Splunk Search

Community Activity

Most Recent Series of Events Selection I have a series of tests that are performed at random times throughout the week. There are a total of 12 events. Ea... by bseifert14 Engager in Splunk Search 04-23-2018 0 1	0	1
Finding duration, average time, maximum time for specific logs The logging that we do is not perfect hence need some help. Log 1 (request) - {"date":"19-04-2018 21:40:11,221", "t... by pushpender07 Explorer in Splunk Search 04-23-2018 0 7	0	7
Need help creating a regex to grab anything after last comma Hi, Hope someone can help me with creating a regular expression for an extraction. I have a log file and the lines d... by mikehage New Member in Splunk Search 04-23-2018 0 6	0	6
How to find the max value based on the rows? Hi all, I want max value by row wise not max (field name) Date shiftA shiftB *shiftC... by harishalipaka Motivator in Splunk Search 04-23-2018 1 8	1	8
How to search start dot whatever? If I wanted everything with a .wav extension returned how would I format this? index="myindex" AttCnt=* AttNames=* A... by summitsplunk Communicator in Splunk Search 04-23-2018 0 10	0	10
Use different lookups based upon environment in same search How can I use same search for 2 different lookup? For ex: lookup_qa.csv and lookup_prod.csv. I wanna use them in sear... by harry2007gsp Path Finder in Splunk Search 04-23-2018 0 8	0	8
How do I sum the price of a product for repeating XML fields in a single event? Here is a sample section of the XML Data I am attempting to sum: <Product> <ProductItem>1</ProductItem> ... by Tom_Oliveri New Member in Splunk Search 04-23-2018 0 4	0	4
Is it possible to update _raw with a replaced field easily? When I use replace to update a field, it is updated properly (in the interesting fields sidebar) but my search displa... by axelabs Explorer in Splunk Search 04-23-2018 0 3	0	3
Using Eval statement Hello Splunkers, I have case field with below information so i need to construct Eval field. case** XYZ 2 0 3 yzr... by Splunk_rocks Path Finder in Splunk Search 04-23-2018 0 5	0	5
output lookup search correlation with input lookup data Hello, can you use a output lookup table just after creating it? I have this search... index=indexA sourcetype=mystA... by brdr Contributor in Splunk Search 04-23-2018 0 3	0	3
Correlation based on 3 fields and find events in between, one of the fields in multivalue Hello Splunkers, battling with this all morning and seeking your assistance. i have a CSV data set from a car worksho... by adonio Ultra Champion in Splunk Search 04-23-2018 0 2	0	2
timechart span and transaction rollover into hour (what happens to the duration of the transaction?) below example sums the duration when a machine is not running. ... \| sort 0 - time \| transaction startswi... by cmisztur Explorer in Splunk Search 04-23-2018 0 5	0	5
getting unjoined keys in a join Hi, I currently have 2 log. log 1 id, some data 1, "abc" 2, "def" log 2 id, some other data 1, "abc" 3, "ghi" wha... by nottheboss Engager in Splunk Search 04-23-2018 0 1	0	1
Why am I unable to convert a string to numeric? I am trying to convert a string to numeric but it is not getting converted. index="dnr_ecc" jobname="ICHV_TREX" \| ... by sjafferali Explorer in Splunk Search 04-23-2018 0 16	0	16
Custom date should show the timechart with 0 for the non matching event Hi, I have a data in which there is a content of the filename with the timestamp in epoch time as below : File gen... by abhayneilam Contributor in Splunk Search 04-23-2018 0 9	0	9
Where are my posts that are awaiting moderation I just posted a quite elaborate question and it is now awaiting moderation. However, I cannot seem to find it anywhe... by koenV Explorer in Splunk Search 04-23-2018 0 1	0	1
How to make the chart legend static? Hey Splunk experts, Please see if you can help me on this: I created a choroplet map chart and it is receiving the f... by gcescatto New Member in Splunk Search 04-23-2018 0 2	0	2
Splunk REST API body format - What are my options to bulk load users via REST API I am working on a way to bulk load users into splunk via REST API, what format does the body need to be? My dream is ... by brent_weaver Builder in Splunk Search 04-23-2018 0 0	0	0
regex to get only the filename and filedate Hi, My requirement is to show the date when the index got last created or to show the date of the latest file whose ... by surekhasplunk Communicator in Splunk Search 04-23-2018 0 2	0	2
Complex request improvement Hi I would like to improve this complex request : (sourcetype=powershell:rebootPending) \|stats latest(Reboot_Pendin... by jip31 Motivator in Splunk Search 04-23-2018 0 2	0	2
scripted input interval limit is there any document for the up limit and down limit of datainput/script? Thank you. by jaimekyb88 New Member in Splunk Search 04-23-2018 0 2	0	2
Mismatch '[' error in field extraction using regular expression I am a new splunk user and apologies for this dump question. I tried to extract a field with the fort "servername:por... by Manonmani5 New Member in Splunk Search 04-23-2018 0 16	0	16
How to get the first 20 characters of a field value in Splunk Hi Team, I have two fields called Message and Solution. Value of the Solution field is a link which i have defined t... by bhuvanabala New Member in Splunk Search 04-22-2018 0 2	0	2
Grep a part of the multiline event. I want to strip few rows from my log file and create a report in Splunk. Here is a sample even. blah blah blah blah... by sarvan7777 New Member in Splunk Search 04-22-2018 0 2	0	2
Why does the Splunk PDF Reports in 7.0.2 has formatting issues if the scale is in thousands? Has anyone noticed that pdf reports in 7.0.2 has formatting issues if the scale is in thousands? I have a report tha... by sbrice18 Path Finder in Splunk Search 04-22-2018 0 1	0	1