Splunk Search

Community Activity

Regex for items in single quotes I have a bunch of logs which look like the following. 2017-05-01 18:36:16,885 UTC - DEBUG - testpod_service.segment_... by aramakrishnan New Member in Splunk Search 05-01-2017 0 4	0	4
Conditional logic and assigning values for group I am trying to categorize records that meet certain logic criteria. If logic is met, I want to assign a string value... by mschellhouse Path Finder in Splunk Search 05-01-2017 0 1	0	1
how to display decline rate per specified fields over a period of time Hello, I am struggling to write a query that displays the decline rate per payment_method over a period of 7 days (w... by demkic Explorer in Splunk Search 05-01-2017 0 3	0	3
How to make whole Statement as a field? I have a search base like below and want to put the count as 1. index=index1 test machine is not responding java.la... by jw44250 New Member in Splunk Search 05-01-2017 0 3	0	3
how to extract the response time from below logs The information has already changed............. by cholt520 New Member in Splunk Search 05-01-2017 0 6	0	6
Looking for a search to categorize by hosts..?? I am expecting a single search to categorize by hosts with individual count and total count by category... SET-A ... by prakash007 Builder in Splunk Search 05-01-2017 0 1	0	1
How do I get a large count of events over a period of time? I'm trying to write a search string that will count firewall events up to 900k over 60 minutes to trigger an alarm wh... by eli_mz Explorer in Splunk Search 05-01-2017 0 9	0	9
SPlunk SNMP TRAP to get IP address in Search Query We have modified spectrum alerts for unix and it’s been sent to snmptrap and its working. We don’t have ip address f... by sahils New Member in Splunk Search 05-01-2017 0 6	0	6
I have an event contains join_date, id as fields , want to count of "id " by month , I have an event contains join_date, id as fields , want to count of "id " by month , the event index time and sta... by nagarjuna280 Communicator in Splunk Search 05-01-2017 0 2	0	2
Regex Pattern I'm fairly new to Regex and having a difficult time coming up with a pattern for my query. I need to match everything... by svercelli Path Finder in Splunk Search 04-30-2017 1 3	1	3
How to combine my searches to sort search results by a percentage? Hello. I am fairly new to the Splunk world and my current job has me monitor various Splunk dashboards throughout t... by renteriaeddie Engager in Splunk Search 04-30-2017 0 4	0	4
How to calculate difference between resolved_time and inc_created_time when I get stats result in 2 columns? How to calculate difference between resolved_time and inc_created_time when I get stats result in 2 columns index="s... by sats2020 New Member in Splunk Search 04-30-2017 0 6	0	6
Regex for multiple IP Addresses in Splunk In the below log we have User Agent fallowed by two Ip addresses. So i want to extract below fields UserAgent , IPA... by asplunk123 New Member in Splunk Search 04-30-2017 0 1	0	1
Show 2 bars in every "by" value bar chart Hi, I have a problem I cant find the solution to. I want to display 2 bar from each "by" field. for example: my repo... by matansocher Contributor in Splunk Search 04-29-2017 0 6	0	6
Why does the Transaction command return multiple results? Hello! I am working with the transaction command. I am passing a field and using startswith and endswith definition ... by andrewtrobec Motivator in Splunk Search 04-28-2017 0 6	0	6
Lookup Table for all Sourcetype Hi All, Quick question, in Manager » Lookups » Automatic lookups » Add New on Apply to drop down box, we can select... by marendra Explorer in Splunk Search 04-28-2017 0 5	0	5
How to extract an ip address from a field and store in another field? I have a csv file with data in the following format... logsource,Critical,Buffer Overflow,15:05:27 13 Mar 2017,,sour... by arindamlaha Explorer in Splunk Search 04-28-2017 0 7	0	7
Why is the wrong value being extracted when using this regular expression? Hi, I am using a regular expression to extract the word that follows the string result of raw output. For endpoint 1... by andrei1bc Communicator in Splunk Search 04-28-2017 0 14	0	14
how to extract two multi-valued field value in pairs and do operation on those pairs separately. For ex: I want to plot a graph of mytime vs perc from below sample data. Hence I need to have mytime and perc in two ... by nisha12345 New Member in Splunk Search 04-28-2017 0 4	0	4
What is the best search to display memory usage by host? Hello, I have some container metrics being logged that are formatted as such: Used Memory: ip=1.2.3.4 event_type=Va... by hippe21 Explorer in Splunk Search 04-28-2017 0 2	0	2
Why am I unable to perform searches on a Splunk search head cluster behind an Azure load balancer with error "CSRF validation failed"? For some reason I am unable to do searches behind my Azure load balancer, although it once worked. When I inspect the... by brent_weaver Builder in Splunk Search 04-28-2017 1 14	1	14
Individual results for stats in a chart. I'm pretty sure this is going to be very obvious but it's one of those days again. I've a field Duration_Seconds to ... by StuReeves Explorer in Splunk Search 04-28-2017 0 6	0	6
How to display data value in percentage Hi there, Im trying to display the data values in percentage. How can i do it? Thanks by sebastiangohhy Engager in Splunk Search 04-28-2017 0 2	0	2
Joining multiple fields of two searches together on certain conditions Hi fellow splunkers, I currently try to do a splunk auditing by searching which user logged into the system using so... by horsefez Motivator in Splunk Search 04-28-2017 0 3	0	3
Schedule search includes result from non-default index From the document, if index=myindex was not mentioned, Splunk search will only use default indexes. However, I found ... by daniel_splunk Splunk Employee in Splunk Search 04-28-2017 0 1	0	1