Splunk Search

Community Activity

How to use evaluate function across multiple multivalue fields Hi, I am trying to create an anomaly detector for unusually high thruputs across all sourcetypes in my Splunk intern... by mngeow Engager in Splunk Search 05-29-2017 0 1	0	1
Convert JSON to table I tried looking up for a solution and went through almost all suggestions. None worked for me. I have the following j... by splunk_skr Explorer in Splunk Search 05-29-2017 0 4	0	4
How to split event into multiple rows in a table? Hello everyone, I'm trying to get an analysis of an process log file. The logfile contains an event for every ended ... by mihenn Path Finder in Splunk Search 05-29-2017 0 3	0	3
Using regex to extract word after semicolons Hi I am attempt to extra host names from logs they always appear after the 4th semicolon : E.g. I want the extra t... by TCK101 New Member in Splunk Search 05-29-2017 0 2	0	2
How to determine if logs are not being used? Is there a way to determine which logs are not being used anymore, and therefore can be deleted? For example, maybe ... by JimSchlaker New Member in Splunk Search 05-27-2017 0 4	0	4
Why does my summary search not produce any results? Hi to all, I have a summary search that doesn't produce results, if I copy and paste the same search in "search & re... by andreac81 Explorer in Splunk Search 05-27-2017 0 4	0	4
How to append search results multiple times based on change in particular field value Hi, I want to something like - append [Query-2] by clause Situation is I have a result set from query-1 and query-... by sunilpanda023 Path Finder in Splunk Search 05-27-2017 0 2	0	2
Is it possible to search Splunk for list of concurrent searches usage over time? Hello, is it possible to search Splunk for list of concurrent searches usage over time by searching internal log? S... by Motoko89 Path Finder in Splunk Search 05-26-2017 0 3	0	3
SPlunk Searches slow Hello, I am facing challenges to search query in SPlunk 6.4.1 environment But Splunk Performance is very slow. We ha... by sahils New Member in Splunk Search 05-26-2017 0 15	0	15
Manage alert threshold and rows returned all within the custom condition in the alert This kind of spiraled as I was helping a coworker with an alert they had all the duration and times hardcoded in the ... by Cuyose Builder in Splunk Search 05-26-2017 0 4	0	4
Search event format in Splunk Suppose I have a log file having 11 lines like below having two line same as in G: A B C G D E F G H I J Now in Splu... by loveforsplunk Explorer in Splunk Search 05-26-2017 0 2	0	2
How to use rex to extract the values? I want to make a table that shows ACTION, DATABASE USER, PRIVILEGE, CLIENT USER and DBID; I want the value between '... by ewise1 New Member in Splunk Search 05-26-2017 0 3	0	3
Replacing part of string when it's equal to a field value Hi! I have fields myfield and name which contains text of an email going like this: Example1: myfield="From: Smith, ... by mszopa Explorer in Splunk Search 05-26-2017 0 9	0	9
Can I add events to a transaction? I have a transaction based on a bunch of events from a common source with a common transaction ID, something like \|"... by MonkeyK Builder in Splunk Search 05-26-2017 0 8	0	8
How to edit my regex to replace a number 0-9? Hi Team, I have requirement, where I need to replace a series of numbers with something like this a/b/c/123456 with ... by smaran06 Path Finder in Splunk Search 05-26-2017 0 9	0	9
question on search query Looking for a single result that includes both values of clicked link then added up in a total column search... \| ev... by roayers Explorer in Splunk Search 05-26-2017 0 5	0	5
Why am I getting error "Unknown search command 'sourcetype'" using a subsearch in a where command? I want to do something like the below command but it is giving me an error. sourcetype=SplunkKafka_messaging \| spath... by maximus_reborn Path Finder in Splunk Search 05-26-2017 0 6	0	6
How to create splunk search for common filed/value across the multiple servers? Hello All, I am trying to build search for common value across multiple host. For example , i have a common field ca... by agarwal_sumit New Member in Splunk Search 05-26-2017 0 2	0	2
How to get timestamp of the beginning event in the stats count by sourcetype=priorityEvents \| rex field=_raw "User\sID\s(?<user_id>.\d{0,8}+)" \| stats count by user_id \| where count ... by ibob0304 Communicator in Splunk Search 05-26-2017 0 1	0	1
How to extract content between two strings? Hi Team, I have an error message coming up in Splunk like below. The required log message will come in the middle of... by senthamilselvan Engager in Splunk Search 05-26-2017 0 5	0	5
MAP command in splunk Hi Team, I am having a difficulty in understanding map command. In the below commands, we need to extract work order ... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 5	0	5
map command not working Hi All, when I am trying to run the subsearch separately, I am getting values. But when I am using map to run the b... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 4	0	4
Time difference where values are at random place in a file. Hi All, I need to search for time taken since a value popped up in the logs. The problem here is that this value is... by arjitgoswami Explorer in Splunk Search 05-26-2017 0 9	0	9
tstats behaviour change in Splunk 6.6, expected change or bug ? Hi ! Splunk 6.6 being out officially, I had the (bad) surprise to discover is very annoying change in tstats command... by guilmxm Influencer in Splunk Search 05-26-2017 1 7	1	7
regular express to stop at "=" Hi, I have a search string that does the following: temperature sourcetype=kaa \| rex field=_raw "\"endpointKeyHash\"... by wuming79 Path Finder in Splunk Search 05-25-2017 0 8	0	8