Splunk Search

Community Activity

Custom field extraction and table output Hi Team, I have the below sample log file. I want to filter all the lines starting with "NET," and also want to crea... by senthamilselvan Engager in Splunk Search 11-07-2017 0 6	0	6
Dynamic number of timecharts of field values by another field Sorry if the description isn't clear. Essentially, I'm making a dashboard to display the trends of a project from a l... by j4adam Communicator in Splunk Search 11-07-2017 0 9	0	9
Search query using spath and mvexpand on multi-value nested JSON doesn't scale Hi Splunk Experts, I am sending events to Splunk Enterprise in the following nested JSON format: { compliance:... by sharad06 Explorer in Splunk Search 11-07-2017 0 2	0	2
inner join/append with two Where commands. I want to join two search's for an alert, I want to alert when the "difference " is above 30 AND the "Total_GB_Used "... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
Search syntax for comparing events over 30-day timespan The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in... by sbattista09 Contributor in Splunk Search 11-07-2017 0 2	0	2
What is the most efficient way of filtering on two timestamps? Hello all, I keep facing a common theme and I wanted some input. We all know that the first filter should be on the... by andrewtrobec Motivator in Splunk Search 11-07-2017 1 1	1	1
How to combine two field values from the same field? So, I have regex a field called device, and it contains - mac - mac os - os x - windows - android Is it possible t... by limalbert Path Finder in Splunk Search 11-07-2017 0 9	0	9
Sort highest to lowest over time with timechart Hello, I'm trying to display a graph of the my Splunk applications by usage, highest to lowest within a given time p... by patrick_okeeffe Engager in Splunk Search 11-07-2017 0 3	0	3
How do I count the number of events based on the value of a field is * Hello, I am having trouble with a simple search. I have the following data: OBJECT ID,NEW STATE 1,STATE ONE 1,STATE... by maniu1609 Path Finder in Splunk Search 11-07-2017 0 2	0	2
Help with search to monitor a firewall We are trying to monitor Firewall events from' X ' Environment coming to Splunk. I took the all hosts (600 hosts) rel... by splunker969 Communicator in Splunk Search 11-07-2017 2 7	2	7
Timechart Not working after eval _time Hello, I am using timechart in my query. I want to create timechart based on time specified in file rather than _tim... by AKG1_old1 Builder in Splunk Search 11-07-2017 0 1	0	1
Rebuilding index level .data files On a healthy index, these two queries return the same value, or at least very similar, since the value is changing as... by vbumgarner Contributor in Splunk Search 11-07-2017 0 3	0	3
sum of a field depending on values of other field Hi, I have few fields in my csv file like below. Name of csv file example.csv A B ... by surekhasplunk Communicator in Splunk Search 11-07-2017 0 5	0	5
Using Rex Command to Extract Username from EventData_Xml Data Good morning. I'm trying to use rex to extract a username from a MS Windows Application Event Log. The event shows ... by SplunkLunk Path Finder in Splunk Search 11-07-2017 0 9	0	9
search on each lookup event Hi All, I have a lookup containing username,hostname and I also have an assets index storing hostname, mac, ip. Im ... by samhodgson Path Finder in Splunk Search 11-07-2017 0 7	0	7
How can I define a total amount of a Pie Chart? Hi! I need to create a pie chart where the full pie is 1000000 and the "usage" is a count number. It should look like... by gcescatto New Member in Splunk Search 11-07-2017 0 4	0	4
User last login date I have a about 250 users and I would like to to know when was the last time each of them have logged in. Is there a q... by sanju005ind Communicator in Splunk Search 11-07-2017 1 8	1	8
Struggling with getting filenames/extensions using Splunk? I'm an analyst and have the following question: Does anyone know how you would make a query which will provide filen... by MMargolis87 New Member in Splunk Search 11-07-2017 0 2	0	2
How can I invert my pie chart? I'm trying to create a pie chart in trellis view such that it shows me the number of jobs that ended in terminal or c... by pranaynanda Path Finder in Splunk Search 11-07-2017 0 14	0	14
Splunk is not able to extract fields at search time. I am facing a issue in Search time field extraction. Events are indexed in Key-Value form. My current configuration... by hbarot_splunk Splunk Employee in Splunk Search 11-07-2017 0 4	0	4
How to use wildcard inside string regex? The log contains string in this format below. name:X_device:Y_ name-U:X1_Y2_ It has a mixed pattern, and I'm wonder... by limalbert Path Finder in Splunk Search 11-06-2017 0 8	0	8
Key Value pair extraction with unique value Hi, I need to extract unique values as per below sample data Its has unique format like [ parameter : mailboxName \|... by mayank141 New Member in Splunk Search 11-06-2017 0 2	0	2
Is there a way to use VLOOKUP function in Splunk? Hello, Among all the jobs that are running on mainframe I need to bring back the ones that correspond specifically t... by vs2d New Member in Splunk Search 11-06-2017 0 3	0	3
How can I incorporate the transaction command along with startswith and endswith? So I saw someone did a query for Linux systems on failed sshd logins followed by a successful sshd login using the tr... by SplunkLunk Path Finder in Splunk Search 11-06-2017 0 9	0	9
How can I extract ALL occurrences of a field from JSON file? 23.10.2017 14:01:23.745 INFO [10.87.80.251 [1508785283744] POST /apps/globallog HTTP/1.1] InfoLoggerServiceImpl {"id"... by Sanjay71 New Member in Splunk Search 11-06-2017 0 4	0	4