Splunk Search

Community Activity

Trying to get the domain from multiple email recipients using rex sourcetype=mysource \| rex field=shared_with "(?P[A-Za-z0-9]+.[a-zA-Z]+)$" emails going to several different recipien... by Dallastek Explorer in Splunk Search 01-23-2018 0 7	0	7
How to add new field in existing index I have a index that have 2 fields only index="TRIAL_INDEX" fields: sample1, sample2 And i will make a new f... by jadengoho Builder in Splunk Search 01-23-2018 0 5	0	5
addtotals to calculate percentage I am trying to calculate what percentage of Operating Systems have windows 10 installed out of the total number which... by davidcraven02 Communicator in Splunk Search 01-23-2018 1 11	1	11
How to decrease the count for everr search that is true I'm trying to remove duplicates log from the search result every time the page is refreshed. eg index=main "Entered ... by santohang New Member in Splunk Search 01-23-2018 0 3	0	3
Set values to 0 when there are no search results Hi, on Splunk Enterprise 6.6.5 I have the following problem: I am using 3 saved searches in one dashboard via append... by mborn New Member in Splunk Search 01-23-2018 0 3	0	3
CSV files generated from Outputlookupand Outputcsv cant be re-used as input. I used a search query to get a value. source="nfr-output_300_1.csv" host="IHTNW754752GG-L" index="main" sourcetype=... by harishy100 New Member in Splunk Search 01-22-2018 0 1	0	1
How to combine 2 csv files and perform multiple eval operations on it and produce a graph? I have 2 CSV files. Each CSV file has 2 fields "Start_Time" and "End_Time" 1. I need to find the "total time" taken i... by harishy100 New Member in Splunk Search 01-22-2018 0 1	0	1
stats count for multiple columns in query Hello All, I have query which is returning below result sets in table :Field1, Field2, Field3 are headers and ... by bawan New Member in Splunk Search 01-22-2018 0 7	0	7
How can I use lookup? How can I do this in splunk? by harishyhrk New Member in Splunk Search 01-22-2018 0 2	0	2
How to edit my subsearch to keep a variable to add to the end results? I am running 2 searches from 2 different source types. Search 1 Search for sidewinder traffic that went through att... by john_glasscock Path Finder in Splunk Search 01-22-2018 0 1	0	1
Is there an easy way to update a record in KV Store from the results of a Splunk search instead of bulk reloading a lookup table? It seems using KV store from migrating from lookups seems to be very easy. Just outputlookup to a KV store stanza. ... by clyde772 Communicator in Splunk Search 01-22-2018 1 5	1	5
lookup Compare value for 2 different Columns This is my search - \| metadata type=hosts \| table host \| lookup Device.csv Hostname as host OUTPUT Status \| where ... by raomu Explorer in Splunk Search 01-22-2018 0 2	0	2
Multiple expressions in single search I'm trying to combine multiple rex expressions in a single search, but I'm having issues with my syntax. More specif... by stlimanika New Member in Splunk Search 01-22-2018 0 5	0	5
Sub-search doesn't work in some apps/dashboards but works in others and as a separate search Been wrestling with this issue for a while now... I have a search like the below (sensitive information redacted). Th... by michael_sleep Communicator in Splunk Search 01-22-2018 0 1	0	1
Pair-wise Comparison Across Values of Different Fields Splunk newbie here. What I'm trying to do is a pair-wise comparison across all of the values of two different fields,... by ikiril01 Engager in Splunk Search 01-22-2018 0 1	0	1
Ingore last result in timechart Hello i have a search query with timechart function but i don't want to display last bucket because it shows not comp... by Ponczi1 Explorer in Splunk Search 01-22-2018 0 3	0	3
How to combine outputs from 2 different searches where fields match? EDIT: Nevermind, I was just being dumb. It seems no matter how I search by field3 value that triggered on field1, fie... by auraria Explorer in Splunk Search 01-22-2018 0 3	0	3
Extract fields using colon (:) except time field Hello, I'm trying to use the field extraction tool for a data file that where the fields are delineated by a colon(:... by richnavis Contributor in Splunk Search 01-22-2018 1 3	1	3
Exttract the first value for multivalue field events Hey, I have a sample event,which is a multivalue field,I want to extract Service ID and Ent_Provider Id from the t... by vrmandadi Builder in Splunk Search 01-22-2018 0 6	0	6
how to divide two fields in a search and print the result values in timechart Hi, suppose a query is like: index="demo1" total_bytes,total_time,date etc I need to divide total_bytes/total_... by sawgata12345 Path Finder in Splunk Search 01-22-2018 0 5	0	5
Chart and table of occurences of field by another field Hi I would like to have some chart ( bar etc.) and table of logs which contain two information titleID and userID. I... by swdowiarz Path Finder in Splunk Search 01-22-2018 0 11	0	11
Multisite Index replication question I must admit I am struggling with wrapping my head around multisite replication... We operate in AWS and do build inf... by brent_weaver Builder in Splunk Search 01-22-2018 0 3	0	3
How do I reference lookup table with a field that have dynamic value? I have a field value for IP address in the lookup dataset but the IP address from real logs are dynamic and constantl... by LeeZeeYuen New Member in Splunk Search 01-22-2018 0 5	0	5
How can I make this search faster and more efficient "index=_internal per_host_thruput \| timechart span=1d dc(series) as hosts" The search below yields a count of hosts each day. It works well but will be extremely slow and inefficient if I run ... by mattbellezza Explorer in Splunk Search 01-22-2018 0 2	0	2
How to move raw data with no field assigned to a table? This might be a really simple question, but I haven't been able to find an answer as of yet. I have some raw data fro... by cdhippen Path Finder in Splunk Search 01-21-2018 0 3	0	3