Splunk Search

Community Activity

Why are some events not summarized in a data model? I have an accelerated datamodel configured, and if I run a tstats against it, I'm getting the results as expected. Ho... by szabados Communicator in Splunk Search 03-17-2017 1 2	1	2
Is there a way to create a token from search results in simple XML similar to $results[0].fieldname$ in advanced XML? I want to be able to use my search for a few things, i.e. a table then further search or html display based on certai... by helenashton Path Finder in Splunk Search 03-17-2017 3 13	3	13
multiple field extraction with Regex I'm trying to use the Extract fields wizard to pull a field out of a log, but running into an issue. Here a portion o... by dwear Explorer in Splunk Search 03-17-2017 0 8	0	8
How to create table with two variables? Regex Hi, I am very rusty with my splunk. I have this query: index=nitros_prod_stores_servers sourcetype=_json OR sourcety... by JoshuaJohn Contributor in Splunk Search 03-17-2017 0 2	0	2
Why are the values on y-axis of my bar chart different than what I have set? I have a bar chart, I need values on the y - axis like 0, 1000000, 2000000, 3000000, .... ,7000000. I did this by us... by Chinmai Explorer in Splunk Search 03-17-2017 0 3	0	3
How to use if condition along with count in a where condition? Hi All, I need to build a search that to show result as below. I have grouped the events based on the id which is uni... by mudunuru_rk New Member in Splunk Search 03-17-2017 0 6	0	6
Regex to match two fields in transforms.conf I'm looking to match against two fields in transforms.conf. I would like to match against a customer _meta field and ... by danbrook Explorer in Splunk Search 03-16-2017 0 5	0	5
For a field user, which has precedence: an eval defined in local folder or a regex defined in default folder? Hi, I am having the following issue/conflict when resolving the field user from events (coming with sourcetype WinEv... by skender27 Contributor in Splunk Search 03-16-2017 0 4	0	4
Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a CIDR column? Is it possible to create a data model lookup attribute that is based on a CSV file that contains a name column and a ... by yacht_rock Explorer in Splunk Search 03-16-2017 0 1	0	1
How do you write a regular expression for all events with a certain string? I want to blacklist or send to nullqueue ANY event with a particular phrase. I can use the literal string and just e... by colbymahan Explorer in Splunk Search 03-16-2017 0 2	0	2
Is there a default sourcetype for /opt/log/www1/secure.log? Wondering if there a default sorucetype that can be used to extract source_ip and user from secure.log files? source... by jagadeeshm Contributor in Splunk Search 03-16-2017 0 2	0	2
How to make my simple timechart search run faster? I'm guessing this should be a very basic task, if it's possible. My current search below produces exactly what I wan... by adamsmith47 Communicator in Splunk Search 03-16-2017 0 2	0	2
How to create an alert based on the thresholds in a lookup table? Hello, Is there way to create an alert based on the thresholds in a lookup table? I have a search which will give ... by vrmandadi Builder in Splunk Search 03-16-2017 0 2	0	2
How to edit my search to find the last seen date of our computers? What I am trying to do is currently search for Computers that were last seen 10 days or more ago. Currently right now... by jmcaloon Explorer in Splunk Search 03-16-2017 0 1	0	1
How to edit my configurations to extract a multivalue field from an extracted field? I am trying to extract fields for OpenDNS logs. These come in a CSV format: "2015-01-01 20:39:57","client1","clien... by reedmohn Communicator in Splunk Search 03-16-2017 0 8	0	8
How can we modify the wrong _raw timestamp for a summary index? After populating data under summary index we are getting wrong timestamp for all the fields. Original search query:... by abhijit_mhatre Path Finder in Splunk Search 03-16-2017 0 4	0	4
How to extract a new field from 'source' (or others metadata) fields? I need to extract a field that is a substring from 'source' field. My intention was to use something like a regex in ... by tcmarquesi Explorer in Splunk Search 03-16-2017 0 3	0	3
How to rewrite metadata using the values of a few keys in the event data? We are looking at [potentially] adding an abstraction layer in between a host and the indexers but we of course lose ... by brent_weaver Builder in Splunk Search 03-16-2017 0 5	0	5
How to find latest events within multiple transactions? I have multiple transactions similar to the following: <time> Event Start <time> Motor 1, Steps 2345 <time> Motor 2,... by brunton2 Path Finder in Splunk Search 03-16-2017 0 6	0	6
Timechart results in to week buckets - keeps forcing monthly Splunk can be pretty mean at times and do things that have no sense. Im trying to create a chart that shows a few per... by 999chris New Member in Splunk Search 03-16-2017 0 6	0	6
How to filter XmlWinEventLog in Heavy Forwarder with regex? Hi, I have XML rendered log from sysmon and i need to extract from this log only interesting fields, for example: ... by borshoff Explorer in Splunk Search 03-16-2017 0 6	0	6
how to get a html file including a table into splunk Hello, we are trying to parse an html file to splunk. We tried it two different ways: one way was to use the splunk... by undercoverbroth New Member in Splunk Search 03-16-2017 0 2	0	2
simple moving average and dynamic fields This will be very interesting or boring, it can only be one! I have an extracted field: CFErrorCodeMessagesCode Thi... by jlvix1 Communicator in Splunk Search 03-16-2017 1 15	1	15
Splunk api using python script Greetings, Could any one help to push JSON data of my application to splunk using splunk api. (Instead of using spl... by sunil_bansal New Member in Splunk Search 03-16-2017 0 3	0	3
search matching big multiline string Hello All, I have a multiline very big string exported from excel CSV file to splunk...it worked good i can see all t... by 722624 Path Finder in Splunk Search 03-15-2017 0 6	0	6