Splunk Search

Community Activity

space in my field with the field I extracted with a regex Hi, Use a regex to extract some fields from my log with the regex101.com tool. but when I do the search for the mix ... by Carolina Engager in Splunk Search 11-14-2017 0 3	0	3
Strange behaviour with \| table * Hi all, I have some issues with the results from using \| table * I start with a simple data selection: source... by FrankSPL Path Finder in Splunk Search 11-14-2017 0 2	0	2
How to extract field with regex such as sentence with space Hi regex masters, Please help me. Below are sample xml logs. Incident Number: 151719935 Date Of Incident: 12/02... by syokota_splunk Splunk Employee in Splunk Search 11-14-2017 0 9	0	9
How to apply the fit command with a "by" field Hi Everyone, So I have data like this in my lookup table fields A \| B \| C 10\| 2 \| red 4 \| 6 \| red 9 \| 1 \| red... by tpirozzi Explorer in Splunk Search 11-14-2017 0 1	0	1
Almost no search results after upgrading to 7.0.0 Upgraded from 6.1 to 7.0 and now none of my old searches gives any results i.e dashboard searces. As a Splunk rookie... by erikwie Path Finder in Splunk Search 11-14-2017 0 4	0	4
How to trigger an action when no results are found (without using the settings in a saved alert) My organization using something called Ticketer to in Splunk to auto-generate an incident form when something shows u... by lordhans Explorer in Splunk Search 11-13-2017 0 3	0	3
single value trend with earliest I've got the followingsearch: \| stats values earliest(AG_Z) AS A_Z values earliest(D_AG) AS D_A_I \| eval eA_Z=strpt... by Mike6960 Path Finder in Splunk Search 11-13-2017 0 13	0	13
How to extract user behavior pattern during peak load from web access log From NFR perspective trying to figure out how to use Splunk to extract user behavior pattern during peak load conditi... by GaneshK New Member in Splunk Search 11-13-2017 0 2	0	2
How to make list(x) include all values? list(x) does not return all values. If I have white space as my value, list omits it. Here is a simplified example of... by jpayne1 New Member in Splunk Search 11-13-2017 0 2	0	2
Splunk Light Email Anonymization before Indexing Hello everybody, I am new to Splunk and I try to anonymize an email adress of my Logfile with the help of files pro... by mseidel New Member in Splunk Search 11-13-2017 0 2	0	2
We are getting error when we search with windows index , this is happening from past month Below is the error we got [hsplunkp01] Dispatch Runner: Configuration initialization for /opt/splunk/var/run/search... by Kaushikkatta03 Explorer in Splunk Search 11-13-2017 0 1	0	1
Session duration calculation Hi, I have this data Time Event 11/13/17 5:12:53.000 PM { [-] analyticType: SessionEnd bui... by dbcase Motivator in Splunk Search 11-13-2017 0 3	0	3
How to extract a dynamic String that is comma delimited (it comes directly after a constant)? The Splunk logs I'm working with are big and don't come with any predefined useful fields. I want to extract a dynami... by lordhans Explorer in Splunk Search 11-13-2017 0 2	0	2
How do we convert rex into makemv? The following \| rex "^(?:[^,\n]*,){8}\"\w+\":\"/(?P<apiURL3>\w+/\w+/\w+/\w+\.\d+/\w+\.\w+)" produces for us the desir... by ddrillic Ultra Champion in Splunk Search 11-13-2017 0 9	0	9
What is the right way to join fields from different rows into one? Within the same index and sourcetype, I have some rows containing type=master and many more rows containing type=slav... by shikhanshu Path Finder in Splunk Search 11-13-2017 0 1	0	1
How can I extract this email address field and name it "email_id"? What would be the correct expression to extract only the email address that follows "email="? I then want to call tha... by cyberhumint New Member in Splunk Search 11-13-2017 0 9	0	9
Why is my Base Search cutting off Fields in the Dashboard view? I made a dashboard with a single base search passing the results to downstream panels. When I make my panels dependen... by skoelpin SplunkTrust in Splunk Search 11-13-2017 1 8	1	8
How can I skip the first two "\n" letters from my fields? Hello Everyone! I want to remove the first two letters from my fields "\n" how can I do it? \nCDIARIA2 \nCDIARIAC \... by danielgp89 Path Finder in Splunk Search 11-13-2017 0 11	0	11
Regex for extracting email with a trailing whitespace Hi, I have log line according to the next template: [2017-11-03 13:55:52,945] [MYPROJ] [EMAIL=xxx@yyy.com] But I wa... by nmayafit Path Finder in Splunk Search 11-13-2017 0 4	0	4
Finding whether firewall hosts sending logs to splunk ? Hi , I have a list of firewall hosts names and some ips of firewall and i created the lookup of all host names of fir... by splunker969 Communicator in Splunk Search 11-13-2017 1 5	1	5
Is it possible find total of transactions in a lookup table I have a lookup table with personal financial transactions on it. They list like they do when you review transactions... by bcyates Communicator in Splunk Search 11-13-2017 0 3	0	3
Getting error in splunk cloud while running every search in the splunk cloud Error : " Error 'Could not find all of the specified lookup fields in the lookup table.' for conf '(?::){0}XmlWinEve... by samsingnok52 Engager in Splunk Search 11-13-2017 0 1	0	1
Using MVZip and MVExpand on MultiValue fields where one node sometimes exists Hello friendly Splunk community, May I ask your assistance in dealing with a multivalue field that sometimes contain... by blairmd New Member in Splunk Search 11-13-2017 0 4	0	4
How do I create a piechart visualization with the count of two field values and the sum of both displayed? I have a query that gives me the count of certain events with keyword 'ab' OR with keyword 'pq'. The query is like th... by zacksoft Contributor in Splunk Search 11-13-2017 0 7	0	7
How can I get the count of two different field values in the same search? My splunk query is , host=x OR host=y OR host=z nfs1 \| stats count as nfs1_count In the above case nfs1 field is s... by zacksoft Contributor in Splunk Search 11-13-2017 0 34	0	34