Splunk Search

Community Activity

	How can we extract transaction id from an event and do a search to display all events having that transaction ID? I am fairly new to Splunk queries. I have below mentioned logs: INFO [HTTP-120]: 2017-08-02T18:00:03,157 - transac... by diliphg New Member in Splunk Search 08-02-2017 0 2	0	2
	extract a matching string into field I have an event with a text spans over multiple lines. it has no key-value pattern. the body string has a uuid value.... by shanyour New Member in Splunk Search 08-02-2017 0 1	0	1
	How to group evaluated columns into 3 specific columns ? Hi, I am very new to splunk and wanted to know if someone can help me in groping columns fo rmy query below : source... by AditiKhare Explorer in Splunk Search 08-02-2017 0 7	0	7
	Why are users unable to see the results of this search? Base users are unable to get results of the search. As an Admin, I am able to view the data. Search is below. I can q... by ssyed2009 New Member in Splunk Search 08-02-2017 0 5	0	5
	eStreamer data not showing in ES Intrusion Detection Datamodel after upgrade Hello All, I am having an issue after upgrading our ES app from 4.0.0 to 4.5.2. Currently i am not getting the event... by saadmalik83 New Member in Splunk Search 08-02-2017 0 1	0	1
	No.of Db inputs Do i need to create separate db input for each table we are loading data from sql server into splunk by raghu0463 Explorer in Splunk Search 08-02-2017 0 3	0	3
	Why is the lookup command not giving results that exist in the lookup table? I have a lookup table with user data called id_lookup.csv username,hostname,ip user1,computer1,1.1.1.1 user2,compute... by patelaa Explorer in Splunk Search 08-02-2017 0 3	0	3
	Reformat data into 2 dimensional table for charting I keep going around in circles with this and I'm getting nowhere so I'm asking for help. My events look like this: ... by kmaron Motivator in Splunk Search 08-02-2017 0 4	0	4
	earliest/latest returning zero results I apologize as I feel I am missing something very basic, but for the life of me I cannot get this query to work. I h... by DEAD_BEEF Builder in Splunk Search 08-02-2017 0 3	0	3
	blacklist not working * condition sourcetype=XyzProd blacklist = MethodExecutionInfo(\d{8})-(\d{2}).txt\|DebugInfo(\d{8})-(\d{2}).txt\|CacheRefreshInfo(... by puneethgowda Communicator in Splunk Search 08-02-2017 0 1	0	1
	Transpose and Timechart giving unnecessary fields After I transpose my timechart, I'm getting 3 fields under my Column that I want to get rid of: _span, _spandays, and... by jofermin Explorer in Splunk Search 08-02-2017 0 3	0	3
	Creation and Login Time Hi Guys, I need to create an alert that returns the creation time of an account and the first login. How can I run ... by wvalente Explorer in Splunk Search 08-02-2017 0 2	0	2
	How to add a percentage column to a table I have a query that ends with: \| chart count by suite_name, status suite_name consists of many events with a sta... by vshakur Path Finder in Splunk Search 08-02-2017 0 2	0	2
	metric log explaination Hello, All of the sudden we have some uncertain usage and trying to under the usage, here are the same lines .... ... by ananthan123 Explorer in Splunk Search 08-02-2017 0 1	0	1
	using field name in like command host=dummy \| eval Pattern='arb_usg_mps%06' \| where like (source,'%Pattern%') doesnot work . can you help what's wro... by smuderasi Explorer in Splunk Search 08-02-2017 0 2	0	2
	How to extract name of user when useradd command is ran I am receiving the audit.log data from a universal forwarder running on a Linux box Hello below is my search string ... by jcorkey Explorer in Splunk Search 08-02-2017 0 1	0	1
	Need help forming regex to extract username from log trying to search for when sudo user1 adds user2 to a group and I want to extract the name of the user2 that was added... by jcorkey Explorer in Splunk Search 08-02-2017 0 1	0	1
	count after group http_status and table with client_ip, counts Want to label sc_status <= 304 as Ok and sc_status >= 400 as Error and get the Ok and Error counts and table the clie... by lim2 Communicator in Splunk Search 08-02-2017 0 1	0	1
	search query filter I have a simple search query to look for vpn alerts index=nm host = inyod1-jvpn1a-dmz8-lo0 syslog_message="karachi... by ringbbg Engager in Splunk Search 08-02-2017 0 3	0	3
	How to extract part of a text from log events? I am very new to regex and I need to extract anything that comes between "device_" and "_1_vol" as volume name. "de... by jerin1982 New Member in Splunk Search 08-02-2017 0 4	0	4
	Using regex with timechart I want to create a timechart based on 5 tags. I have tried \| timechart count by tag \|regex tag="Working\|No_Images\|Oth... by sarahw3 Explorer in Splunk Search 08-02-2017 0 3	0	3
	How get a count of last Status I trying figure out what is the best search query for reporting on the count of different unique status. Following i... by t_splunk_d Path Finder in Splunk Search 08-02-2017 0 3	0	3
	Count matching values on seperated fields Hi there, i try to buildup a firewall report: "sourcetype="firewall" action=blocked \| table host src dest src_port ... by Aufex Explorer in Splunk Search 08-01-2017 0 3	0	3
	Splunk Grouping not works always I am using the following splunk query to combine the events in to one transaction based on the referenceid. It work... by nkannan1984 Engager in Splunk Search 08-01-2017 0 3	0	3
	How replace host using a field Hi, I'm trying to replace the host value using a field in the data. I tried to find any previous similar solution bu... by tamakg Path Finder in Splunk Search 08-01-2017 0 4	0	4