Splunk Search

Community Activity

regular express to stop at "=" Hi, I have a search string that does the following: temperature sourcetype=kaa \| rex field=_raw "\"endpointKeyHash\"... by wuming79 Path Finder in Splunk Search 05-25-2017 0 8	0	8
DHCP and Proxy Search - Join Performance Issues I have a working search using join that correlates DHCP addresses by machine name to find web proxy traffic as the de... by michaeldeck Engager in Splunk Search 05-25-2017 0 3	0	3
Multiple regex in a field extraction Hi, What I mean is that I want to parse all the error messages in my logs into one field called Errors but the regul... by byu168 Path Finder in Splunk Search 05-25-2017 0 4	0	4
stats by _time and field values in that time frame Expected stats result Time every 5mins \| Apps \|count 1:00 \|app1,ap... by knarayana New Member in Splunk Search 05-25-2017 0 1	0	1
How to get max value of string inside braces Hi All, I am new to splunk and need help in creating a table to get max value. Below are my sample logs - 2017-05-2... by jsamadhan New Member in Splunk Search 05-25-2017 0 3	0	3
IP Range Lookup I have IP lookup table (ips.csv) mixed with different types of formats such as ip ----------------------- 192.168.1.... by splunkrocks2014 Communicator in Splunk Search 05-25-2017 1 4	1	4
remove the special character ' from beginning and end of the field value Hi, I am reeving the logs from email gateway and all the field values are between ' character and those are captur... by mustafag Path Finder in Splunk Search 05-25-2017 0 12	0	12
How to edit the base search for my dashboards? So I have a dashboard currently that runs 6 reports to build all of it's widgets. Basically 1 per widget. The issue i... by jbrierton New Member in Splunk Search 05-25-2017 0 5	0	5
overlay chart how to create a single chart with two values. one showing sum of requests in span=5m window and other showing request... by maniishpawar Path Finder in Splunk Search 05-25-2017 0 11	0	11
how to get current user's timezone in html Can you help me to get the timezone of current logged in user. I am able to get the username by below command, var c... by arcotdeepika Engager in Splunk Search 05-25-2017 0 4	0	4
UI:: How to open daterange :: calendar on load in timepicker How to open daterange calendar on load in timepicker. Instead of user click the accordion, how to open the calendar ... by arcotdeepika Engager in Splunk Search 05-25-2017 0 2	0	2
How to get timing data If I do index=whatever, I get something that looks like this: 2017-05-24T13:46:08Z\|pegawifiview1495761514\|8501114746... by Physiker New Member in Splunk Search 05-25-2017 0 3	0	3
How to edit my search to figure out average time tracking? Alright...new to Splunk and actually been figuring it out as I go along. The only problem I am having is I am trying... by rickyrivera1 New Member in Splunk Search 05-25-2017 0 3	0	3
How to make a chart overlay I'm trying to make a graph using a chart overlay, scenario is I want to put all the transactions with minutes to the ... by vino06 New Member in Splunk Search 05-25-2017 0 3	0	3
How to remove event that contain special characters only Hi Splunk Ninjas, Good Day. Just like to ask on how can I remove event that contain special character only, as sampl... by dantimola Communicator in Splunk Search 05-25-2017 0 1	0	1
How to get started with making a choropleth map using data within a CSV file? I went through documentation but not able to relate with my requirement. If someone is already in practice with maps,... by dsiob Communicator in Splunk Search 05-24-2017 0 3	0	3
How to get 3 different hours data Hello everyone, my search looks like this, base search \| reg " " \| \| bin _time as desired_times span=4h \| \| where _ti... by prathapkcsc Explorer in Splunk Search 05-24-2017 0 12	0	12
How to extract the fields in my raw event data at indexing time? Hi, How to extract the fields in the below Raw event using props.conf and transforms.conf 05/24/17 13:22:12 abcxyz... by kiran331 Builder in Splunk Search 05-24-2017 0 2	0	2
Search affinity for non-multisite cluster I have 2 locations, and not a ton of resources. Multisite clustering took too much -- it seems like I need at least 3... by oliverj Communicator in Splunk Search 05-24-2017 0 1	0	1
How to edit my stats search to display a bar chart? Hi I have a data with fields OS and Name. I need to show the count and values of OS for Each Name like on X-axis al... by kiran331 Builder in Splunk Search 05-24-2017 0 1	0	1
How to extract the month from date field in string? I have a date field in a string with the format as mn/day/year. I need to extract the month from the same. Can someon... by srinadh New Member in Splunk Search 05-24-2017 0 3	0	3
Is it is posible to use a variable in a regex of a field extraction ? Hi I would like to know if it is possible to use a variable in a regex extraction. ....\| eval snr=602 \| rex "(?<blab... by edrivera3 Builder in Splunk Search 05-24-2017 1 4	1	4
Strange message for SMS Alert Hi, I'm currently trying to implement SMS Alert for Splunk. I have a SMS Gateway server in my organisation and I'm us... by qiaojing Path Finder in Splunk Search 05-24-2017 0 9	0	9
Regex help! How to use the Regex to extract the first 2 words OR 3 words from below field values? OS: Windows 10 Enterprise Wind... by kiran331 Builder in Splunk Search 05-24-2017 0 10	0	10
How to use rex out the below text ? Full or partial cease : </strung></td> <td width="100%" galign="top" >Full< I would like to extract the below te... by m7787580 Explorer in Splunk Search 05-24-2017 0 17	0	17