Splunk Search

Community Activity

How can I skip the first two "\n" letters from my fields? Hello Everyone! I want to remove the first two letters from my fields "\n" how can I do it? \nCDIARIA2 \nCDIARIAC \... by danielgp89 Path Finder in Splunk Search 11-13-2017 0 11	0	11
Regex for extracting email with a trailing whitespace Hi, I have log line according to the next template: [2017-11-03 13:55:52,945] [MYPROJ] [EMAIL=xxx@yyy.com] But I wa... by nmayafit Path Finder in Splunk Search 11-13-2017 0 4	0	4
Finding whether firewall hosts sending logs to splunk ? Hi , I have a list of firewall hosts names and some ips of firewall and i created the lookup of all host names of fir... by splunker969 Communicator in Splunk Search 11-13-2017 1 5	1	5
Is it possible find total of transactions in a lookup table I have a lookup table with personal financial transactions on it. They list like they do when you review transactions... by bcyates Communicator in Splunk Search 11-13-2017 0 3	0	3
Getting error in splunk cloud while running every search in the splunk cloud Error : " Error 'Could not find all of the specified lookup fields in the lookup table.' for conf '(?::){0}XmlWinEve... by samsingnok52 Engager in Splunk Search 11-13-2017 0 1	0	1
Using MVZip and MVExpand on MultiValue fields where one node sometimes exists Hello friendly Splunk community, May I ask your assistance in dealing with a multivalue field that sometimes contain... by blairmd New Member in Splunk Search 11-13-2017 0 4	0	4
How do I create a piechart visualization with the count of two field values and the sum of both displayed? I have a query that gives me the count of certain events with keyword 'ab' OR with keyword 'pq'. The query is like th... by zacksoft Contributor in Splunk Search 11-13-2017 0 7	0	7
How can I get the count of two different field values in the same search? My splunk query is , host=x OR host=y OR host=z nfs1 \| stats count as nfs1_count In the above case nfs1 field is s... by zacksoft Contributor in Splunk Search 11-13-2017 0 34	0	34
counting combination of fields Hi, How would I count a combination of fields in splunk? For example, I have a "from_ip_addr" and a "to_ip_addr" in ... by a212830 Champion in Splunk Search 11-12-2017 0 6	0	6
How to get percentages of value pairs I have a very large set of retail data. The significant fields for this query are store_no, transaction_amt, zip, eth... by behudelson Path Finder in Splunk Search 11-12-2017 0 3	0	3
Difference calculation different time in different column Hi I want to calculate/simulate a data to analysis price difference, my data set in picture, Process like this ... by abdulvehhaba Path Finder in Splunk Search 11-12-2017 0 5	0	5
Top 10 values for each field value Hi, I have a data that contains the field 'regression_target'. I want to get the top 10 rows by 'regression_tests' f... by matansocher Contributor in Splunk Search 11-12-2017 0 3	0	3
Nested Splunk Query - Time of event within consolidate events Hello All, Sorry relativly new to splunk - and so this query may be a pile of garbage! To sumerise, i have a query ... by JgTheGreat Engager in Splunk Search 11-12-2017 0 3	0	3
Maximum output of fieldsummary (or table *) Hi All, I have a large data set with lots of fields and I want that in a table. However this is not working correctl... by FrankSPL Path Finder in Splunk Search 11-12-2017 0 3	0	3
Usernames Failed to Login against an IP Address \| which other IP Addresses has that Username Failed to login against? Hello, I'm looking for a query, which looks for successful [ or unsuccessful ] brute force attempts, and then to ta... by JgTheGreat Engager in Splunk Search 11-11-2017 0 3	0	3
How do I search within results of a search that has already run? Sometimes I write a brutal search that takes a very long time to run and then realize that I need to do something mor... by MonkeyK Builder in Splunk Search 11-10-2017 0 2	0	2
filter by duplication of records \|tlp\|lasttime\|reporttime\|count\|itype\|indicator\|cc\|asn\|asn_desc\|confidence\|description\|tags\|rdata\| provider .... i ha... by kunalpatil111 New Member in Splunk Search 11-10-2017 0 2	0	2
populating input dropdown with regex search Hi splunk community, am trying to populating input dropdown with results from regex search and i'm fairly sure it's m... by eddychuah Path Finder in Splunk Search 11-10-2017 0 4	0	4
Using Splunk query with transaction 1) I want to count the number of occurences of the HTTP URL with p(95) response time for url invocation: https://exam... by gvanjre New Member in Splunk Search 11-10-2017 0 2	0	2
Splunk Search Log SearchOperator:kv When I use the Job Inspector to view the Search Log of a completed search, I find hundreds of entries tagged: SearchO... by pkeller Contributor in Splunk Search 11-10-2017 3 5	3	5
How do you display the # of requests per 24 hours of log access (Between 00:00:00 and 23:59:59) for set of keywords? I have a set of keywords which I need to search and generate the output similar to https://answers.splunk.com/answer... by saifullakhalid Explorer in Splunk Search 11-10-2017 0 8	0	8
What causes unioned data sets to be truncated? Hi Splunk Experts-- I'm confused about the union command and am hoping you can help. Specifically, I'm struggling to... by jsinnott_ Explorer in Splunk Search 11-10-2017 1 4	1	4
Question about the metrics index in Splunk 7.0.0 and search efficiency In the splunk system we developed, we have 2.8 billion records as of now. The problem is that it's a single configur... by ako_y New Member in Splunk Search 11-10-2017 0 1	0	1
metadata search in a macro doesnt seem to work Hi, I am trying to put a metadata search into a macro, but having trouble making it work. The macro is something li... by pj Contributor in Splunk Search 11-10-2017 1 4	1	4
lookup two csv pattern match query I have a requirement like this from file1.csv lookup file i am getting 2 fields field1 ... by surekhasplunk Communicator in Splunk Search 11-10-2017 0 3	0	3