Splunk Search

Community Activity

How to compare to a lookup table and pull fields? I have an index=foo and a lookup table defined as foo2. How can I compare my index to the table to show only results... by mgrosholz Path Finder in Splunk Search 05-09-2017 0 9	0	9
Multiple Value Field Extraction Help I am trying to come up with a Regex that will extract several field values from an event which can potentially have s... by jaoui Path Finder in Splunk Search 05-09-2017 1 2	1	2
Extracting fields from transactions that have status events I have a couple of transactions I have created for example: Transaction A: startswith=Begin_Process endswith=Request... by baegoon Explorer in Splunk Search 05-09-2017 0 2	0	2
Timechart field value by field woes Hello, I have log messages that look like this: Handled MessageTypeA in 10ms Handled MessageTypeB in 23ms Handled Me... by thelegendofando New Member in Splunk Search 05-09-2017 0 4	0	4
Top 10 hosts whose number of events has increased the most Hello, I would like to know which of my host have an increase in their event number compared to usual. I first tho... by rflouquet Explorer in Splunk Search 05-09-2017 0 16	0	16
How to extract more than one value out of a field extraction using delimiters I'm using props.conf and transforms.conf to extract fields with delimiters, some of which are multi-valued. Example:... by gregbo Communicator in Splunk Search 05-09-2017 0 2	0	2
Long label text in charts Hi all, I've tried to find a solution with other questions, and the main thing about I found is SideViews, but all t... by marina_rovira Contributor in Splunk Search 05-09-2017 0 9	0	9
Nested Search Query on across multiple files Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search quer... by tanyongjin Explorer in Splunk Search 05-08-2017 0 3	0	3
Fixed-width field extraction but removing trailing spaces I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are... by rturk Builder in Splunk Search 05-08-2017 0 5	0	5
Lookup CSV location Hi, I would like to ask if the CSV file that is being referenced to in the search command can be from any directory ... by tanyongjin Explorer in Splunk Search 05-08-2017 1 2	1	2
with the same search conditions, I cannot make eval if function to return true... For some use case, I need to make a new true/false field. Below condition returns 11 events in my data sample: \|... by leonjxtan Path Finder in Splunk Search 05-08-2017 0 4	0	4
Drilldown with $click$ values not working I have a dashboard where I display a list of wines. I want to be able to incrementally add the wine name to a search ... by bowesmana SplunkTrust in Splunk Search 05-08-2017 0 8	0	8
Different results for error "specified span would result in too many (>50000) rows" based on time range I am trying to run the below to get the avg/max number of hits per second each day. I have tried this multiple time... by keet1009 New Member in Splunk Search 05-08-2017 0 1	0	1
Problem while joining Hi everyone Need your kind help. I have 50+ fields under index='abc' i want to join the same with a lookup which h... by nilaksh92 Path Finder in Splunk Search 05-08-2017 0 2	0	2
How to extract logs by rex ? How to extract logs by rex ? "TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-... by karthi2809 Builder in Splunk Search 05-08-2017 0 2	0	2
Show individual counts for each item in a multivalue field in a single stats row I am trying to get a count for individual items in a multivalue field. Here's my current search: \| stats count(_time... by kalik Explorer in Splunk Search 05-08-2017 0 5	0	5
format output of a string in a particular format? I have a search query that returns numbers like 170503007 and 170504021 as outputs. Need to format them as 2017/05/03... by erhksadhwani New Member in Splunk Search 05-08-2017 0 1	0	1
using stats function to return latest value but need associated timestamp of that value stats latest(sequence)returns the latest sequence number but I need to display the associated timestamp when the sequ... by erhksadhwani New Member in Splunk Search 05-08-2017 0 1	0	1
How to perform Behavioral Analysis/Cross-data correlation on Logs Hi, We are trying to perform analysis on logs to determine whether there is an significant relationship between the ... by tanyongjin Explorer in Splunk Search 05-07-2017 0 3	0	3
transaction to group events based on machine on and off time. cisco ASA Basically, I need to group my 2 events (built and teardown) in cisco ASA format by 2 fields (event,duration) the even... by baylor New Member in Splunk Search 05-07-2017 0 1	0	1
Want to make a button to link to a URL! I want to make a button to link to a URL. Looking at the Answer, I found it.May be I can do it by using java. But I w... by oda Communicator in Splunk Search 05-07-2017 0 3	0	3
Filter the output results based on custom date range I want to filter the output based on the below time format, I want keep only results until 12am not after 12am. Ou... by ibob0304 Communicator in Splunk Search 05-07-2017 0 10	0	10
How to pass a search to a macro for emailing purposes? HI All, I'm utilizing a search that we run throughout the day which looks for a specific service shutdown on all mon... by billyhigdon New Member in Splunk Search 05-06-2017 0 1	0	1
How to combine my 2 searches to list all source and destination IPs based on same destination port? I'm trying to get my current 2 searches into 1. I am trying to get a list of all source and destination ip's based o... by tve784 Path Finder in Splunk Search 05-06-2017 0 18	0	18
How to check if an event runs once a day I have a job that runs and deletes data from a data base. After it deletes the data it outputs which days it deleted ... by Splunkster45 Communicator in Splunk Search 05-06-2017 0 5	0	5