Splunk Search

Community Activity

Extract json key as a column value for TOP command. I have a JSONs which have the following structure: { "fieldA": "valueA", "fieldB": "valueB", "fieldC": "valueC... by jasneet New Member in Splunk Search 06-20-2017 0 3	0	3
If a user adds a CSV input as lookup, is it the same as an administrator's ability to upload and "add data"? Will the search and results be the same if a user or power user adds a CSV file as a lookup file compared to the admi... by dxw350 Path Finder in Splunk Search 06-20-2017 0 2	0	2
How to group by a multivalue field within a group visualization? I'm able to get the data I'm looking for on the stats tab, but because there are multiple values for one of the colum... by tjago11 Communicator in Splunk Search 06-20-2017 0 6	0	6
Getting Time of last occurrence of a sbstring I have events like below in a log file- 06/18/2017 22:35:10,Message="Finished Cleanup" 06/18/2017 22:57:02,Message="... by siddharthmis Explorer in Splunk Search 06-20-2017 0 3	0	3
Reporting total scanned events in emailed search results After running a search the display above the time bar will show X amount of matching events, indicating the number of... by Akita881 New Member in Splunk Search 06-20-2017 0 5	0	5
SSL Certificates for thousands of Clients Hi, after certificates created, how to push them to, lets say, ten thousand deployment clients? someone said some p... by inventsekar SplunkTrust in Splunk Search 06-20-2017 0 8	0	8
Dividing a value by 1000 My search looks like this base search \| rex ".?(?[^,]+),\s?(?[^,]+),\s?(?[^,]+),\s?(?[^,]+),\s?(?[^,]+),\s?(?[^,]... by prathapkcsc Explorer in Splunk Search 06-20-2017 0 14	0	14
Can I search a value from a table in dashboard? Hi All, I have created a table with column 1, column 2 and column 3 in Splunk Dashboard. Now i want to have a text f... by premraj_vs Path Finder in Splunk Search 06-20-2017 0 2	0	2
In a field extraction, why does Splunk remove leading and trailing whitespace? Hi folks, I have a freeradius log authenticating wifi-connections. The field extractions looks fine with my favourit... by kritho Explorer in Splunk Search 06-20-2017 1 3	1	3
Chart time displayed reversed way Hi, I have a search that plots a profile of a light senor over time. The log's original timestamp is saves as the ti... by iceman123 Engager in Splunk Search 06-20-2017 0 2	0	2
Extreme Search Alternative Is there an alternative for Extreme Search. We only have Splunk Enterprise not Enterprise Security, so we are looking... by wilhelmF Path Finder in Splunk Search 06-20-2017 0 1	0	1
Display "stats" Search as a Single Value from Summary Index Hello, Normally, I would use the following search to find my single value: \| tstats latest(_time) as latest where ... by curry59 New Member in Splunk Search 06-20-2017 0 1	0	1
last time of user login needs to evaluate need to evaluate the duration of last time user logged in and time now. problem I am facing is in lastTime I am getti... by deepak_dhankhar Explorer in Splunk Search 06-20-2017 0 8	0	8
reuse real time searches Hi at all, I have a situation where there are around 10 users that need to use for their job two o three dashboards c... by gcusello SplunkTrust in Splunk Search 06-20-2017 0 2	0	2
How to use inner search in tstats? Hello Team, I'd like to know about How to use inner search in tstats? I use that \| tstats count from datamodel=IT... by ugy Explorer in Splunk Search 06-20-2017 0 2	0	2
Is the usage of multiple eval calculations in one pipe a feature or an unsupported hack? Hi, I did not know that it is possible: \| makeresults \| eval fieldA=123, fieldB=456, fieldC=789 I assume that thi... by HeinzWaescher Motivator in Splunk Search 06-20-2017 0 5	0	5
i want to match the word "Modify" but it should skip the first match. i want the second match "Modify" till the semi colon delimiter Modify:extended value attribut -"to be processed";Action:"will not be processed";Modify:attributs to be processed-"he... by DataOrg Builder in Splunk Search 06-20-2017 0 1	0	1
Spath and Rename Hi, I wonder whether someone may be able to help me please. I'm trying to create a query which extracts given values... by IRHM73 Motivator in Splunk Search 06-20-2017 0 1	0	1
how to replace using SED command ? Hi Splunker, I would like to know and learn how to replace ^ns4: with < Please find below dummy data. ^ns4:Channel... by m7787580 Explorer in Splunk Search 06-20-2017 1 7	1	7
How to Extract exact result from rex command? rex field=_raw "MemoryUsage %(?<MemoryUtilization>[^']+)"MY result is------------ 41.4 expected result41.4 by karthi2809 Builder in Splunk Search 06-20-2017 0 3	0	3
Search output in tabular format I am looking for help to extract the values from my log files my log file has a sequence of data as follows 1.){xxx... by 4myexperiment Explorer in Splunk Search 06-19-2017 0 2	0	2
Removing 1st line from the event Hi, I have a event with the column names like Type Category Count CPU in my event 1st line. I don... by prathapkcsc Explorer in Splunk Search 06-19-2017 0 14	0	14
Multiple graphs in line chart Hello All, I have a data as below : Where for every callId there are list of values in next column. So I have some 1... by patilsh Explorer in Splunk Search 06-19-2017 0 5	0	5
How to send an alert when a Job does not finish within expected time? Hi Everyone, I am a newbie to Splunk and need little help with the alerting system. I want to setup a real time aler... by snehasal Explorer in Splunk Search 06-19-2017 0 2	0	2
If I want to remove an IP address and do a wildcard search, are there any search filter priorities? if I want to remove one IP address and then do a wildcard search, would that wildcard host IP search override the rem... by dxw350 Path Finder in Splunk Search 06-19-2017 0 3	0	3