How to write a search to extract URLs crawled by Googlebot
Which field should be extracted for this relevant use-case? index={wxxx} googlebot | fields URIs | stats count by URIs | addcoltotals count Is this search correct?
View ArticleHow do you run a second search based on the value/results of a first search?
My goal for this search is to find if a file was not imported. If the file is imported "Could not find a file in the" text will be present. If the file is imported, "Moved" text will be present. Our...
View Articlehow to identify pages with 404 (page not found) status and number of hits to...
how to identify pages with 404 (page not found) status and number of hits to each page?
View ArticleHistogram of counts
Hi, I have this data 337487,1512448,motion sensor,RFDL-ZB-MS,Bosch 337487,1512447,door/window sensor,SZ-DWS04,Sercomm Corp. 337487,1512446,door/window sensor,SZ-DWS04,Sercomm Corp....
View ArticleCalculate Age from 2 Timestamp fields
Hi All! I have a field in my data which represents DOB in a YYYYMMDD format. I'm trying to compare that DOB Timestamp with another Timestamp field which represents the time the event was created. Same...
View ArticleSearch Event Handler not being executed...
I am using Splunk Enterprise 6.4.7. Created a dashboard panel. I want to include the number of results in the panel title. I'm trying to use the job.resultCount token in the event handler. I've also...
View ArticleHow do I troubleshoot why Splunk is not sending alert emails?
Hi everyone. I've been searching on other 'answers' but no one have solved my problem. I have some alerts that, depending on the conditions, send an email with details of the incident. It's been a few...
View ArticleCan I edit the "Hide filters" link to a button?
I would like to change the "Hide filters" link that appears in the dashboards to a button like the "Submit" button. Can I do that?
View ArticleHow to extract password field in the events with regex? (Password is a string...
How to extract password field in the events? I need to extract " 123456-222245-666565-151063-123456-222365-333111-110110" from below sample event. Any ideas? ========================== BitLocker Drive...
View ArticleHow to use transaction command to show Windows time difference between two...
I want to capture EventCode=1100 , but I also want to know if EventCode=4608 is created in one minute after EventCode=1100, If EventCode is created by itself and is not followed by EventCode=4608, I...
View ArticleHTTP Event Collector -- How to specify folder or path name to store logs on...
Hi All, Could you please help me with the query regarding collecting data using the HTTP Event Collector? I am trying to collect logs from F5 appliances using HEC method. The basic architecture will...
View ArticleCapture second timestamp that includes subseconds
Here's an example beginning of an event line Oct 20 20:57:03 sfo-prd-wsux02 apache2: [Fri Oct 20 20:57:03.398765 2017] [proxy:error] [pid 32083:tid 140031679186688] I'm trying to capture the second...
View ArticleHow to avoid or minimize duplication of data during the switch of data input...
We have our Heavy forwarder server monitoring a shared directory for proxy data log file provided by our proxy team. We want to switch from monitoring a log in a shared directory on Heavy Forwarder to...
View ArticlePermissions required for alert creation and dashboard sharing?
Hello! We are working in an environment with extremely locked down permissions that are not under any of the standard user/admin accounts. The requirement for the environment is that all capabilities...
View ArticleMLTK v2.4 returning max 1000 results and...
according to: http://docs.splunk.com/Documentation/MLApp/2.4.0/User/Configurefitandapply and http://docs.splunk.com/Documentation/MLApp/2.4.0/User/Customsearchcommands the **fit** command is supposed...
View Article" Splunk Add-on for Tenable:" How can I resolve basic SSL connection failure...
Following the instructions to "Troubleshoot the Splunk Add-on for Tenable" at https://docs.splunk.com/Documentation/AddOns/released/Nessus/Troubleshoot I copied the PEM file from Firefox (with its...
View ArticleHow can I enrypt of hash a field before index?
Good morning, I have a log file, that I am told by security the email addresses need to be hashed. Any idea how I do this?
View ArticleUse subsearch with stats command to dynamically search for list of events
|inputlookup test_results |where build == [|inputlookup test|stats first(build)] I'm trying to do something like the above. ie find the latest build number in the csv lookup file that gets created as...
View Article1 column have mutli
i have a table record is date, product, price 20171015, ABC,10 20171015, CDE,9 20171016, ABC,8 20171017, CDE,10 and i want to point a multi line chart to by Date , product how can i do that? Thanks
View ArticleTicks not showing on timechart
Hello, I have the following timechart, where I plot the count of events from "my_index" **per hour** over the last 7 days by country (for 3 countries). index="my_index" | timechart cont=FALSE span="1h"...
View Article