Splunk Search

Discussions

Thread Info

How to extract Time and User from events using regex?

The following events are filtered by Snare and sent to Splunk from Windows Servers: Server.egcorp.com MSWinEventLo...

by Path Finder in

Modify default field extraction for spaces

We are successfully ingesting Websense logs into Splunk but the user field is recorded in LDAP context and has spaces...

by Engager in

Graphing windows system from uptime to downtime

I have a query that provides windows startup, ending and duration - however I was looking for a way to graph this? ...

by Path Finder in

How to force graph to include recent "zero" values?

So I have this basic search for a line graph visualization: (search goes here) | timechart count Let's say I'v...

by Builder in

Combining fields with mvcombine

Hi folks, I'm trying to merge events that share a common keyword value, with the mvcombine. The problem is it just...

by Communicator in

Format Stats Column Data

So I'm running this search string here: index = git | rename Data.payload.head_commit.modified{} as FilesModified ...

by Path Finder in

How to filter Windows Security Event Logs containing machine name as username?

Hello everyone, I´m trying to filter some Windows Security Event Logs that contains the machine name as the userna...

by Explorer in

Substring of multivalues out ot multivalue field

I'm trying to produce a multivalue field out of another multivalue field in my data model, and that's proven to be qu...

by Engager in

REGEX to remove a word from indexing

Anybody can answer to simple question? How to remove from indexing host= d:\TEST.log just "<TD>" combination? What sh...

by Explorer in

How to return result for users whose name contain and do not contain underscore

My Splunk is 5.0.5. I constructed a rex to extract user from free-hand logs. In some logs, user is null. This skews m...

by Builder in

Macro and Comment Fields

Is it possible to add a comment field in a Macro so that it is displayed in a search? For example, if a macro contain...

by Communicator in

Increasing TIMESTAMP by adding seconds.

Hi, I have a proxy log that logs the time the query was executed and also give the duration in seconds. "11/Jan...

by Path Finder in

Regex Field extraction question

Hello, I am trying to extract a field and I have an error in my REGEX. The line looks like this: 6/26/2014 13:0...

by Path Finder in

How do i find the most common events in my search?

As a splunk user, i want to find the most common events in my search results. How would I accomplish this? I am tryin...

by Builder in

Concatenate events from FTP log to produce UserID list of successful logins

My goal is to create a search that produces a report of ftp users that have logged in (successfully) in the past 7 da...

by Engager in

How to run three different searches on click of a submitbutton?

Hi How to run three different searches on click of a submitbutton? The scenario to choose a particular search will...

by Path Finder in

Top 3 results within a group from table

How can i get the top 3 rows from each group in a table. Here is sample data output from my query The output is...

by Influencer in

Regular expressions

I'm new to writing regular expressions and am having a difficult time building a field using extract fields. Unfortun...

by Path Finder in

scheduled search with changing query

Hi, I'm using 6.1 I have a group of people who are looking at a way to create monthly reports based on their li...

by Explorer in

Moving CSV file to lookup folder

Hi, I need to move the csv file generated inside the folder $SPLUNK_HOME$\var\run\splunk [as part of outputcsv com...

by Explorer in

Splunk Search

Discussions

How to extract Time and User from events using regex?

Modify default field extraction for spaces

Graphing windows system from uptime to downtime

How to force graph to include recent "zero" values?

Combining fields with mvcombine

Format Stats Column Data

How to filter Windows Security Event Logs containing machine name as username?

Substring of multivalues out ot multivalue field

REGEX to remove a word from indexing

How to return result for users whose name contain and do not contain underscore

Macro and Comment Fields

Increasing TIMESTAMP by adding seconds.

Regex Field extraction question

How do i find the most common events in my search?

Concatenate events from FTP log to produce UserID list of successful logins

How to run three different searches on click of a submitbutton?

Top 3 results within a group from table

Regular expressions

scheduled search with changing query

Moving CSV file to lookup folder

How do I extract a long string with double quotes ...

Compare search results to current data

Add field to timechart

How to combine search results in order to use Star...

Edit Splunk table column values on the UI