Splunk Search

Community Activity

How to write a regular expression for extracting OS version number from User Agent in my sample data? How do we write a regular expression to extract a OS version from the User Agent considering the fact that UserAgent ... by pradjswl Explorer in Splunk Search 04-11-2017 0 9	0	9
How to increase the results for append/appendcols? Hi, In my query, i'm using append command to add the sub search with main search. But I'm getting max. of 50,000 even... by uhkc777 Explorer in Splunk Search 04-11-2017 0 4	0	4
Filter out results from report using "rex _raw" and "stats count(eval(match(AA,""))) AS "ABC"" and filter out results with "count=0" Hi, I am looking to filter out the contents of Search results that is using rex, transpose and count. we are having... by srishtiarora New Member in Splunk Search 04-11-2017 0 2	0	2
How to optimize a regex function of concurrent consonants? I'm trying to calculate a potential risk score from the number of concurrent consonants in a domain name. (e.g. egork... by twisterdavemdCM New Member in Splunk Search 04-11-2017 0 2	0	2
How to generate a search that will show standard user accounts that escalate to administrator? Good afternoon all. After an attacker gathers the login credentials for a standard user account they will want to el... by rodiers01 New Member in Splunk Search 04-11-2017 0 1	0	1
How to find the average count of events for a timechart? This sounds so easy but I can't seem to figure it out. Or maybe it's just ridiculous and there is a better way. So I... by robertlabrie Path Finder in Splunk Search 04-11-2017 0 4	0	4
splunk search giving same results in table Hello, The below search is producing the same data for success and errors... index=datapower ApplicationName="mpg... by leomedina Explorer in Splunk Search 04-11-2017 0 4	0	4
Creating Transactions to Calculate duration based on Measurement Value I have a piece of machinery with PLC tags that record either 1 if it is running or 0 if it is down. I am trying to us... by ltemple1 Engager in Splunk Search 04-11-2017 0 9	0	9
How to create a scatter chart over time and duration, with a line for max duration? Hello Guys, I have a requirement where I need to create a scatter chart of tickets. I need to have a ticket created... by Chinmai Explorer in Splunk Search 04-11-2017 0 2	0	2
browsing time by day I am using the following to determine the amount of browsing time for a user. I would like to have a table that actu... by mcbradford Contributor in Splunk Search 04-11-2017 1 18	1	18
help me with Real time search for my usecase I am trying to run real time for the below query(20 minute window) where i can able to see only one result(i.e., cou... by sravankaripe Communicator in Splunk Search 04-11-2017 0 6	0	6
How can i mask this data at index time? I will like to mask this data so that the password value is "XXXXXXXX". I have tried SEDCMD, scrub and transforms bu... by u2s1e0n2 New Member in Splunk Search 04-11-2017 0 5	0	5
Join with condition OR Hi Everyone i need to use a splunk join, i want ask is possible use two field with OR condition Example my sear... by gibba Path Finder in Splunk Search 04-11-2017 0 3	0	3
Regex to Extract String That is Between 2 Fixed Words I have 61 events which have a string between ''and '' There's 3-4 different phrases that go between those 2 fixed st... by skoelpin SplunkTrust in Splunk Search 04-11-2017 0 17	0	17
LDAP group reporting Hi. Could someone suggest how I could go about creating a report that list all AD users and all the associated LDAP g... by aoliullah Path Finder in Splunk Search 04-11-2017 0 4	0	4
Search for file path and only that file path to come back nothing else hi I have the following files /net/dell427srv/data1/apps/QCST_DBS_RSAT_v3.1.38_MASTER_DONOTRESTART/ /net/dell427sr... by robertlynch2020 Influencer in Splunk Search 04-11-2017 0 4	0	4
Stuck on extracting fields using own RegEx Hi, still finding my around Spplunk and I've sort of go what I want in pt2 of my requirements, but after a couple of ... by StuReeves Explorer in Splunk Search 04-11-2017 0 3	0	3
How to expand multivalue fields after using streamstats command? Hello, I am trying to figure out how to expand multivalue fields after using the streamstats command. I have an event... by like2splunk Explorer in Splunk Search 04-11-2017 0 3	0	3
I am not getting the right query for searching 2 different errors on same one server For example, below query, the host is prodsrvhpsm01 and I am searching for 2 different errors error1 and error2 but... by stagare Explorer in Splunk Search 04-11-2017 0 1	0	1
How to assign fields to event/logs which do not contain target string I have two applications, these can exist in preprod or live environments. I want to have a field on logs from both ap... by JpAnderson_2 New Member in Splunk Search 04-11-2017 0 4	0	4
Delta on serveral fields, separate by id I have multiple events like : field 1; otherTimestamp; field2;field3;field4 test;1371481920.000000,value2,valeu3...... by sbsbb Builder in Splunk Search 04-11-2017 2 10	2	10
How to display values in the columns for a chart? Hi All, Im using splunk 6 This is my search string search string...."Send Destination") \| timechart count by group... by aak2 New Member in Splunk Search 04-11-2017 0 3	0	3
Correlating field values and finding where they match Hello guys, So I have struggled writing search pipeline for this senario: I have comparing unique id(numerical valu... by sasisudas New Member in Splunk Search 04-11-2017 0 1	0	1
How to count number of item that sastify condition by small group For example, I have below data: Shop1 Day1 sell 11 Shop1 Day2 sell 14 Shop1 Day3 sell 20 Shop2 Day1 sell 15 Shop2 Da... by nguyentu New Member in Splunk Search 04-10-2017 0 2	0	2
How do I make a timechart show the times in horizontal instead of vertical? I am trying to run a search that shows how many unique ports a particular IP address access in a day over a seven pay... by ngoetz9915 New Member in Splunk Search 04-10-2017 0 1	0	1