Splunk Search

Community Activity

	Append Domain name at index time? All, I have logs coming in from /var/log/messages and /var/log/maillog which have the hostname not the FQDN. There ... by daniel333 Builder in Splunk Search 09-21-2017 0 9	0	9
	How to sort strings based off a dictionary of values? Hi & thanks in advance for reading, I have a table as follows: email event -----------... by fre Engager in Splunk Search 09-21-2017 0 1	0	1
	Weird / Faulty (?) Behaviour when comparing numbers Hello, I am currently facing a weird behaviour when comparing two numeric fields in splunk. The attached screenshot... by sh4kesbeer Explorer in Splunk Search 09-21-2017 0 3	0	3
	How to display the results without any other field names appended I am trying to execute the below query in Splunk Enterprise. index=x sourcetype=y\|join TABLE_NAME [\|inputlookup Doma... by akarivaratharaj Communicator in Splunk Search 09-21-2017 0 2	0	2
	Adding fields to search results Hello, I have many stacktraces including keywords like "stackoverflow", "deadlock","Database connection closed". I w... by poonama New Member in Splunk Search 09-21-2017 0 5	0	5
	How can I extract a field with a '.' (period character)? It seems that there is no way to extract fields with a '.' in the name. I'm trying to use field extractors on our o... by throstur Engager in Splunk Search 09-21-2017 0 7	0	7
	How to transform a string (i.e. 11-MAY-2017) to a date field? I have two fields START and END that are tagged as strings. The two fields always carry a value in the format dd-[3-... by AJNZAZ Explorer in Splunk Search 09-21-2017 0 4	0	4
	How to show hosts with no entries I want to get an alert if there are no splunk entries from a host. So far my query is the below but the zero fields ... by vstariradev Explorer in Splunk Search 09-21-2017 0 10	0	10
	How to edit the regex in transforms.conf to delete multiline portion of .txt file? Hello Folks, I'm struggling to parse this part of a .txt file using regex within transforms.conf: [07-21-2017 22:00... by larmesto Path Finder in Splunk Search 09-21-2017 0 3	0	3
	Identical searches with different results because of dedup command Hi! I have two identical searches running on the same search head but with different time frames. What confuses me is... by tsomod Path Finder in Splunk Search 09-21-2017 0 4	0	4
	Using regex capture group on a line_breaker attribute for XML parsing of GPO Logs I have an XML file, with information regarding Windows GPOs. Each Event Looks like the below. The issue is, it is no... by smcdonald20 Path Finder in Splunk Search 09-21-2017 0 5	0	5
	How can I avoid that every slash '/' in a URL is converting to '%2af'? In one table column I have a URL as a Link. Working format: www.google.de Not working format: https://www.google.de... by wes7bb New Member in Splunk Search 09-21-2017 0 2	0	2
	How to calculate difference in dropped packets and show per day output I have logs in following format with fields Device, Applied_Interface, Class_Map for multiple devices 13th sept(Mon... by atulitm Path Finder in Splunk Search 09-21-2017 0 8	0	8
	How do I search for accented characters? Hi, I have some text data with some accented characters in it. However, I am not able to search them properly with a... by DonaldvdHoogenb Path Finder in Splunk Search 09-21-2017 0 3	0	3
	Help extracting information from JSON file Json Format ↓ {<!-- --> "device":"A123", "data":"28745637", "time":"1505924687", } "2874" = 28.74 , means tempuratu... by UnaBizLeon New Member in Splunk Search 09-20-2017 0 4	0	4
	Routinely (24 times per day = 1 get per hour) parse section of HTML page (i.e.: specific table) to output.txt. I need syntax/regex to parse specific section, NOT all source code. Hello, I need to parse a specific web page's table (I'm using PowerShell/WMI ($wc.downloadstring) to download sourc... by agoktas Communicator in Splunk Search 09-20-2017 0 4	0	4
	Help with search to show the top 5 results index="all_eqt" Plant=15 ProcessCode=T DefectCode="*" MachineNumber<26 \| stats sum(TotalSquareYards) as "Total Square... by Hppjet Path Finder in Splunk Search 09-20-2017 0 2	0	2
	How to use the field in search query EXTRACTED using REX command I have a field named "content" with multiple values to it as follows content=value.deva content=value.devb " =value.... by rangineniarunku Explorer in Splunk Search 09-20-2017 0 2	0	2
	Get single value panel to display a "date" Hi I have search for a dashboard which produces a graph and does predictions, I want to display the date when we exp... by mjm295 Path Finder in Splunk Search 09-20-2017 0 3	0	3
	How can I merge two "inbound" values appearing under the same field? Hello I have pre-parsed information coming into my Splunk instance for CISCO:ASA. I'm wondering why the field "direc... by Hegemon76 Communicator in Splunk Search 09-20-2017 0 1	0	1
	Create a report/alert to display hosts that are not reporting /var/log/secure All, I have a list of PCI hosts. Now what I want to do is take that list of hosts and create a report/alert to disp... by daniel333 Builder in Splunk Search 09-20-2017 0 2	0	2
	Help with rex on raw data Hi, I have data like this I want to display middlename and lastname from the below info. please help me out in writ... by sravankaripe Communicator in Splunk Search 09-20-2017 0 2	0	2
	Garbage collection logs field extraction from log file Would like to extract fields from the below log by using reqular expressions. Can some one help me 28820.220: [Full ... by nagaraju_chitta Path Finder in Splunk Search 09-20-2017 0 21	0	21
	null events while using spath JSON: "mainArray": [ {"name":"MS","value":20}, {"name":"MC","value":20}, {"name":"CF","value":20}, ... by sasamudr New Member in Splunk Search 09-20-2017 0 2	0	2
	How do I change the label of the x-axis on a chart? index="all_eqt" Plant=15 ProcessCode=T DefectCode="*" MachineNumber<26 \| stats sum(TotalSquareYards) as "Total Square... by Hppjet Path Finder in Splunk Search 09-20-2017 0 2	0	2