Splunk Search

Community Activity

Does Splunk support regex support with look behind and look ahead? Does Splunk support regex look behind and look ahead? Specifically, I have a log that has the following: CN=LastNam... by santorof Communicator in Splunk Search 02-23-2018 0 8	0	8
lookup files for alert creating I have 3 lookup files. I want to take EmpNum from fiel1.csv searching for that in file2.csv to get the email id and ... by surekhasplunk Communicator in Splunk Search 02-23-2018 0 6	0	6
Dedup case insensitive? When searching in our list of usernames that have logged in, I dedup the usernames but the results are case sensitive... by gascoynt Engager in Splunk Search 02-23-2018 0 1	0	1
Why is the Time Picker searching by time rather than creation date? Hi, When I run a search I am using a time picker and select 24h, 7d, 30 and the search runs for this time. But I pul... by colinmchugo Explorer in Splunk Search 02-23-2018 0 10	0	10
How can I extract nested JSON at index time as their own event? I am using the REST API to get a large sample of JSON data every minute from the Bittrex Exchange but I would like t... by DHastie Engager in Splunk Search 02-23-2018 0 1	0	1
Create a Time Table with multiple 'by' fields I need a table that looks like a chart containing multiple 'by' values. sample output: time_bin, farmName, errorCou... by dreeck Path Finder in Splunk Search 02-22-2018 0 2	0	2
How can I create color Tables based on Dynamic Values in Splunk 7? Hi I have the following data column_A column_B 10 20 15 5 16 100 I want to... by robertlynch2020 Influencer in Splunk Search 02-22-2018 0 3	0	3
JOIN on "_time +- 3sec" Hi, I'm new to splunk  This is my query: * Tagname="series" Wert="54" \| JOIN _time [SEARCH Tagname="workload" ] ... by BOstermeier Explorer in Splunk Search 02-22-2018 1 6	1	6
How to format field values of a varying field name? Hey Guys, I have events with duration (seconds), then I chart the sum of duration per week. So now, the field names ... by auaave Communicator in Splunk Search 02-22-2018 0 1	0	1
Use transforming command on all events In Searching, it looks like it is not possible to use a transforming command directly. For example, I would like find... by flow2k Explorer in Splunk Search 02-22-2018 0 1	0	1
How to search for events that occured on the last 4 weeks where the week starts on Monday? Hi Guys, How do I search events that occurred on the last 4 work weeks that starts on Monday and doesn't include the... by auaave Communicator in Splunk Search 02-22-2018 1 3	1	3
What does the "timechart per_day(total)" do in the Splunk documentation for Time functions? I was reading the documentation on per_day, here: https://docs.splunk.com/Documentation/Splunk/7.0.2/SearchReference/... by flow2k Explorer in Splunk Search 02-22-2018 0 6	0	6
I am looking for a search which will display my gigs per day each indexer is taking? All, Anyone have a search handy I can run that shows the gigs per day by each indexer? thanks -Daniel by daniel333 Builder in Splunk Search 02-22-2018 0 1	0	1
How to plot per_second with eval, will it be count or value? I'm trying to understand this query: timechart per_second(eval(errorValue>0)) Does this plot the value of errorValu... by davidch12 Explorer in Splunk Search 02-22-2018 0 1	0	1
How do I recognize the date/time stamp? We have the following - What would be the props.conf change? by ddrillic Ultra Champion in Splunk Search 02-22-2018 0 2	0	2
Does Splunk have a collaborative notebook capability? We're looking for a capability similar to IPython or Apache Zeppelin, where queries can live together with documentat... by eugenek Path Finder in Splunk Search 02-22-2018 4 10	4	10
Splunk Enterprise Security: Is there a way to Auto-Populate the name field with a custom nomenclature? Quick question about Splunk ES: On version 4.7.4 I am curious if there was a way to do this. On Investigations, we a... by gworkun Explorer in Splunk Search 02-22-2018 0 0	0	0
Display 0 on Single Value When No Records Found So I have a query: index=...... \| bucket _time span=5m \| timechart count as alerts The search itself runs fine and... by troyward Explorer in Splunk Search 02-22-2018 0 1	0	1
How to have same table behavior in dashboard as ad-hoc. Is there a way to get the full featured table that shows up under the "Statistics" tab for ad-hoc queries on a dashbo... by tjago11 Communicator in Splunk Search 02-22-2018 0 1	0	1
How can I show the total count as well as completed count? If I have to show that 8 out of 10 tickets have been closed how can I best show this? I need to show the total count ... by akshaypillai Engager in Splunk Search 02-22-2018 0 2	0	2
How do you find the same field values but are in two different fields? I am trying to run a search to find the same field values will give me some results. An example would be if I wanted ... by HealyManTech Explorer in Splunk Search 02-22-2018 0 3	0	3
Why is the Eval on an extracted field explodes number of scanned events? Hello everyone, Here is a wierd case i just faced. In a props.conf file (on the search head), i extract some fields ... by dancoisneth Engager in Splunk Search 02-22-2018 0 0	0	0
realtime alert for each event when reaching x number in y mins I am trying to configure a real time alert that will fire off one alert for each event found in a search. I want one... by jdinze New Member in Splunk Search 02-22-2018 0 3	0	3
What is the best way to get regex sed to remove any words with numbers? Trying to get ideas on the best efficient/simple rex mode=sed to replace any words with a number(s). Examples of w... by subtrakt Contributor in Splunk Search 02-22-2018 0 3	0	3
How to create a table from nested JSON keys with different names? Part of my json event looks like this: 1. "certificatecache":[ 2. {"type":"cacheSize","int32value":"10"}, 3. {"type"... by DenysB New Member in Splunk Search 02-22-2018 0 10	0	10