Splunk Search

Community Activity

getting this error while applying distribution bundle I have some apps that I deleted in slave-apps directory on our indexers and now our master apps on cluster master has... by hrithiktej Communicator in Splunk Search 09-22-2017 0 6	0	6
How do we use wildcard such as * in eval case match to see multiple types of files? I was trying to give all the 6 types of files which are under fileName field and trying to get all the filetypes incl... by sai_john New Member in Splunk Search 09-22-2017 0 7	0	7
How to write regex to extract Port numbers and status from nmap output? Hi this took at least three days of my life but I still couldn't handle it, please, I need help I have a data file ... by sina_shafaei Explorer in Splunk Search 09-22-2017 1 5	1	5
Splunk Enterprise maximum local users? Hi Could not find a setting in limits.conf OR authentication.conf. But is there a maximum number of local users we ... by season88481 Contributor in Splunk Search 09-22-2017 0 2	0	2
How to Display transaction result in a table Hi, I have a search using transaction command mysearch \| transaction startswith=start endswith=end and I am getting s... by smolcj Builder in Splunk Search 09-22-2017 0 16	0	16
How to break the events using regex? Hi I have the text file with below sample data I have to break the events using "-------------------------" as event... by kiran331 Builder in Splunk Search 09-21-2017 0 4	0	4
Splunk search help -- output data should match sets of keywords Hi, Fellow Splunkers, Had post a question this past few days about matching 2 words or more ( https://answers.splunk... by dantimola Communicator in Splunk Search 09-21-2017 0 1	0	1
Match day and get the sum by day, also get the percentage My data looks like this, I've grouped it by a common field. I want to match the date_mday and get the sum of the even... by known_user Engager in Splunk Search 09-21-2017 0 2	0	2
How do I search for a string with a partial portion of the string? Can someone help explain why "partial" search doesn't work for me? It's an ASA syslog... when I search for a full sy... by ptur Path Finder in Splunk Search 09-21-2017 0 4	0	4
Append Domain name at index time? All, I have logs coming in from /var/log/messages and /var/log/maillog which have the hostname not the FQDN. There ... by daniel333 Builder in Splunk Search 09-21-2017 0 9	0	9
How to sort strings based off a dictionary of values? Hi & thanks in advance for reading, I have a table as follows: email event -----------... by fre Engager in Splunk Search 09-21-2017 0 1	0	1
Weird / Faulty (?) Behaviour when comparing numbers Hello, I am currently facing a weird behaviour when comparing two numeric fields in splunk. The attached screenshot... by sh4kesbeer Explorer in Splunk Search 09-21-2017 0 3	0	3
How to display the results without any other field names appended I am trying to execute the below query in Splunk Enterprise. index=x sourcetype=y\|join TABLE_NAME [\|inputlookup Doma... by akarivaratharaj Communicator in Splunk Search 09-21-2017 0 2	0	2
Adding fields to search results Hello, I have many stacktraces including keywords like "stackoverflow", "deadlock","Database connection closed". I w... by poonama New Member in Splunk Search 09-21-2017 0 5	0	5
How can I extract a field with a '.' (period character)? It seems that there is no way to extract fields with a '.' in the name. I'm trying to use field extractors on our o... by throstur Engager in Splunk Search 09-21-2017 0 7	0	7
How to transform a string (i.e. 11-MAY-2017) to a date field? I have two fields START and END that are tagged as strings. The two fields always carry a value in the format dd-[3-... by AJNZAZ Explorer in Splunk Search 09-21-2017 0 4	0	4
How to show hosts with no entries I want to get an alert if there are no splunk entries from a host. So far my query is the below but the zero fields ... by vstariradev Explorer in Splunk Search 09-21-2017 0 10	0	10
How to edit the regex in transforms.conf to delete multiline portion of .txt file? Hello Folks, I'm struggling to parse this part of a .txt file using regex within transforms.conf: [07-21-2017 22:00... by larmesto Path Finder in Splunk Search 09-21-2017 0 3	0	3
Identical searches with different results because of dedup command Hi! I have two identical searches running on the same search head but with different time frames. What confuses me is... by tsomod Path Finder in Splunk Search 09-21-2017 0 4	0	4
Using regex capture group on a line_breaker attribute for XML parsing of GPO Logs I have an XML file, with information regarding Windows GPOs. Each Event Looks like the below. The issue is, it is no... by smcdonald20 Path Finder in Splunk Search 09-21-2017 0 5	0	5
How can I avoid that every slash '/' in a URL is converting to '%2af'? In one table column I have a URL as a Link. Working format: www.google.de Not working format: https://www.google.de... by wes7bb New Member in Splunk Search 09-21-2017 0 2	0	2
How to calculate difference in dropped packets and show per day output I have logs in following format with fields Device, Applied_Interface, Class_Map for multiple devices 13th sept(Mon... by atulitm Path Finder in Splunk Search 09-21-2017 0 8	0	8
How do I search for accented characters? Hi, I have some text data with some accented characters in it. However, I am not able to search them properly with a... by DonaldvdHoogenb Path Finder in Splunk Search 09-21-2017 0 3	0	3
Help extracting information from JSON file Json Format ↓ {<!-- --> "device":"A123", "data":"28745637", "time":"1505924687", } "2874" = 28.74 , means tempuratu... by UnaBizLeon New Member in Splunk Search 09-20-2017 0 4	0	4
Routinely (24 times per day = 1 get per hour) parse section of HTML page (i.e.: specific table) to output.txt. I need syntax/regex to parse specific section, NOT all source code. Hello, I need to parse a specific web page's table (I'm using PowerShell/WMI ($wc.downloadstring) to download sourc... by agoktas Communicator in Splunk Search 09-20-2017 0 4	0	4