Splunk Search

Community Activity

Can I use regex to assign a sourcetype? Hello. I new to regex and have been trying to understand how it works. Let say i have a log containing strings of i... by linwqg New Member in Splunk Search 03-19-2018 0 5	0	5
Calculating Source type info indexing rate and EPS Hello Splunkers, I would like to calculate below EPS values for 30 days time period for each source type on one c... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 4	0	4
How to do eval and percentage based calculations? I want to calculate the amount of change in between today's score and yesterdays. This is a file with a few days data... by Splunk_rocks Path Finder in Splunk Search 03-19-2018 0 6	0	6
I want to find the difference in count of processes from last 2 months My 1st search: earliest=-2mon@mon latest=-1mon@mon index=linux (host=abc OR host=xyz) COMMAND=LMN\|dedup host,PID\|stat... by shreyasathavale Communicator in Splunk Search 03-19-2018 0 6	0	6
How do I merge events on the basis of time and fields? I want to merge events that are in between state=" STARTED" and state="COMPLETED" i.e. All the following events of st... by pratibha2018 Explorer in Splunk Search 03-19-2018 0 9	0	9
Search Query Help Hi Team, I got a scenario as below: index=* host=A or host=B Type=Info "Service down" In this i want the following... by anandhalagarasa Path Finder in Splunk Search 03-19-2018 0 6	0	6
How to build a multi-level piechart? Hello, I am searching for a possibility to build a multi-level piechart in Splunk. Does anyone knew if the is an bui... by mihenn Path Finder in Splunk Search 03-19-2018 1 5	1	5
How to extract a field from a GET request? Hi All - I am having trouble extracting the following fields from a GET request . GET /TSGene/images/literature... by dmenon84 Path Finder in Splunk Search 03-18-2018 0 8	0	8
how can you run one search and share that data with multiple panels How can or is there a way of running one search and sharing the resulting data amongst multiple panels in a Dashboar... by TDR57 Explorer in Splunk Search 03-18-2018 0 2	0	2
Nested JSON and SPATHING Hi, I have another question similar to the question I asked at https://answers.splunk.com/answers/624148/expanding-n... by BearMormont Path Finder in Splunk Search 03-18-2018 0 4	0	4
Pivot search hello , someone can help me to translate this pivot command in search command \| pivot proofpoint proofpoint_search ... by ALLIACOM New Member in Splunk Search 03-17-2018 0 2	0	2
Creating new fields using already set data I am working with data from an application but the data has been forwarded to Splunk as raw data and appear randomly ... by leagawa New Member in Splunk Search 03-17-2018 0 1	0	1
How to create a real-time map of attacks I want to create a real-time map similar to https://cybermap.kaspersky.com/ that tracks and displays the exact locati... by Shabalala9 New Member in Splunk Search 03-16-2018 0 1	0	1
Can any one help to understand & use of below command in eval Can any one help to understand & use of below command in eval index=_internal \| eval Mahesh=max(1, 3, 6, 7, "foo", fi... by maheshsat Explorer in Splunk Search 03-16-2018 0 1	0	1
Trying to change date index=_internal \| eval Mahesh=replace(date, "^(\d{1,2})/(\d{1,2})/", "\2/\1/") My date 03-16-2018 I need 16-03-2018 by maheshsat Explorer in Splunk Search 03-16-2018 0 2	0	2
CPU Usage by Process Is there a way to pull a list of running processes and the CPU % usage per process via Splunk natively? Using Powers... by Kendo213 Communicator in Splunk Search 03-16-2018 0 2	0	2
Calculate difference between 2 time fields using strptime As an example, I am getting weather data where in each json even I have the sunrise and sunset time for that day. The... by MedralaG Communicator in Splunk Search 03-16-2018 0 10	0	10
How to create a real-time map of attacks by Source IP? I would like to create a live map similar to the one at Norse: http://map.norsecorp.com. Below is the search that I ... by kmedina1 Explorer in Splunk Search 03-16-2018 0 4	0	4
Find percentage between two fields whose name will fall into a naming convention I have a set of fixed fields that define a maximum threshold with the naming convention of "resources_available_[[con... by mjones414 Contributor in Splunk Search 03-16-2018 0 1	0	1
How to use rex to get matching number? I tried to use \| rex "^Version\s(?P(\\d{2}))$ to extract version number - it should only be 2 digit number. But 12.1.... by xinde Path Finder in Splunk Search 03-16-2018 0 8	0	8
How to add link per rows? I first encountered the plank system. Need any help. Have a table with multiple rows. Is it possible to assign a lin... by kiselevm New Member in Splunk Search 03-16-2018 0 2	0	2
data comparison Hi all Someone can help me? We have a stream of messages that are sent from one side and received on the other. Is i... by kiselevm New Member in Splunk Search 03-16-2018 0 1	0	1
Why is the stats count showing higher count for date_ then other fields? I have a report that provides a summary of key activity by IP. I wanted to cross check that information against the ... by Gawker Path Finder in Splunk Search 03-16-2018 0 2	0	2
problem with join i am trying to join 2 indexes and ClientName. i find some rows are not joining on ClientName. but if i explicitly me... by jiaqya Builder in Splunk Search 03-16-2018 0 6	0	6
Regex Help Hi, I need a regex to extract at search time the values after ACTION[*] and up to the next character, regardless of ... by jacqu3sy Path Finder in Splunk Search 03-16-2018 0 4	0	4