Splunk Search

Community Activity

set timezone in search most of my data sets to UTC, and all data sources are properly tagged to convert to UTC if they are not. My user is ... by GeorgeStarkey Path Finder in Splunk Search 10-19-2017 0 2	0	2
How to modify the results in required format? I have a lookup query as follows \| inputlookup hosts.csv \| rename hostname as my_hostname \| table my_hostname the ... by pavanae Builder in Splunk Search 10-19-2017 0 1	0	1
How would I configure my regex to also include Windows data? I have a query that will identify all the logs in my instance for a certain index, it list everything running except ... by bluemarvel Path Finder in Splunk Search 10-19-2017 0 8	0	8
Time field always gives nanoseconds without format variable `xd_index`_alerts SiteName="*" ServerType="Member"\| eval _time=_time-(strptime(strftime(_time,"%Y-%m-%dT%H:%M:%S")." ... by jooi New Member in Splunk Search 10-19-2017 0 1	0	1
How can I search for results that share the same Mac address? I think I'm close. Just need a little help. here is my current search index=windows sourcetype=dhcpsrvlog \| stats dc(... by shandman Path Finder in Splunk Search 10-19-2017 0 6	0	6
Can I graph data in text over time? I have data that is in text value that I want to graph over time. index=pcrf sourcetype=rac* ha_state=* \| table ... by bpfoster7 New Member in Splunk Search 10-19-2017 0 1	0	1
Transforming Field Value with Rex/Regex? Hey! So I have this field: "user1 user2 user3 user4 user5 user6 (.....)" and I wanted it to look like "(account="use... by pamcarvalho Path Finder in Splunk Search 10-19-2017 0 5	0	5
check if value is in subsearch table result Hi, I need a way to check if a value is in a sub search table result. for example I use the code that doesent work: ... by matansocher Contributor in Splunk Search 10-19-2017 0 9	0	9
Simple way to turn multivalue field into a table? Is the a function that does this: ... \| mvmap data (fname, lname, age, height) \| table lname, age (where data is a... by alexander_lucas Explorer in Splunk Search 10-19-2017 0 2	0	2
What is the best way to compare emails in two different formats I have two fields, I need to compare, that contain an email address, but in different format: Format 1) firstname.las... by mlevsh Builder in Splunk Search 10-19-2017 0 3	0	3
Results from root search in a subsearch Here is an overview of what I'm trying to accomplish. I have created a table that uses information in the threat acti... by bbraun New Member in Splunk Search 10-19-2017 0 5	0	5
Convert #B/KB/MB/GB into bytes without a unit? Hey everyone. Searching around, I see tons of answers related to converting numerical bytes into KB/MB/GB/TB. However... by msarro Builder in Splunk Search 10-19-2017 0 5	0	5
How can I see the Data in a Metrics Index in Splunk 7? Hi everyone, I'm looking forward to do some Data Science with Splunk and was very happy to read about the Metrics In... by bojanisch Path Finder in Splunk Search 10-19-2017 0 1	0	1
Dispatch folder is only 284KB but I still encounter minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch I wanted to reduce my storage space. I have already set retirement policy but my used space did not reduce although t... by wuming79 Path Finder in Splunk Search 10-19-2017 0 1	0	1
hot_v* file not found but able to see file using locate Hi, Referencing to http://docs.splunk.com/Documentation/Splunk/6.2.1/Capacity/Estimateyourstoragerequirements, I'm ... by wuming79 Path Finder in Splunk Search 10-19-2017 0 1	0	1
How do I exclude fields with certain values from a table when the event has multiple values for the same fields? Hi, As the title says. Refer to the screenshot below too; The above is the log for the event. as you can see, ther... by ZacEsa Communicator in Splunk Search 10-18-2017 0 3	0	3
Field extraction of log file -- Each line has different format, how can I include all format in one regex? I am doing field extraction for a log file format as below: line 1: field1, field2, field3, field4 line 2: field1, fi... by samlinsongguo Communicator in Splunk Search 10-18-2017 0 3	0	3
How can I compare data between two dates? I have index data like below, and I want to calculate how many have a stock price higher than yesterday. date, stock,... by kennethyeung New Member in Splunk Search 10-18-2017 0 6	0	6
How to extract a repeating field from an event I have data that looks like this: AA=value1,BB=value2,BB=value3,BB=value4 AA=value5,BB=value6,BB=value7 AA=value8,BB... by stephenlclarke New Member in Splunk Search 10-18-2017 0 6	0	6
ITSI \| itsi_service_id to service name mapping? I want to query the summary index and pull back KPIs with high alert severity. However, in order to do this I have to... by cspires64 Path Finder in Splunk Search 10-18-2017 1 1	1	1
How to extract a file name up to a specific character I have a list of files similar to this list: FileObjMgr_01235_567.log EIM_0080123_45.log EIM_01031234_56.log EIM_012... by sheloaha Path Finder in Splunk Search 10-18-2017 0 6	0	6
How to subtract 2 row sum total value How to get the Total difference amount from DP - RF Search used: index=elm-*** \| dedup transactionid \| eval amount=... by yograjpatel New Member in Splunk Search 10-18-2017 0 2	0	2
Splunk ingest SNMP traps Hi As per the documentation given in Splunk "http://docs.splunk.com/Documentation/Splunk/latest/Data/SendSNMPeventsto... by ankithreddy777 Contributor in Splunk Search 10-18-2017 0 1	0	1
Is there any way to compare multivalue fields to single value fields? Hello Splunk Community, I've tried to do my homework on the subject and I'm coming up short, so here I am. I'm a few... by jamesmoriarty Explorer in Splunk Search 10-18-2017 0 5	0	5
How to see if field values from index 1 shows up in index 2? Do I need to do some fancy joined search here? I have values that will show in index 2, and I want to check index ... by agoktas Communicator in Splunk Search 10-18-2017 0 3	0	3