Splunk Search

Community Activity

	Why doesn't sort show the field I'm trying to sort by? I'm using this query: \|top limit=5 bytes_in,bytes_out \| sort src_ip With the goal of showing top bytes in and out... by summitsplunk Communicator in Splunk Search 04-16-2018 0 9	0	9
	REX and Lookups I am trying to use a lookup table after I rex out some logs. Here is an example: index=* source=messages \| rex fiel... by HealyManTech Explorer in Splunk Search 04-16-2018 0 1	0	1
	XML nested field issues Hi all, I have a XML file like: <CxXMLResult> <Query name="Stored_XSS"> <Result NodeId="1"> </R... by rasty Path Finder in Splunk Search 04-16-2018 0 6	0	6
	regex exclue from IPs I have following regex which giving Cisco group name but my events containing group = 132.XX .34.34 some IPS also so... by Splunk_rocks Path Finder in Splunk Search 04-16-2018 0 1	0	1
	How to calculate availability of API on daily basis Hi, I have multiple APIs in my log whose availability duration needs to be determined on daily basis i.e., from 00 t... by MousumiChowdhur Contributor in Splunk Search 04-16-2018 0 2	0	2
	different values in a field result in different processing times?? hey guys I got an odd behavior today in Splunk. When I ran: index=A sourcetype=A m=4 OR m=404 OR m=1233 the s... by asimagu Builder in Splunk Search 04-16-2018 0 5	0	5
	How to extract URI following rex command? How to extract URI following rex command? My field URI=/v4/cp/members/summary?hcid= AN5635356 &firstnm=ELLEN&last... by karthi2809 Builder in Splunk Search 04-16-2018 0 2	0	2
	Error parsing dashboard XML: Duplicate search type primary is not allowed. Go to "Edit Source" to fix. Hi, I have an entire Dashboard which works with Splunk 6.5.x. very well. Unfortunately, since I upgraded to Splunk 7... by mhornste Path Finder in Splunk Search 04-16-2018 0 5	0	5
	Why is the search for my alert returning 0 results? I currently have some alerts being triggered when they shouldn't be. The search is performing a host alive check, whe... by matthew_dorring New Member in Splunk Search 04-16-2018 0 6	0	6
	On the limit of delimiter in field extracter I indexed some logs that have values are separated by commas, and I attempted to extract fields using delimiter, but ... by yutaka1005 Builder in Splunk Search 04-15-2018 0 4	0	4
	How to display the entire source under each event in the search results Events tab without clicking on "Show Source"? Hi, Currently, If I search for any event in the search tab, I am getting only that particular event details from the... by chris1 Explorer in Splunk Search 04-15-2018 0 13	0	13
	stats count issue Hello, I hit a problem in the query below. I believed I'm not allow to form the stat count 2 times in the query. The... by krusovice Path Finder in Splunk Search 04-15-2018 0 3	0	3
	How to write a query to get the result clusterwise So my base Query to check sell is below:- index=myapp sourcetype=my_sourcetype host="myhost" "Logger*" AND "sold e... by iqbalintouch Path Finder in Splunk Search 04-15-2018 0 8	0	8
	Convert time 15/Apr/2018:15:08:19.974 +0000 to epoch Hi any help would be nice. Convert time 15/Apr/2018:15:08:19.974 +0000 to epoch by Kirantcs Path Finder in Splunk Search 04-15-2018 0 2	0	2
	Why am I unable to pass values across to multivalue fields? Hi, I am trying to build a dashboard with 4 MultiValue Input fields. MV_field1 with Values MVF1_A, MVF1_B,..... MVF... by ssadh_splunk Splunk Employee in Splunk Search 04-15-2018 0 5	0	5
	How to create an alert based on a field value regex pattern? Hi I am looking for the best way to alert when a field value is not within a normal input range? For example, I ha... by Log_wrangler Builder in Splunk Search 04-15-2018 0 9	0	9
	Can you make append not start on a new line? LIke if I run this query: index=myindex \| stats count AS Total1 BY host \| append [ search index=myindex \| stats coun... by summitsplunk Communicator in Splunk Search 04-14-2018 0 7	0	7
	tstats summariesonly=t as admin i can see results running a tstats summariesonly=t search. Same search run as a user returns no results. A... by coreyf311 Path Finder in Splunk Search 04-14-2018 0 2	0	2
	Regular Expression if then else Hello everyone. I have field which sometimes contains Profilename and Stepname and sometimes just the Profilename. I... by jessicadrechsel New Member in Splunk Search 04-13-2018 0 4	0	4
	Rex expression multi line with line break I copied the log from splunk to regex101.com. I am searching against Windows Event Viewer logs. Event Code 4722 and 4... by jared_anderson Path Finder in Splunk Search 04-13-2018 0 1	0	1
	How to correlate two fields across the same index on two different logs with one field in common? Hello, I have a device that sends its logs in multiple lines. It's an authentication device, and for one authenticat... by mclesse New Member in Splunk Search 04-13-2018 0 4	0	4
	Sum of values and max (or last) value in the same query Hello I have to build up a query on Splunk, on wich I am a real newbie. I have a sheet in wich every record contains ... by piretro999 New Member in Splunk Search 04-13-2018 0 2	0	2
	Need help on search parallelization ? How and where to turn on this search parallelization mode? Hi All, I need to turn on the search parallelization "Batch mode search parallelization" but not sure where I need ... by Hemnaath Motivator in Splunk Search 04-13-2018 0 4	0	4
	Route and Filter Data from syslog (and syslog-ng is NOT an immediate option) Part 2 My override index confs are breaking and I cannot find the cause... Currently I have logs from two sources (A and B)... by Log_wrangler Builder in Splunk Search 04-13-2018 0 7	0	7
	How can I append all lookup files with uncertain names (like(name,"record*%"))? Hi Splunkers, I have lookup with WiFi authentication data (IP-Addr, mac-addr, username) . Let's say name=wifiauth_re... by evelenke Contributor in Splunk Search 04-13-2018 0 3	0	3