Splunk Search

Community Activity

How to use rex and ltrim to extract this field in my data? Hi, I have a field EMP, I need to remove the 0000 present before the field, is this do able? like, I'm using Rex and... by kiran331 Builder in Splunk Search 03-19-2017 0 4	0	4
How to extract the field using Regex? HI, How to extract the field "AppGUID-{9BE518E6-ECC6-35A9-88E4-87755C07200F}" from the below field ComputerName-DJ0... by kiran331 Builder in Splunk Search 03-19-2017 0 4	0	4
How to show AP and switch usage (Mb/s) over a 24hr period from Meraki syslogs? I'm a total newb to both Meraki and Splunk...not sure if this is a Meraki or a Splunk question... I've been sifting t... by phongshader New Member in Splunk Search 03-19-2017 0 3	0	3
How to edit my search so the alert triggers when the count=0? I'm looking for a query which write count=0 in the stats result when there are no events for that app and host. My ... by nithin204 Explorer in Splunk Search 03-19-2017 0 14	0	14
How to use if condition along with count in a where condition? Hi All, I need help with Splunk to find the count of the events. The base criteria was I will set of events from lo... by bhavani_p New Member in Splunk Search 03-18-2017 0 2	0	2
How can I convert "2016-12-17T00:30:00.000+0000" to epoch time? How can i convert 2000-12-17T00:30:00.000+0000 to epoch time? I tried using 1.) eval _time= strptime(_time,"%Y-%m-%... by m7787579 New Member in Splunk Search 03-18-2017 0 3	0	3
How to extract a string that starts with certain words or letters? I'd like to use rex to extract the event string that starts with certain words or letters, possibly ends with certain... by harry521 New Member in Splunk Search 03-18-2017 0 5	0	5
Tracking down Regex Errors I have what I think should be a simple question.... how can I find in Splunk why a regex extraction failed? I bring ... by ipicbc Explorer in Splunk Search 03-18-2017 0 7	0	7
How to generate a search of unique URI and all the client IP's hitting in a commas field and total count of the IP's hitting the URI? Am in a process of creating a report, in which i have URI's from many different hosts hitting from multiple IP's . ... by krish899 New Member in Splunk Search 03-18-2017 0 5	0	5
How to plot a delta timechart of average response time I have data like: timestamp, serviceName, responseTime(in ms) I want to plot the per minute delta of avg. response... by gokadroid Motivator in Splunk Search 03-18-2017 0 3	0	3
stats min/max not returning the correct result? Hi! I'm trying to figure out what I'm doing wrong with this stats query: "Advanced checkpoint" \| rex "shardId-0+(?<s... by rododoodles New Member in Splunk Search 03-17-2017 0 5	0	5
How to create a timechart that takes the remainder of a field value and add it to the previous bucket? I have the following metrics: date:01 yada yada yada total 80 date:02 yada yada yada total 120 date:03 yada yada yad... by jfraiberg Communicator in Splunk Search 03-17-2017 0 3	0	3
How to pause a dashboard panel's real-time search? I've built a dashboard panel that looks for blocked web traffic in real-time. Everything works great except I cannot ... by daishih Path Finder in Splunk Search 03-17-2017 1 6	1	6
How to edit my table to plot transactions? I was trying to create a table like below. We have a log with below fields, [Date][PreciseTime][Pid][Tid][Transactio... by krishnacasso Path Finder in Splunk Search 03-17-2017 0 6	0	6
How to generate a search that finds events that are older than 90 days? Hi, Below is my sample event. I want to create a search base which would return all such below events where FirstOcc... by srikanthpanchak New Member in Splunk Search 03-17-2017 0 2	0	2
How to do a time based search for router logs? Hello, I am new to Splunk, so trying to get familiarize with it. I want to do a time based search for router logs, fo... by salmanrc New Member in Splunk Search 03-17-2017 0 2	0	2
How to generate a conditional search based on time? I need to figure out a way to execute one of two different search strings based on the time range in a first search. ... by mstark31 Path Finder in Splunk Search 03-17-2017 0 9	0	9
How to list all the saved searches, macros, tags which contains a source=ABC? Is there any way to list out all the saved searches, macros, tags,etc which have a source=ABC in a search? Is there ... by pavanae Builder in Splunk Search 03-17-2017 0 3	0	3
Why are some events not summarized in a data model? I have an accelerated datamodel configured, and if I run a tstats against it, I'm getting the results as expected. Ho... by szabados Communicator in Splunk Search 03-17-2017 1 2	1	2
Is there a way to create a token from search results in simple XML similar to $results[0].fieldname$ in advanced XML? I want to be able to use my search for a few things, i.e. a table then further search or html display based on certai... by helenashton Path Finder in Splunk Search 03-17-2017 3 13	3	13
multiple field extraction with Regex I'm trying to use the Extract fields wizard to pull a field out of a log, but running into an issue. Here a portion o... by dwear Explorer in Splunk Search 03-17-2017 0 8	0	8
How to create table with two variables? Regex Hi, I am very rusty with my splunk. I have this query: index=nitros_prod_stores_servers sourcetype=_json OR sourcety... by JoshuaJohn Contributor in Splunk Search 03-17-2017 0 2	0	2
Why are the values on y-axis of my bar chart different than what I have set? I have a bar chart, I need values on the y - axis like 0, 1000000, 2000000, 3000000, .... ,7000000. I did this by us... by Chinmai Explorer in Splunk Search 03-17-2017 0 3	0	3
How to use if condition along with count in a where condition? Hi All, I need to build a search that to show result as below. I have grouped the events based on the id which is uni... by mudunuru_rk New Member in Splunk Search 03-17-2017 0 6	0	6
Regex to match two fields in transforms.conf I'm looking to match against two fields in transforms.conf. I would like to match against a customer _meta field and ... by danbrook Explorer in Splunk Search 03-16-2017 0 5	0	5