction Hi Splunkers, Part of the incoming xml data looks like this, <metaDataSet> <metaData key="DocName">mm12... by jsanjeb Explorer in Splunk Search 04-30-2018 0 8	0	8
How to filter a dashboard search based on a date field that is not the default _time field? Hello, I am having trouble setting up a dashboard to filter based on a date field which isn't the default _time fiel... by jwch Explorer in Splunk Search 04-30-2018 0 4	0	4
How to group by a by Title? Hi guys!! I have this search: index=temp sourcetype=sdc cs_host="mto.ree." WT_dl=0 NOT (cs_uri_stem ="*/es-es/... by mogoj Engager in Splunk Search 04-30-2018 0 4	0	4