Splunk Search

Community Activity

Excluding a specific URL in Regex Hi, I read through forums on how to extract URLs using regex. But couldn't find those on how to exclude them. For e... by SplunkNewbie18 New Member in Splunk Search 01-24-2018 0 4	0	4
Extract value for host field from log file path using the parameter host_regex in inputs.conf Hi, I am new to Splunk and Regex. I have a folder : D:\SplunkForwarderCache\TimeSyncLogs\Linux. This folder contains... by neltonk Path Finder in Splunk Search 01-24-2018 0 3	0	3
Changing the Ulimits for openfiles How can we change the ulimits of Splunk to the desired value ? I have edited the /etc/security/limits.conf file and ... by nawazns5038 Builder in Splunk Search 01-24-2018 1 15	1	15
Converting [h]:mm:ss into hour, minutes and seconds Splunkers! How should i modify the regula expression \| rex field=duration "(?<hour>\d{2}):(?<min>\d{2}):(?<sec>\d{2... by CarmineCalo Path Finder in Splunk Search 01-24-2018 0 3	0	3
Evaluating dynamically generated field name I've an event where some field "values" can be concatenated/evaluated to generate a field "name" that exists in the s... by hsingams2 Explorer in Splunk Search 01-24-2018 0 2	0	2
Need to filter table results in Dashboard after stats and join commands I am looking for a way to filter the results that I am returning from an initial SPL search, a join command keying of... by jspigler2010 Explorer in Splunk Search 01-24-2018 0 2	0	2
How to return the most recent 2 values of X by Y? Stats can be used to get the most recent X value of Y, for example: \| stats latest(x) by y How do I get the most rec... by the_wolverine Champion in Splunk Search 01-24-2018 0 3	0	3
How do I store the delta value in the previous row I have the following: _time condition delivery sent 1 21/01/2018 0:00 0:00 264464 331477 2 22/01... by HattrickNZ Motivator in Splunk Search 01-24-2018 1 4	1	4
Calculate the delta based on the time for 2 fields - end of day value minus start of day value I have the following table from my search: index=core ... \| timechart span=5m sum(deliverySucceeded) as deliverySu... by HattrickNZ Motivator in Splunk Search 01-24-2018 0 5	0	5
Static List of Users I have created a static list of users in a dropdown on one of my dashboards. There are only 15 of them so I decided n... by bgill0123 Loves-to-Learn in Splunk Search 01-24-2018 0 4	0	4
How to get full row based on max Splunkers! I need to solve this problem. Basically, starting from a Service Catalogue (having the same AppID linked ... by CarmineCalo Path Finder in Splunk Search 01-24-2018 0 2	0	2
Does workflow have SPL commands? We wonder whether the workflow UI has SPL commands. Meaning, can we perform the same workflow tasks via commands? by ddrillic Ultra Champion in Splunk Search 01-24-2018 0 0	0	0
index=Network_data memory_raw!="" \| table _time cust_id memory_raw \|bin _time span=1d \| stats avg(memory_raw) by _time cust_id Hello everyone, In the above command i got the average memory raw per customer for a day(span=1d). But i need it for ... by akhil36109 New Member in Splunk Search 01-24-2018 0 5	0	5
Is it possible to do a lookup based on IF statement? Hello Splunkers, here is my scenario: I have a field actionType that can assume two values: "S" or "A". Based on act... by guimilare Communicator in Splunk Search 01-24-2018 1 5	1	5
Manipulate _time value on collect Hello, I'm performing some aggregations on my indexed data and I'm doing them based on a field that stores date and... by LordLeet Path Finder in Splunk Search 01-24-2018 0 1	0	1
Match IP network source I want to add data of a network, for example 192.168.0.0/24. But when i select TCP/UDP, and i add 192.168.0.* on "Acc... by pfries54 New Member in Splunk Search 01-24-2018 0 1	0	1
Sorting timewrap output I doing a search and timecharting the results which I then stream into timewrap. My timechart contains (for instance... by jsburt New Member in Splunk Search 01-24-2018 0 5	0	5
replace special character "" with NULL in datamodel Hi, In one of my numeric field sometimes I am getting value as " ". I want to replace it with either NA or NULL i... by goyals05 Explorer in Splunk Search 01-24-2018 0 2	0	2
How do I edit my timechart search to get the expected visualization? Hi all, First off, some details. I have a script job running every 60 seconds to poll the processes in the servers a... by carrotball New Member in Splunk Search 01-24-2018 0 10	0	10
Alternative to dedup I'm sorting by time cause I want the latest time for every distinct host. Im doing this and it works. But dedup is fa... by greggz Communicator in Splunk Search 01-24-2018 0 2	0	2
convert string date(without seprater) to readable date format - 20180112 to 12/01/2018 Hi, I am using data-models. In raw data I am getting date as YYYYMMDD, I want to convert it in DD/MM/YYYY. Is ther... by goyals05 Explorer in Splunk Search 01-24-2018 0 4	0	4
How do you manage modified lookup files that ship with an app? Let's say an app ships with one or more default CSV lookup tables. You want to add additional data to these lookups ... by john_dagostino Path Finder in Splunk Search 01-23-2018 0 1	0	1
hosts not visible Hi, Configured splunk universal forwarders on windows & linux hosts through splunk deployment server, which are visi... by rajballa New Member in Splunk Search 01-23-2018 0 7	0	7
splunk _time not matching with timestamp Hi, the log has timestamp like this "time":"2018-01-22 13:43:40.0" props.conf : TIME_FORMAT = %F %T.%3N TIME_P... by nawazns5038 Builder in Splunk Search 01-23-2018 0 7	0	7
How to extract name from multiple sources using rex I am trying to extract one name from source using rex. index=source= \| rex field=source "\\\\\\\domain\\\prod\\\(... by ibob0304 Communicator in Splunk Search 01-23-2018 0 5	0	5