Splunk Search

Community Activity

Why does the Transaction command return multiple results? Hello! I am working with the transaction command. I am passing a field and using startswith and endswith definition ... by andrewtrobec Motivator in Splunk Search 04-28-2017 0 6	0	6
Lookup Table for all Sourcetype Hi All, Quick question, in Manager » Lookups » Automatic lookups » Add New on Apply to drop down box, we can select... by marendra Explorer in Splunk Search 04-28-2017 0 5	0	5
How to extract an ip address from a field and store in another field? I have a csv file with data in the following format... logsource,Critical,Buffer Overflow,15:05:27 13 Mar 2017,,sour... by arindamlaha Explorer in Splunk Search 04-28-2017 0 7	0	7
Why is the wrong value being extracted when using this regular expression? Hi, I am using a regular expression to extract the word that follows the string result of raw output. For endpoint 1... by andrei1bc Communicator in Splunk Search 04-28-2017 0 14	0	14
how to extract two multi-valued field value in pairs and do operation on those pairs separately. For ex: I want to plot a graph of mytime vs perc from below sample data. Hence I need to have mytime and perc in two ... by nisha12345 New Member in Splunk Search 04-28-2017 0 4	0	4
What is the best search to display memory usage by host? Hello, I have some container metrics being logged that are formatted as such: Used Memory: ip=1.2.3.4 event_type=Va... by hippe21 Explorer in Splunk Search 04-28-2017 0 2	0	2
Why am I unable to perform searches on a Splunk search head cluster behind an Azure load balancer with error "CSRF validation failed"? For some reason I am unable to do searches behind my Azure load balancer, although it once worked. When I inspect the... by brent_weaver Builder in Splunk Search 04-28-2017 1 14	1	14
Individual results for stats in a chart. I'm pretty sure this is going to be very obvious but it's one of those days again. I've a field Duration_Seconds to ... by StuReeves Explorer in Splunk Search 04-28-2017 0 6	0	6
How to display data value in percentage Hi there, Im trying to display the data values in percentage. How can i do it? Thanks by sebastiangohhy Engager in Splunk Search 04-28-2017 0 2	0	2
Joining multiple fields of two searches together on certain conditions Hi fellow splunkers, I currently try to do a splunk auditing by searching which user logged into the system using so... by horsefez Motivator in Splunk Search 04-28-2017 0 3	0	3
Schedule search includes result from non-default index From the document, if index=myindex was not mentioned, Splunk search will only use default indexes. However, I found ... by daniel_splunk Splunk Employee in Splunk Search 04-28-2017 0 1	0	1
How to create a stacked bar chart? Hi there, I'm new to Splunk and want to create a stacked chart. I have 2 fields, Stage and Ans There are 3 Stages... by sebastiangohhy Engager in Splunk Search 04-27-2017 0 1	0	1
cron schedule to run for every 5 minutes but not at 3-4PM on Saturday? Hi, I need a cron Schedule which has to run at every 5 mins on all days except 3-4PM on Saturday?. Thanks, by uhkc777 Explorer in Splunk Search 04-27-2017 0 4	0	4
I would like find host IP Addresses that have not been updated for 3 days. Hello. I would like find host IP Addresses that have not been updated for 3 days. To use UPDATETIME field that for... by superhm Explorer in Splunk Search 04-27-2017 0 2	0	2
Need an alternative to transaction command for the following type of data set I have a data set like the below: 2017-04-26 10:00:00 correlation_id=a1000 msg=testing1000 2017-04-26 10:02:00 corre... by rijutha Explorer in Splunk Search 04-27-2017 0 2	0	2
Summarization timespan incongruent Hello, I have a two environments with the exact same app and saved searches, and the exact same data In environmen... by TiagoTLD1 Communicator in Splunk Search 04-27-2017 0 2	0	2
How to edit my search to join common values from two sourcetypes? New to Splunk. Suppose I have two sets of data in separate sourcetypes S1 and S2. S1: SRC Hostname Field1 Field2 S2:... by rakes568 Explorer in Splunk Search 04-27-2017 0 9	0	9
"Value" Interesting Field - 2 different types of information Hello (again), I have the following search: index=perfmon host=(serverA OR host=serverB) (object="Processor" OR obje... by TheJagoff Communicator in Splunk Search 04-27-2017 0 4	0	4
Count of values by sourcetype This should be pretty simple, but I seem to lack the right terms to find my answer: We have several source types wit... by mpuckettsc Explorer in Splunk Search 04-27-2017 0 5	0	5
help me with group command --------\| transaction UserName \|dedup ID\| table UserName ID UserName ID abc 100 ..... 103 Abc 101 ... by sravankaripe Communicator in Splunk Search 04-27-2017 0 1	0	1
Extracted Field to be case insensitive Hi, I have a Event 1 : 2013-04-02 04:22:38 199.xx.x.211 OPTIONS /CockpitNew - 4444 domain1\123456 102.220.13.119 eb... by harshjets Engager in Splunk Search 04-27-2017 0 4	0	4
Sourcetype Override We have around 15 files we're ingesting into Splunk all of them have the same format: //logs/TEST/mike/TEST1/syslog.... by iatwal Path Finder in Splunk Search 04-27-2017 0 8	0	8
How to get stats to set a field from the same event as another max() field While handling our CAS logs I have a report that calculates the time it takes to validate a CAS service ticket. I use... by tffishe New Member in Splunk Search 04-27-2017 0 5	0	5
How to insert IF in regular expression Hi to all, I should extract some fields by a log file, in the log file in some cases I have a field (i.e. field1, in ... by andreac81 Explorer in Splunk Search 04-27-2017 0 4	0	4
Day to day % Difference Hi guys, I create daily reports with various data on that we collect, and i am now looking to add a few extra bits ... by allansneddon Explorer in Splunk Search 04-27-2017 0 3	0	3