Splunk Search

Community Activity

How do you write a regular expression for all events with a certain string? I want to blacklist or send to nullqueue ANY event with a particular phrase. I can use the literal string and just e... by colbymahan Explorer in Splunk Search 03-16-2017 0 2	0	2
Is there a default sourcetype for /opt/log/www1/secure.log? Wondering if there a default sorucetype that can be used to extract source_ip and user from secure.log files? source... by jagadeeshm Contributor in Splunk Search 03-16-2017 0 2	0	2
How to make my simple timechart search run faster? I'm guessing this should be a very basic task, if it's possible. My current search below produces exactly what I wan... by adamsmith47 Communicator in Splunk Search 03-16-2017 0 2	0	2
How to create an alert based on the thresholds in a lookup table? Hello, Is there way to create an alert based on the thresholds in a lookup table? I have a search which will give ... by vrmandadi Builder in Splunk Search 03-16-2017 0 2	0	2
How to edit my search to find the last seen date of our computers? What I am trying to do is currently search for Computers that were last seen 10 days or more ago. Currently right now... by jmcaloon Explorer in Splunk Search 03-16-2017 0 1	0	1
How to edit my configurations to extract a multivalue field from an extracted field? I am trying to extract fields for OpenDNS logs. These come in a CSV format: "2015-01-01 20:39:57","client1","clien... by reedmohn Communicator in Splunk Search 03-16-2017 0 8	0	8
How can we modify the wrong _raw timestamp for a summary index? After populating data under summary index we are getting wrong timestamp for all the fields. Original search query:... by abhijit_mhatre Path Finder in Splunk Search 03-16-2017 0 4	0	4
How to extract a new field from 'source' (or others metadata) fields? I need to extract a field that is a substring from 'source' field. My intention was to use something like a regex in ... by tcmarquesi Explorer in Splunk Search 03-16-2017 0 3	0	3
How to rewrite metadata using the values of a few keys in the event data? We are looking at [potentially] adding an abstraction layer in between a host and the indexers but we of course lose ... by brent_weaver Builder in Splunk Search 03-16-2017 0 5	0	5
How to find latest events within multiple transactions? I have multiple transactions similar to the following: <time> Event Start <time> Motor 1, Steps 2345 <time> Motor 2,... by brunton2 Path Finder in Splunk Search 03-16-2017 0 6	0	6
Timechart results in to week buckets - keeps forcing monthly Splunk can be pretty mean at times and do things that have no sense. Im trying to create a chart that shows a few per... by 999chris New Member in Splunk Search 03-16-2017 0 6	0	6
How to filter XmlWinEventLog in Heavy Forwarder with regex? Hi, I have XML rendered log from sysmon and i need to extract from this log only interesting fields, for example: ... by borshoff Explorer in Splunk Search 03-16-2017 0 6	0	6
how to get a html file including a table into splunk Hello, we are trying to parse an html file to splunk. We tried it two different ways: one way was to use the splunk... by undercoverbroth New Member in Splunk Search 03-16-2017 0 2	0	2
simple moving average and dynamic fields This will be very interesting or boring, it can only be one! I have an extracted field: CFErrorCodeMessagesCode Thi... by jlvix1 Communicator in Splunk Search 03-16-2017 1 15	1	15
Splunk api using python script Greetings, Could any one help to push JSON data of my application to splunk using splunk api. (Instead of using spl... by sunil_bansal New Member in Splunk Search 03-16-2017 0 3	0	3
search matching big multiline string Hello All, I have a multiline very big string exported from excel CSV file to splunk...it worked good i can see all t... by 722624 Path Finder in Splunk Search 03-15-2017 0 6	0	6
How to extract the correct date and time that are split in two different locations in my sample data? We are getting data from a mainframe system to represent call data from our applications. Data in the events looks li... by burras Communicator in Splunk Search 03-15-2017 0 12	0	12
Trying to performance test my Splunk searches, but why are results sometimes returned too fast? Hello, I have a report which generates results - useful for loading with \| loadjob, as well as events into the summ... by bhawkins1 Communicator in Splunk Search 03-15-2017 0 5	0	5
Where can you disable optimized search in Splunk 6.5.0? Does anyone know where in the console we can disable optimized search in v6.5.0? by fisuser1 Contributor in Splunk Search 03-15-2017 0 5	0	5
How to add previous data to a number from another field, and put it as the current data? I have 3 main fields: _time, total_vehicle, and changes. total_vehicle is only generate periodically and I would like... by vickyocc53 New Member in Splunk Search 03-15-2017 0 1	0	1
How to create a pie chart or graph based on web log CSV? I have a csv file that contains the date and time, visited url (which is a complete url, not just the domain), and vi... by amerisurgit Engager in Splunk Search 03-15-2017 0 1	0	1
How to edit my chart/timechart search to include the sum of events? sourcetype=pools Fields- poolname, poolsize sourcetype=poolcomponents Fields- componentname, poolname, componen... by clintla Contributor in Splunk Search 03-15-2017 0 2	0	2
How to remove fields from appearing in my timechart panel? i'm trying to remove field from the timechart panel eg: index=os host=xyz \| timechart avg(usedMB) as DiskUsed avg(fr... by vijaykumartcs Explorer in Splunk Search 03-15-2017 0 1	0	1
Look up in CSV date Hi All, I have CSV with below fields and values Login_count * Logging_Time******* Application_name** *... by smaran06 Path Finder in Splunk Search 03-15-2017 0 4	0	4
subsearch question Cannot get results from query using subsearch. I would like to compare the previous percentage of used space with th... by dpauls New Member in Splunk Search 03-15-2017 0 3	0	3