Splunk Search

Community Activity

Allow colon in field names? I have input data that looks like: time=2017-05-29 calendar:num_1day_active_users=10437 gplus:num_1day_active_users=... by wegscd Contributor in Splunk Search 06-01-2017 0 6	0	6
Can Splunk handle indexing a CSV file containing more than 6000 fields/columns? I have a heavily nested structured/dynamic XML event. I converted it to CSV and it generated more than 6000 unique fi... by splunknewbie05 Explorer in Splunk Search 06-01-2017 0 4	0	4
Rounding in chart with by clause I've just encountered a strange thing that doesn't seem to be covered by an Answer or the docs. If I have a chart com... by cmeo Contributor in Splunk Search 06-01-2017 0 2	0	2
2 number in a radial gauge Hi Is it possible to see 2 numbers (2 gauges) in a radial gauge chart? Thanks by matansocher Contributor in Splunk Search 06-01-2017 0 3	0	3
avoid latest timestamp Hi Team, There is a scenario where I need to calculate time range. I have to ignore latest timestamp and need to ca... by arjitgoswami Explorer in Splunk Search 06-01-2017 0 2	0	2
combine 3 search queries in which 2 of them are the result of the last one What i am trying to accomplish is the following; I have 3 search queries. The first one displays a single value that... by robertspeckmann Explorer in Splunk Search 06-01-2017 0 4	0	4
How to edit my search to display the status of my saved searches? Hi, I am currently using the search below to get the status of my saved searches. index=_internal sourcetype=schedul... by ramstolentino Explorer in Splunk Search 06-01-2017 0 3	0	3
Number of seconds that have events by host Hello experts! My system is potentially producing several events per second and sometimes even several events at the ... by AssafLowenstein Explorer in Splunk Search 06-01-2017 0 14	0	14
Getting other interesting fields from KML geospatial lookup on choropleth map? Helo guys, how could I use other kml data like NOM_DEPT or NOM_REGION? In this case I use the default /Placemark/nam... by splunkreal Motivator in Splunk Search 05-31-2017 0 1	0	1
how to convert Ip range to CIDR? HI I have a logs with field IP_range =1.2.3.0-1.2.3.255, Can I convert to CIDR range like 1.2.3.0/24? by kiran331 Builder in Splunk Search 05-31-2017 0 1	0	1
How to apply multiple search time patterns to a single sourcetype where the sourcetype has slight variations in the logging pattern? Hi, I have a sourcetype I am trying to apply some search-time extractions to. The log statements often contain addit... by markaperdue New Member in Splunk Search 05-31-2017 0 1	0	1
Concurrent Search calculation for platform designing and sizing. We have requirement to build Single Master dashboard for a transaction monitoring. Dashboard will be collection of 6... by SagarSplunk Engager in Splunk Search 05-31-2017 0 2	0	2
Searches using the Python SDK and REST API always returning "" I am new to Splunk's SDK and REST API. I'm trying to match a simple query I'm running via the UI (The App is "Search"... by ntomczek New Member in Splunk Search 05-31-2017 0 3	0	3
how to take the three values from one field result and table them hi, my search is: sourcetype:sys src_ip_groupname=list1 OR src_ip_groupname=list2 \| table src_ip dest_ip src_ip_group... by loudainmarc Explorer in Splunk Search 05-31-2017 0 2	0	2
How to get the total for each group? Hi, i have a data listed as such: GROUP DISK G1 D1 G1 D2 G2 D3 G3 ... by naty Path Finder in Splunk Search 05-31-2017 0 4	0	4
can I extract a field with a regexed dynamic fieldname? Hi. I have JSON-like events that come into my indexer like this: {foo.field1: value, foo.field2: value, foo.field3: ... by cphair Builder in Splunk Search 05-31-2017 1 13	1	13
Display data only if today_data-yesterday_data is grater than a number Hi, every day I extract from DB a data as inputs in my index. The column that I extract is: NODE_A \| NODE_Z \| VALUE \|... by ngerosa Path Finder in Splunk Search 05-31-2017 0 5	0	5
Regex that adds extension to my domain name I am trying to write a regex that adds extension to my domain name. For example google, I need a regex expression tha... by egreg7 Engager in Splunk Search 05-31-2017 0 2	0	2
How do i write regex to extract all the numbers in a string i need to extract all the numbers in the below string. I am using "(?\d+[0-9])" but its not extracting zeros and i a... by sameeripro Path Finder in Splunk Search 05-31-2017 0 18	0	18
How to generate a regex to find text and values greater than or equal to 2000001? Hi , I have in my log like {"name":"liquid-networth","value":"2000001"} I need to get all value which is greater t... by kalais New Member in Splunk Search 05-31-2017 0 2	0	2
Is there a way to use default.meta to lock down write access to field extractions? We are considering locking down access to share field extractions. Is anyone aware of a way to do this easily? We... by the_wolverine Champion in Splunk Search 05-31-2017 0 2	0	2
Regex searching using a csv list vs inline RegEx My search results return a list of FQDN domain names. I need to replace that domain name with an app name when a port... by justinbarta Explorer in Splunk Search 05-31-2017 0 2	0	2
Is it possible to set a variable as the x-axis in a table? Hello, I don't specifically have anything down yet, I was just wondering if it would be possible to set a variable ... by kinda Engager in Splunk Search 05-31-2017 0 8	0	8
Daily Report for Windows Security Logs What would be the best search string for to do a Daily Report For Windows Security Logs for a 24 hour period? Is th... by paraspiral New Member in Splunk Search 05-31-2017 0 2	0	2
How do I modify the label for x-axis? I have a lookup table similar to the following: Week Status Number 13 May 17 ... by reswob4 Builder in Splunk Search 05-31-2017 0 3	0	3