Splunk Search

Community Activity

How to use the field in search query EXTRACTED using REX command I have a field named "content" with multiple values to it as follows content=value.deva content=value.devb " =value.... by rangineniarunku Explorer in Splunk Search 09-20-2017 0 2	0	2
Get single value panel to display a "date" Hi I have search for a dashboard which produces a graph and does predictions, I want to display the date when we exp... by mjm295 Path Finder in Splunk Search 09-20-2017 0 3	0	3
How can I merge two "inbound" values appearing under the same field? Hello I have pre-parsed information coming into my Splunk instance for CISCO:ASA. I'm wondering why the field "direc... by Hegemon76 Communicator in Splunk Search 09-20-2017 0 1	0	1
Create a report/alert to display hosts that are not reporting /var/log/secure All, I have a list of PCI hosts. Now what I want to do is take that list of hosts and create a report/alert to disp... by daniel333 Builder in Splunk Search 09-20-2017 0 2	0	2
Help with rex on raw data Hi, I have data like this I want to display middlename and lastname from the below info. please help me out in writ... by sravankaripe Communicator in Splunk Search 09-20-2017 0 2	0	2
Garbage collection logs field extraction from log file Would like to extract fields from the below log by using reqular expressions. Can some one help me 28820.220: [Full ... by nagaraju_chitta Path Finder in Splunk Search 09-20-2017 0 21	0	21
null events while using spath JSON: "mainArray": [ {"name":"MS","value":20}, {"name":"MC","value":20}, {"name":"CF","value":20}, ... by sasamudr New Member in Splunk Search 09-20-2017 0 2	0	2
How do I change the label of the x-axis on a chart? index="all_eqt" Plant=15 ProcessCode=T DefectCode="*" MachineNumber<26 \| stats sum(TotalSquareYards) as "Total Square... by Hppjet Path Finder in Splunk Search 09-20-2017 0 2	0	2
How to count the results of a rex that returns multiple matches as a single group of matches? I have results from a rex statement that looks something like the first set of results. The rex returns multiple mat... by bschaap Path Finder in Splunk Search 09-20-2017 0 5	0	5
How to generate a search that displays column totals per day for each email address? How do I get daily totals (column) for a list of e-mail addresses (column) for registration failures? E-mail Address... by rholm01 Explorer in Splunk Search 09-20-2017 1 2	1	2
Is there a way to modify the request frequency of an indexed real-time search? I have indexed real-time searching set up for my app by setting the indexed_realtime_use_by_default = true in limits.... by eroffol Path Finder in Splunk Search 09-20-2017 0 4	0	4
Need to eval date range instead of relative time from custom time field. I am currently using this method to use date from custom field for relative time frames which only gives me 3 months.... by matt4321 Explorer in Splunk Search 09-20-2017 0 8	0	8
rex field extraction does not work once moved to field extraction I am parsing data from a trap def as follows: ======================== Trap attributes ========================= Tim... by raynold_peterso Path Finder in Splunk Search 09-20-2017 0 7	0	7
Why is accelerated data in data-model WEB deleted? When I restart Splunk, accelerated data in data-model WEB is deleted. I update the WEB, then the model gets the data ... by wcwnesta New Member in Splunk Search 09-20-2017 0 5	0	5
Regex Help I am trying to do a field extract but running into problems Here is an example event. I am trying to build a regex ... by ipops Path Finder in Splunk Search 09-20-2017 0 2	0	2
File indexed only occasionally My input.conf file: [monitor:///var/log/openvpn/hostname_vpnStatus.log] disabled = 0 crcSalt = SOURCE index = iss-nip... by MuratKuru Explorer in Splunk Search 09-20-2017 0 5	0	5
When I use timechart, I get a visual. When I use chart, no results. Any idea why? Hello, I am using the following search: index="ips_snaplogic""postsales" lvl="ERROR"\| spath\| rex mode=sed "s/.*{/{/... by zeroCalm New Member in Splunk Search 09-20-2017 0 14	0	14
How to search unstructured log for all values in your lookup file? Hi, I'd like to search our log for multiple possible errors from our lookup file: to return only the records co... by luc_k Engager in Splunk Search 09-20-2017 0 5	0	5
How can I search to show when consecutive events occur/ specific patterns apply? Hi All, I need the command for consecutive events which is triggered one after another out of multiple events( 3 con... by nnimbe Path Finder in Splunk Search 09-20-2017 0 2	0	2
Match lookup table to summary index Hi, I wonder whether someone could help me please. I'm using the following query to to interrogate a summary index, ... by IRHM73 Motivator in Splunk Search 09-20-2017 0 5	0	5
Issue with drilldown to original log after renaming column header on tables Hello, When creating tables, i have noticed that if i start renaming fields - for display clarity purpose - like fo... by ptur Path Finder in Splunk Search 09-19-2017 0 2	0	2
Join closest event from different logs Hello everyone! The problem: I want to identify users who use SSH with login other than their own. I have two logs: 1... by IVV Path Finder in Splunk Search 09-19-2017 0 5	0	5
Can these three searches be combined and ran sequentially? I have a scenario, where I need to 1) append results to .csv file. 2) Once I get csv file updated, I need to elimin... by ankithreddy777 Contributor in Splunk Search 09-19-2017 0 1	0	1
Can I make a search time field extraction from a piece of the file/source? I need to create a field in splunk that is a portion of the file path, do I need to do that @ index time or can I do ... by brent_weaver Builder in Splunk Search 09-19-2017 0 4	0	4
how to use inputlookup and lookup together to filter events and then output a new field with value mappings I have a lookup abc.csv with the following values... header1, header2 value1a, value2a value1b, value2b value1c,... by matthewb4 Path Finder in Splunk Search 09-19-2017 0 4	0	4