Function startSearch() is not a function.
Facing issues to run a search using SearchManager. The error says that function startSearch() is not a function. I am facing this issue in splunk version 6.6.2 Anyone know why this function is not more...
View ArticleWhy specifying indexed fields with "field"::"value" results in faster and...
Write better searches Splunk manual contains the following recomendation: Specify indexed fields with "field"::"value" You can also run efficient searches for fields that have been indexed from...
View Articleseaching for matches during specific times
My search is something like: index=foo "get /foo/bar"| eval a=_time+1s| eval b=_time+10m | table a,b,ip, field1, field2 How would I search these results for events between times a,b and where field1...
View ArticleHow to find min and max per hour during day by host ?
If I use such SPL index=_internal | timechart span=1h count by host | stats max(*) AS *."max", min(*) as *."min" | transpose this produce min and max mixed in one column but I would like separate max...
View Articleadd sum events in seprate column
it is my search host="splunk.local"|bucket _time span=1mon | stats count by event ![alt text][1] my question is : To sum the total number of events per month in a seprate field but when i use this...
View Article"--splunk-cooked-mode-v3-- " in the indexer
Splunkers, I am facing this issue of cooked data, I know there are many answers about it and this has been a real pain for many. I have gone through them and none of it is working. Below are my...
View ArticleHow to install SA_plaso-app-for-splunk and TA_plaso-add-on-for-splunk in Windows
I am fairly new to Splunk and am attempting to pull timelines into Splunk created by log2timeline.py that I converted to a .csv file using psort with l2tcsv. I am able to do this, however it seems to...
View ArticleFill into multiselect input by clicking a table element (drill down)
Hi folks, I have tried to create a table drill down to insert elements into a multiselect input, that are already selected. The workflow is: User searches something by using a keyword. He then selects...
View Articlereturn a custom table when no results on base search
Hi I have the following search, and sometimes it doesent get any result. When there are no values to return, I want to return a table with the fields: _time | sloc_type | upload_id to show the user...
View ArticleHow to compare the number of events in an hour of the current day with the...
I want to show count of events for each hour of the current day in one column, min, max and avg count of events in the same hour same week_day during 4 weeks ago. How to do this?
View ArticleHow do I optimize filtering of Accelerated Report?
I am trying to track user/machine logons. To help with this, I created the following query as an accelerated report: (index=windows) EventCode IN (4624,4625,4648) TargetAccountName!="-"...
View ArticleHow to match values within a multi-value column
I'm putting together a search that lists all of the IP addresses associated with scanning my firewall. Due to the fact that hundreds of IP addresses scan my firewall everyday, I'd like to be able to...
View ArticleField extraction of log file which each line has different format, how can I...
I am doing field extraction for a log file format as below line 1: field1, field2, field3, field4 line 2: field1, field2, field3, field5, field4 line 3: field1, field2, field3, field4 I can write...
View ArticleHow can I extract this pattern from my raw data using rex command?...
Hi, Can someone able to help me please. I'm very new to using Splunk and most certainly to the rex command and regular expressions, so please bear with. I'm trying to extract an ProductAccountNumber...
View ArticleFind user that have latest login
I have a listed lookup table xxx . When I run the below search. it shows no results. inputlookup xxxx|fields USERNAME|search index=main sourcetype=oracle_aud user=*CONN*| stats count(user) by...
View ArticleAdd data to cisco networks from local directories
Can I add data to cisco networks app from local directories ? Example: /var/log/alert.log?
View ArticleAbout log rotatation.
I previously asked the following questions, and I vaguely understood that delaycompress options are recommended. https://answers.splunk.com/answers/577144/about-log-rotation-best-practices.html...
View ArticleAre time range pickers valid in reports? Also when running saved reports, do...
For clarification on second half of my question, I've had problems on running saved reports and having to adjust settings. Does this mean it does not run a fresh search?
View Articlechanging bars colors by a string value of a field
Hi, I have a simple bar chart that sums a number("SLOC") by another field("file"). each file has another field that describes it - "sloc_type" - and I want to change the files bars colors by the...
View ArticleSplunk_TA_nessus stalls on collection.
Running the Splunk_TA_nessus (5.1.1) against security center works fine, and collects event data correctly, however it frequently (approx weekly) stalls, and requires that either the input is...
View Article