Splunk Search

Community Activity

Is it possible to aggregate and search within aggregated results? My app logs multiple lines per request and each line has a "request_id" key for identification. For each request, the... by sohymg New Member in Splunk Search 04-26-2017 0 9	0	9
Is there a difference between Python and Perl Custom Searches? Is there any penalty for using a Perl custom search over one created in Python? Presently the Perl search is simpl... by juillardr New Member in Splunk Search 04-26-2017 0 1	0	1
Data of a field in next row in another field of current row ![alt text][1] The siuation is - I have sprint and their start date , I want the next sprint start date in same row ... by sunilpanda023 Path Finder in Splunk Search 04-26-2017 0 2	0	2
Cross referencing to fill in missing details Hi, I have two .csv files. One contains an IP address with associated output data, a second contains the IP address ... by rattyryan Explorer in Splunk Search 04-26-2017 0 1	0	1
How to use variable within foreach command? I'm looping through JSON array and compare each value using a temporary variable but due to some reason the temporary... by sats2020 New Member in Splunk Search 04-26-2017 0 1	0	1
How to exclude sub folders Hi All I would like to monitor "4670: Permissions on an object were changed". I have the following query: index=w... by socdtv New Member in Splunk Search 04-26-2017 0 1	0	1
Table fields after using stats and xyseries I apparently seem to be truncating fields after using the stats and xyseries commands. I found that if I include the ... by tommy0x2A Engager in Splunk Search 04-26-2017 0 1	0	1
How can we improve the performance of an Hunk's query? We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="INP... by ddrillic Ultra Champion in Splunk Search 04-26-2017 0 5	0	5
regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex? I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = abc_... by pavanae Builder in Splunk Search 04-26-2017 0 5	0	5
Is there a search or command that will number rows in a table? is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id FGH... by ThiruSplunk5676 New Member in Splunk Search 04-26-2017 0 3	0	3
Grouping a "time" span from one true value to another I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a... by krwinters11 Path Finder in Splunk Search 04-26-2017 0 2	0	2
How to edit my search to format String to Number with fieldformat for all 60 columns? Hey guys Is there a quick way to format data? I want to format data like this <search> \|fieldformat test1a=tonumber... by laudai Path Finder in Splunk Search 04-26-2017 0 3	0	3
Which users have done this but have not done that ? Hello there, I'm struggling a little bit with the search language, booleans, eventtypes and stuff ... I can't find a... by Mahieu Communicator in Splunk Search 04-26-2017 0 6	0	6
How to exclude last 3 values in the search results. Hi , I need exclude the values last 3 three values from the search results. Can someone please help me on this. ind... by vkumar6 Explorer in Splunk Search 04-26-2017 0 1	0	1
SEDCMD: to filter the character between the user Curently our proxy logs with user having special characters inbetween. ref: DC=local/bob\, tom I have created a prop... by neelamsantosh Path Finder in Splunk Search 04-26-2017 0 1	0	1
OR operator problem Hi all, Hey, what's wrong with the next search structure? I'm using OR operator because the field names are differe... by bugnet Path Finder in Splunk Search 04-26-2017 0 2	0	2
Is there a way to speed up my search through millions windows security logs? Doing some long-tail analysis and I am running in Fast Mode but the query for 24 hours is taking a long time. Please... by packet_hunter Contributor in Splunk Search 04-26-2017 0 10	0	10
best tips for speeding up searches? best tips for speeding up searches? by transamrit Explorer in Splunk Search 04-26-2017 1 5	1	5
Group full auditd (rlog) EXECVE commands by User? Hello, I have been trying to write some custom searches against linux auditd logs to get a list of all commands exec... by pierceward Engager in Splunk Search 04-25-2017 2 2	2	2
inputlookup format to insert wildcard * is it possible? inputlookup like: user mailbox smithj john smith bloggsj joe bloggs search string: \| inputlookup use... by r999 Path Finder in Splunk Search 04-25-2017 1 2	1	2
Need help on finding daily hourly max for a month for a timechart Hi All, I am pretty new to splunk and trying to figure out a splunk search query. I am extracting a monthly report o... by payalgarg27 Explorer in Splunk Search 04-25-2017 0 4	0	4
unable to filter specific source with REX i have data coming from different sources (catalina,sailpoint,accesslogs,etc) now i want to filter it into different ... by cleelakrishna Loves-to-Learn in Splunk Search 04-25-2017 0 1	0	1
Extract out the first line of results from Transaction command Hello guys, I have a sample log that looks like this: DATE, TIME, LOGIN, IP_ADDRESS, USERID, EMPLOYEE_ID, WORKSTAT... by silvermail Path Finder in Splunk Search 04-25-2017 0 7	0	7
Show meesage if no results but continue applyng commands if there are results I have a following query: index=main source=mylogsource.log "Response Message:*" "234998102" \| ifnoresults ---> (ev... by gpincheiraa Engager in Splunk Search 04-25-2017 0 1	0	1
Why does the timechart command give different values than stats command? Hi, I am getting difference in count while using stats in piechart and with same search with timechart in line graph... by umsundar2015 Path Finder in Splunk Search 04-25-2017 0 8	0	8