Splunk Search

Community Activity

How can I create a bar chart with positive and negative values? How can I create a bar chart with positive and negative values? Here is the use case I have. I have events coming in... by liondancer Explorer in Splunk Search 05-01-2018 0 7	0	7
How to have the lookup multivalue field return the 1st match? hello, I have a lookup table that has host to user correlation... ex; Host, User hosta, user1 hostb, user2 hostb, u... by brdr Contributor in Splunk Search 05-01-2018 0 5	0	5
Is it possible to reference a report and add specific search criteria without having to create a new report with the needed criteria already specified? Hello, I have a report scheduled to run every night collecting patch information from many different business areas.... by apanages New Member in Splunk Search 05-01-2018 0 3	0	3
transaction creates multi value field help to get just the most recent when out of order I'm trying to create a timeline of events and I'm running into an issue when certain steps are repeated and the data ... by kmaron Motivator in Splunk Search 05-01-2018 0 2	0	2
Search Page Loading - 400 Bad Request common.js 241 I'm using a search server 6.5.1 which is resulting in a 400 Bad request response on the POST request to http:///en-US... by mudragadak New Member in Splunk Search 05-01-2018 0 0	0	0
Find the numerical outliers of the count for countries by day I have the following which gives me the count of events that happen on separate days for each country. Column1: Date,... by parwindertaank Explorer in Splunk Search 05-01-2018 0 4	0	4
How to connect splunk app to remote webserver that has 2 way ssl enabled. I need connect to a webserver that has two way ssl enabled. I exported the myCertificate.pem file from splunk server ... by Axpraj New Member in Splunk Search 05-01-2018 0 0	0	0
How to remove null field after using "where isnotnull" command? I am getting a little frustrated with this search... I have a field that just does not want to release the NULL value... by ECovell Path Finder in Splunk Search 05-01-2018 0 3	0	3
using foreach at the beginning of the query fetching less records than expected index="index1" tdr=tdr1 OR tdr=tdr2 transaction id \| foreach * [ rex field=<<FIELD>> mode=sed "s/{\|}//g"] \| eval _tim... by angelinealex Communicator in Splunk Search 05-01-2018 0 5	0	5
Cooked Connection A Google search indicates that that using the term "cooked" in realation to a network connection is exclusive to Splu... by JarrettM Path Finder in Splunk Search 05-01-2018 1 4	1	4
All splunk specific keywords at one place Hi Guys , I am looking for a cheatsheet kind of hing which has all splunk specific keywords at one place.. by prabhu77749 Explorer in Splunk Search 05-01-2018 0 2	0	2
Find a specific kind of event before event result I'm searching in our IIS logs. I'm looking for a web POST action. The problem is that this POST action happens after ... by CMSchelin Path Finder in Splunk Search 05-01-2018 0 3	0	3
creating a new field using Regex how do you create a field using regex with the following example below for example exsamplefield=cpe:/o:microsoft:w... by mr_t2083 Explorer in Splunk Search 05-01-2018 0 8	0	8
We have an app on a server for which we want to send logs to splunk. We have an app on a server for which we want to send logs to splunk. The splunk host is listening on 9997 while our ... by samqadir New Member in Splunk Search 05-01-2018 0 1	0	1
splunk forwarder is starting but not appearing in "Select Forwarder" Page I am trying to setup a universal splunk forwarder but I think I am missing something. On restart splunk forwarder is ... by ominfo Explorer in Splunk Search 05-01-2018 0 6	0	6
Strange Splunk Ports All 37 of my Splunk forwarders establish TLS 1.2 connections to Splunk on port 9997 as configured. No problem there. ... by JarrettM Path Finder in Splunk Search 05-01-2018 0 4	0	4
Why am I receiving the following exception "Read where response was expected" while trying to connect to Splunk? Hi all, I have the following code that tries to connect: try { var service = new Service(new Uri($"https://ec2... by Ralex1 New Member in Splunk Search 05-01-2018 0 4	0	4
What is the best way to learn and master Splunk searches? What is the best way of mastering the Splunk development in terms of writing splunk searches and other development in... by macadminrohit Contributor in Splunk Search 05-01-2018 0 9	0	9
Summarize field by specific field Hey All, I'm trying to accomplish a search here that seems so simple but I got stucked. I have this one where give ... by WesleyFranklin Explorer in Splunk Search 04-30-2018 0 4	0	4
trim out field using replace I'm reading from a file that has messages like these: Action (0x00000173): x.x.x.x; \|Performed by user "User 1" Acti... by brdr Contributor in Splunk Search 04-30-2018 0 4	0	4
extract fields from XML data showing in fields Hello Splunkers, I have following data showing in one of the field like "info" in Splunk. so my QS is there any wa... by Splunk_rocks Path Finder in Splunk Search 04-30-2018 0 7	0	7
Join is not working correctly for certain values I'm trying to join 3 types of data, we have recordings which belong to a shower which belongs to a user. For some us... by bshega Explorer in Splunk Search 04-30-2018 0 7	0	7
how to customize panel width in a row ? how do I customize or adjust width of panel ? my sample code <row> <panel> <title></title> <html> <p> ... by navd New Member in Splunk Search 04-30-2018 0 2	0	2
We are receving messages on captain in search head cluster like “The maximum number of concurrent historical scheduled searches on this cluster has been reached”. Any inputs on this ? number of searchheads in cluster including captain are 6. Splunk version is 6.6.5 by nilbak1 Communicator in Splunk Search 04-30-2018 0 1	0	1
Show up result only if its continuously coming up for 'n' number of days? I have created a query related to account lockouts, but my criteria is if user is continuously coming over last 3 day... by sarwshai Communicator in Splunk Search 04-30-2018 0 2	0	2