Splunk Search

Community Activity

Filter results AFTER transaction function I have data that requires I use "transaction" to form events. I would like to filter the resulting data by a field (... by timmy13 Communicator in Splunk Search 07-26-2017 3 5	3	5
How can I count/sum single values of ONE field Hello together, I am new at Splunk and need help for the following issue. I have the field KitchenStuff with 5 value... by TNRRVN93 New Member in Splunk Search 07-26-2017 0 4	0	4
Extraction using regular expressions I want to extract a character string using a regular expression. I am considering extracting the field (message ID) ... by honobe Explorer in Splunk Search 07-26-2017 0 6	0	6
how to extract date from filename and add it with time from event in the same file We have log files with names like: " my-file-log1.2017-07-25.name.log" The events in the log are like this: 060047.3... by bkumarm Contributor in Splunk Search 07-26-2017 2 5	2	5
Creating a new field from a default field MessageText= [2017-07-25T16:29:01.694+10:00]...XXXXXXXXXXXXXXXXXXXXXXXXXX at com.ofss.fc.app.Interaction.analyzeAndT... by olbinado11 New Member in Splunk Search 07-26-2017 0 5	0	5
How to reverse results of dedup in the same command ? Im having an issue when trying to dedup some values. Here are the logs of servers states im having in Splunk, from th... by welcominh New Member in Splunk Search 07-26-2017 0 2	0	2
Search for events from ip addresses in the file Hello, This seems to be like a very easy thing to do which I can't figure out. I have a csv file with ip addresses. ... by isitnikov Engager in Splunk Search 07-25-2017 0 10	0	10
How to search a lookup csv file for list of matched events and count ? Hi, I have few queries related to lookup in Splunk. My lookup file - list-of-master-ids.csv content of csv file ... by jayakanthprasad New Member in Splunk Search 07-25-2017 0 5	0	5
Performing calculations on multi values to show on timechart Hi All, need some insight and help. I have a MQ like objects, information regarding which is forwarded into splunk a... by nishantmishra21 Engager in Splunk Search 07-25-2017 0 4	0	4
How do I delete a data field from Splunk entirely? I would like to delete a data field entirely from Splunk. Would I use the same way as described below? The data field... by katzr Path Finder in Splunk Search 07-25-2017 0 2	0	2
how to count loglines without corresponding second loglines? I generate logline when starting processing 1 object and another logline when ready. How to find logline1 without a ... by avanaschen New Member in Splunk Search 07-25-2017 0 4	0	4
Display in table each unique value and additional field? Hi all, I am a very new splunk user and would like to conduct produce a table with of each unique ID and the corresp... by splunk_95 Explorer in Splunk Search 07-25-2017 0 5	0	5
I need to return only results where the "source" contains the current date. Example: source="D:\filepath\filepath\filepath\filepath\DebugImportHelper_7_25_2017.log" This log file is created e... by griffinpair Path Finder in Splunk Search 07-25-2017 0 2	0	2
We have list of hots not logging lookup hosts list can any one help with search to search in splunk find out why they are not logging We have list of hots not logging lookup hosts list can any one help with search to search in splunk find out why the... by Splunker6789 Explorer in Splunk Search 07-25-2017 0 7	0	7
extract field across sourcetypes Hi, I have a regex to extract a field. I need unique count of those. During exploring I found that the extracted fie... by aniketb Path Finder in Splunk Search 07-25-2017 0 2	0	2
Overlay an average line on a bar graph of counts I have a search index=safes TransactionCode=DOPN OR TransactionCode=DCLO Details="Door A Opened" OR Details="Door A ... by ellenbytech Explorer in Splunk Search 07-25-2017 0 1	0	1
Monthly distribution of query results Hello, I have the following query which gives me the percentage of successful orders for the time period selected in... by jbrenner Path Finder in Splunk Search 07-25-2017 0 12	0	12
How to exclude search query results from base search I have file processing events with 2 stages - X & Y. I want to get filenames which have gone through X but not Y. I a... by barunbiswas New Member in Splunk Search 07-25-2017 0 1	0	1
How can I use the "where" function to find where the output will be only the last 24hrs of the results? Ex: \| where first_seen<"24h" or where first_seen="-1d" this is what I used but obviously it's wrong. by GHOST27 Engager in Splunk Search 07-25-2017 0 2	0	2
"Account_Name" field listing in events 4624, 4768 and 4769 (Windows 2008) I am working on a query to extract all successful authentications (events 4624, 4768 and 4769) per user per day. The ... by bapruski Explorer in Splunk Search 07-25-2017 0 3	0	3
Need to identify the top 50 groups index=abc source=license_usage.log type=usage \| rex field=h "(ab2)(?P\w+[^\d+])" \|search Group=kb01m OR Group=kb02r ... by kteng2024 Path Finder in Splunk Search 07-25-2017 0 4	0	4
Field extraction from html email I've been banging my head against the wall trying to get this to work, and not succeeding, obviously. I have a 217 li... by manderson7 Contributor in Splunk Search 07-25-2017 0 2	0	2
Inputlookup subsearch shows invalid lookup I have a user who is receiving the error: No matching fields exist [subsearch]: The lookup table <-lookup>.csv is i... by mdsnmss SplunkTrust in Splunk Search 07-25-2017 0 3	0	3
How to prevent a user from running a high memory-use search and understand why this search consumed 120GB of memory on indexer(s)? We've recently run into some users that have run searches which resulted in Splunk Indexers crashing. I'm looking for... by Kieffer87 Communicator in Splunk Search 07-25-2017 0 4	0	4
How would I use multiple values from a subsearch as input to the main search? Hi All, I am looking for a query which will accept multiple value subsearch output as a input of main serach, See be... by mdwasimkhan Engager in Splunk Search 07-25-2017 0 5	0	5