Splunk Search

Community Activity

How to extract the field with regex I would like to extract the field of "/home/y/conf/video_dir.conf" with regex when the event contains "critical" keyw... by danielwan Explorer in Splunk Search 09-25-2017 0 1	0	1
Displaying a marker for each event I'm trying to display markers on a map using Splunk. I'm currently trying out geostats but i don't seem to get it wor... by jankappe Explorer in Splunk Search 09-25-2017 0 6	0	6
How can I count failures in the neighborhood events matching a rex I have a question similar to: https://answers.splunk.com/answers/2602 and https://answers.splunk.com/answers/448796 ... by virgilg Explorer in Splunk Search 09-25-2017 0 1	0	1
How to normalize field value from two different sourcetypes? Suppose I have two sourcetypes: proxy1_source in sourcetype=proxy1_source, the field url starts with: "http://" pr... by splunkb0y New Member in Splunk Search 09-25-2017 0 4	0	4
How do I sum values over time and show it as a graph that I can predict from? How do I sum values over time and show it as a graph that I can predict from? This is something that I’ve tried to a... by RexStout Explorer in Splunk Search 09-25-2017 0 4	0	4
Filter event data using conditional regex HI All, Below is my raw event data . {"FormatVersion":"1.1","StartTime":"2017-09-22T01:11:38.565Z","EndTime":"2017... by anshul0915 Explorer in Splunk Search 09-25-2017 0 8	0	8
How can I search to show which browser and browser version users are using? Hi, I would like to extract and show the browser and version from the user-agent string, so as to segregate the diff... by marshaljoel83 Engager in Splunk Search 09-25-2017 1 2	1	2
How can I sum total memory used by a process? I need to calculate total memory used by a process. There are multiple processes with same root and suffixes. But dat... by lbalaur Explorer in Splunk Search 09-25-2017 0 10	0	10
Regarding implementation of Calendar visualization I have a requirement where I have four fields : 1. AverageValue (of a month for some parameter A) 2. ActualValue (on ... by accgarima New Member in Splunk Search 09-25-2017 0 30	0	30
Search results for specific users in the lookup field Hi All, I am trying to list out activity of providing local admin rights other than the authorized user accounts. Th... by qbolbk59 Path Finder in Splunk Search 09-25-2017 0 4	0	4
I'm having trouble with the "over" syntax. How to use it in this situation? index="Plt15_tms3" ShiftName="1" EmployeeLoggedInLastName="" MachineNumber<26 MachineState="" \| stats sum(ElapsedM... by Hppjet Path Finder in Splunk Search 09-25-2017 0 6	0	6
My case statement is putting events in the "other" category -- why? Hi guys, So i have a user_agent and a url field for an elb log file. I am checking the user agent field for the value... by Subrahmanyab New Member in Splunk Search 09-25-2017 0 7	0	7
How to show the very first tickmark in a line chart? Hi Splunkies, I'm plotting some sensor values together with the sensor's limit on a line chart in order to visualize... by bojanisch Path Finder in Splunk Search 09-25-2017 0 9	0	9
Best way to exclude specific combinations from results I have a report that i get and it contains specific sets of data results i want to exclude: ex: Group Name, Who Cha... by gdavid Path Finder in Splunk Search 09-25-2017 1 4	1	4
Splunk search help -- output data should match 2 or more of the keywords Hi, Fellow Splunkers, Noob question. I would like to seek for help in my search, this is the case: The client gave c... by dantimola Communicator in Splunk Search 09-25-2017 0 5	0	5
How to expand columns with mvfields if count of values are different for each column I ll show example it's much easier than explain: index=* <base_search> \|eval Flight=mvzip(date,route,"/") \|eval Pass... by Baguvik Explorer in Splunk Search 09-25-2017 0 10	0	10
How do I make my search command to summarize network throughput data? Aplogies, I'm not a Splunk administrator, I'm a capacity tool person that needs to extract some metrics from Splunk. ... by Mr_Perkins Explorer in Splunk Search 09-25-2017 0 5	0	5
Subsecond minspan in auto-span timechart? (How) can I create an auto-span timechart that has a subsecond minimum span, such as 0.001s? Background to this ques... by Graham_Hanningt Builder in Splunk Search 09-25-2017 3 11	3	11
Replacement for Join The below example provides the output I need, but I will exceed the JOIN command limitations (50k). Can someone advi... by ryanprayacn Explorer in Splunk Search 09-25-2017 0 2	0	2
how to show a table in if My question is : i have output in this format : a _time b _time a _time b _time i want all these outputs... by Mohsin123 Path Finder in Splunk Search 09-25-2017 0 4	0	4
How can I count the difference from two days? Hi Splunk colleagues, I need the following output: Day 1 difference to Day2 = + or - in counts to see the trend of e... by jfriedrich New Member in Splunk Search 09-24-2017 0 3	0	3
Transformation fields using Splunk UI Team, I need help in defining 3 new fields using Splunk User interface. Decision=Agree , Field Name should be "Decis... by veera9 New Member in Splunk Search 09-24-2017 0 6	0	6
Left Join Not Returning All Fields So as an example: Primary Table Customer 1, 2, 3 Secondary Table Customer 1,2,3,2 Spend 100, 200, 300, 400 Search... by ryanprayacn Explorer in Splunk Search 09-24-2017 0 5	0	5
Is anyone ingesting Ganglia data into Splunk? I'm looking for anyone who is ingesting Ganglia data into Splunk. I have a customer interested in doing this but were... by tjohnston2 Splunk Employee in Splunk Search 09-24-2017 1 1	1	1
Why does search not find data when using wild card in middle of search term? I have JSON data, which is indexed and can be searched. This is an example of the data Product: { [-] ... by bowesmana SplunkTrust in Splunk Search 09-24-2017 0 12	0	12