Splunk Search

Community Activity

How to extract the host name and database name Hi, I would like to extract the Host Name and Database Name from the below string. URL : jdbc:sqlserver://WBMSSQLOP... by dkannanjanakan New Member in Splunk Search 09-01-2017 0 1	0	1
How to send same data to multiple separate splunk instances- UF I have a splunk UF on a Linux server. (4.3.6) I want to send the local log files to 2 separate splunk instances, so ... by r999 Path Finder in Splunk Search 09-01-2017 3 4	3	4
rename everything not included in case() I have eval category=case(false(),'category',like('test',"test_11%"),"11tests",like('test',"test_22%"),"22tests",like... by zkenaga New Member in Splunk Search 09-01-2017 0 8	0	8
Is there a way to trim URL string from a table? So, I want to create a table where it shows the time, source IP, and URL. sourcetype=* src_ip=* url=* \| table _time,... by jrevolorio Explorer in Splunk Search 09-01-2017 0 3	0	3
I require rex which stops search on first match of word in string. I have below raw text. \"LDCAccountNumber\":\"4346780895\",\"BudgetBilling\":\"N\",\"TaxExempt\":\"N\",{\"field\":\"B... by shukan Explorer in Splunk Search 09-01-2017 0 1	0	1
How to merge multiple searches and combine the result in a tabular format Hi All, I have the below independent search queries giving the count. ns=app1 Service='trigger1' id=100 \| Search Re... by kdulhan Explorer in Splunk Search 09-01-2017 0 19	0	19
How does subsearch work? Is it possible to create a new search based off of results of previous search. My example below I use regex to extra... by AHEARNJ Explorer in Splunk Search 08-31-2017 0 4	0	4
Transforms to mask a bank ID Hi, I am writing the transforms to hide the bankID for the below event. 14:14:09,573 ERROR [J2DefaultEngine] [0.0.0... by kteng2024 Path Finder in Splunk Search 08-31-2017 0 3	0	3
Is it possible to pass an eval value to table command? Hi, I have a string with fields that I want to show in a table. (eval -> my_fields) This is my search: \| makeresul... by raymondc Engager in Splunk Search 08-31-2017 0 2	0	2
Does the map command run the entire command, then each row? So I noticed this while using sendmail can somebody confirm that I understand the map commands functionality? I cant ... by PatrickButterly Explorer in Splunk Search 08-31-2017 0 4	0	4
Backslash regex WinEventLog Hi guys, I have the log below and need get the third part of the this log using regex. Can you help me with this? S... by rafamss Contributor in Splunk Search 08-31-2017 0 6	0	6
Why can't I use my lookup command after stats command in my search string I am trying to use stats command to display data organized by My_Field where My_Field is populated by running lookup ... by jcorkey Explorer in Splunk Search 08-31-2017 0 1	0	1
How to create a timechart with actual values instead of some function of the actual values (such as sum, avg) etc? I have a splunk query of the following: <searc> \| timechart avg(cache_size) by host_instance That will give me the... by gb0143 New Member in Splunk Search 08-31-2017 0 4	0	4
How to combine tstats with inputlookup? I am trying to produce report to get total usage based on time and clientid from a lookup. Here is the regular tsta... by nmohammed Builder in Splunk Search 08-31-2017 0 2	0	2
How to perform math on a field extracted where there were multiple matches Hello, I have a log entry with a variable number of possible matches with my regex. i had to use max_matches to get... by weidertc Contributor in Splunk Search 08-31-2017 0 3	0	3
How to only display rows in table when one field changes? Hey folks, I have a hard time believing this hasn't come up before, but I didn't find the right kinds of questions/a... by bensec01 Explorer in Splunk Search 08-31-2017 0 2	0	2
Password Spraying Query Hi, I am trying to create a query that would list all denied logons (EventCode 4625), from a single workstation to m... by robettinger Explorer in Splunk Search 08-31-2017 0 6	0	6
Is it possible to push in logs from different customers to various indexes under one Splunk Cloud instance? Hi, Is it possible to have a splunk SaaS instance like xxx.splunkcloud.com and push in logs from different customer... by srinivaskrishna New Member in Splunk Search 08-31-2017 0 1	0	1
Only include certain hours/days for a long term search I'm looking to run a search over a 4 week period here I find the count of results per week but I want to look for a s... by sepkarimpour Path Finder in Splunk Search 08-31-2017 0 3	0	3
query not allowing search command I have a following splunk search query: "\| datamodel ticket_feed_dm ticket_feed_obj search\|dedup ticket_feed_obj.ti... by architkhanna Path Finder in Splunk Search 08-31-2017 0 1	0	1
Sum values from a table Hi, I have created a table in splunk and 1 of the fields is numeric('sloc'). I would like to sum the values for each... by matansocher Contributor in Splunk Search 08-31-2017 0 13	0	13
timeformat for AM/PM in MKTime What is the timeformat symbol to specify that AM/PM is included in the string? %P appears to work, but results show ... by rgcox1 Communicator in Splunk Search 08-31-2017 0 8	0	8
Appending multiple search using appendcols I have a combined search query using stats count and appendcols.I am able to display the combined search result in si... by ansusplunk New Member in Splunk Search 08-31-2017 0 8	0	8
How can I create a field for error messages? Hello All, I am beginner of Splunk. I have a requirement like "we are having multiple applications in our system. W... by 123Janardhan New Member in Splunk Search 08-31-2017 0 6	0	6
Issue with count -- How can I search a large data set without Splunk truncating the data? Hi, I would like query all data over the past year and then use "stats count by some fields" to calculate the counts... by closeset New Member in Splunk Search 08-31-2017 0 7	0	7