Splunk Search

Community Activity

Can I use foreach to measure the time taken between creating a ticket and a specific action/update? Hi, I am looking at IT ticket logging data & trying to create compliance measures between different updates being ad... by jackreeves Explorer in Splunk Search 12-07-2017 0 6	0	6
How to get a substr from a fields name Hi everyone, I want to deliver 2 fields with 1 parameter to a destination panel. I deliver the string JNL_, the fir... by netanelm7 Path Finder in Splunk Search 12-07-2017 0 15	0	15
Its showing nothing in Splunk logs window for any kind of search Ok so I ran command splunk clean eventdata And now my Splunk is not working as earlier. I am able to ADD log fi... by jaikratsingh New Member in Splunk Search 12-07-2017 0 1	0	1
What is filling up dispatchtmp? Hi, My /apps/splunk filesystem is filling up, and the culprit appears to be dispatchtmp. What files go here? It ap... by a212830 Champion in Splunk Search 12-07-2017 0 11	0	11
特定のフィールドの値をフィールド名として、その値を取り出したい下記のような1行のログデータがあります。フィールド名 : 値 _time : 2017/11/15 00:00:00 row_no : test500 test1 ～ test1000 : 数値データフィールド"row_n... by toyo11 New Member in Splunk Search 12-07-2017 0 17	0	17
How to keep only certain users events from Windows event log security? Hello, I would like to filter, at the indexers, events coming from WinEventLog:Security to keep only certain users . ... by cafissimo Communicator in Splunk Search 12-07-2017 0 7	0	7
My regex is not working in Splunk although it works at regex101.com Hello, I have a field "group" these field contains some values with a prefix: "AD-". I need to get rid of the prefix... by ugruner Explorer in Splunk Search 12-06-2017 0 4	0	4
How can I get the value of a token as a search eval for another token? I have the following xml: I want to have Name=$unit$ for the line eval token. And will have other conditions to ... by tamduong16 Contributor in Splunk Search 12-06-2017 0 5	0	5
Trying to get the value of a field for the previous month Hi, I'm working with an old data where I need to get the value of a field for the 'supposed' previous month. Here's... by jvmerilla Path Finder in Splunk Search 12-06-2017 0 3	0	3
同じSourcetypeで複数のhostからデータを合計する方法について同じSourcetypeで２つのhostから受信しているcsvに含まれる値を合計したいのですが、searchの方法を教えてください。 host-Aから受信しているcsvのA列(field_A)とB列(field_B)、およびhost... by hirosakurai Engager in Splunk Search 12-06-2017 0 2	0	2
Combining two field into one output Hi, Below is the query which generates the table output. index=abc sourcetype=report \| table company_id , company_n... by kteng2024 Path Finder in Splunk Search 12-06-2017 0 1	0	1
Date displaying as a string I have a string field (publication_date) that is displaying a date in the following format YYYY/mm/dd. Ultimately I... by cc3658 Explorer in Splunk Search 12-06-2017 0 3	0	3
How to limit the number of bars in a bar graph I have a query that produces a bar graph of the number of hits in a page. I want to limit this to the top 5-10 values... by brajaram Communicator in Splunk Search 12-06-2017 0 4	0	4
summing values from stats Hi, I have a query that produces a stats table that looks like this company count testco ... by dbcase Motivator in Splunk Search 12-06-2017 0 6	0	6
I need help with a regex for line_breaker in props.conf Hi Team, Need help with regex for LINE_BREAKER attribute in props.conf. I have below log pattern delimited by \| , h... by newbie2tech Communicator in Splunk Search 12-06-2017 0 9	0	9
Get environment variables in alert action script? How do I get the environment variables, for example $env:user$ into my alert action script? I've tried adding a para... by jef152 Explorer in Splunk Search 12-06-2017 0 4	0	4
How to Check Remote Server's Date and Time Settings (Windows) I was wondering if there was a way to search for the Date and Time settings on a remote server? I can't seem to find... by classicphil913 New Member in Splunk Search 12-06-2017 0 1	0	1
How can I combine these two searches of the count of field A and the count of field B? Hi, I have these two queries This one gets the number of camera sessions index=wholesale_app buildTarget=blah prod... by dbcase Motivator in Splunk Search 12-06-2017 0 2	0	2
Regular expression - need to extract a field I am trying to do named extraction for the field sample for each event but failing for some reason. Please help! here... by saurabh_tek11 Communicator in Splunk Search 12-06-2017 0 9	0	9
How to count the number of occurrences of a word in an event? Hello Guys, I have a log as the following and i need to count the number of occurrence of TagID word in such event (... by royimad Builder in Splunk Search 12-06-2017 1 4	1	4
Why don't my dynamic titles for month names work? I have tried to pass a token into a panel title from a search that creates month names for last month and the month b... by c0rrinn3 New Member in Splunk Search 12-06-2017 0 8	0	8
need to display zero if count is zero for data that is searched dynamically from a lookupfile i am matching strings from the lookup file(only has one column with my_field) and then checking occurrence count of e... by soumyasaha25 Contributor in Splunk Search 12-06-2017 0 3	0	3
How to re-index a file everyday, even when the file is not updated? Hey All, We have a file which has the version number of an application in the below format : version = 4.0 The req... by Venkat_16 Contributor in Splunk Search 12-06-2017 0 3	0	3
How to parse a field value that is delimited by "/" I have a field for a CVSS vector, and I want to parse it so I can compare each section to a lookup and put it in laym... by glenngermiathen Path Finder in Splunk Search 12-06-2017 0 10	0	10
Saved Search runs after Uninstallation of App I installed an App from Splunkbase for Testing purposes. The app came with Custom Searches which i had scheduled as ... by vr2312 Builder in Splunk Search 12-06-2017 0 2	0	2