Splunk Search

Community Activity

Any regex masters out there? Working on a regex for a script log. Need to pull out user: User accounts for \\ -----------------------------------... by tkwaller Builder in Splunk Search 03-09-2017 0 9	0	9
Can I count multi-value fields? My event(NOT table): _time,id,eth_src,eth_dst 090000,1,u,v 090001,1,w,x 090002,1,y,z 090003,2,u,v 090004,2,w,x 09000... by i111040d New Member in Splunk Search 03-09-2017 0 5	0	5
How to edit my search to exclude events outside of certain times of the day? Greetings, I need to run a search and only pull certain events that happen between midnight and 5:00 AM. So I use t... by SplunkLunk Path Finder in Splunk Search 03-09-2017 0 13	0	13
How to extract string from a position until the end of line? I have lines like this: [2011/02/11@10:33:13.978+0100] P-18679 T-0 I Usr 2: (49) SYSTEM ERROR: Memor... by mdzmuran Observer in Splunk Search 03-09-2017 0 2	0	2
How to parse a JSON array into Splunk table? I have been searching for how to do this and I haven't really come across anything that matches my use case. I have ... by bshega Explorer in Splunk Search 03-09-2017 0 7	0	7
notify users to change password on their first login and every 3 month the password we share should expire in 3 days Hi all Can any one help me with password change notification to the user What exactly we need is if we create new u... by puneethgowda Communicator in Splunk Search 03-09-2017 0 4	0	4
Real time select today's data Hi I wonder if i could do this. I am able to select real time for last one hour ,24 hours etc and i want to select ... by puneethgowda Communicator in Splunk Search 03-09-2017 0 5	0	5
How to get the TPS of all events in a 24 hours by host . We are trying to get TPS for 3 diff hosts and ,need to be able to see the peak transactions for a given period. initi... by guru865 Path Finder in Splunk Search 03-08-2017 0 10	0	10
Why is manual field extraction not working for some fields in some events? I have manually set up a search time field extraction with regular expression in the props.conf. It happens so that o... by dkkim_splunk Splunk Employee in Splunk Search 03-08-2017 0 4	0	4
How to send email to multi users one by one I run a query and get the table like this, user user_email content Jack ... by chlily New Member in Splunk Search 03-08-2017 0 1	0	1
CSV vs KV store lookup. How large is large? Documentation comparing CSV and KV store notes that for large lookups, KV Store is preferred over CSV. http://dev.sp... by MonkeyK Builder in Splunk Search 03-08-2017 0 4	0	4
Monitoring a Large Wifi Environment I'm looking at monitoring potentially a large wifi network consisting of multiple access points and looking for any i... by Esky73 Builder in Splunk Search 03-08-2017 0 5	0	5
How to edit my real time alert to trigger when average CPU and memory usage exceeds 70% in a 2 minute span? I want an alert thrown whenever a two minute interval shows the average CPU and average Memory usage both exceeding 7... by DPZ_Luke Explorer in Splunk Search 03-08-2017 0 11	0	11
How to group my data so that any values with the same time will be merged into 1 row? Hi , I'm very new here with Splunk searches I'm trying to do a group by on my dataset so that any rows with the same... by dcheng123 Engager in Splunk Search 03-08-2017 0 1	0	1
Need search help Hello I have a search that timecharts useragent count by useragent. Simply index=apache useragent=* \| timechart ... by tkwaller Builder in Splunk Search 03-08-2017 0 2	0	2
How to create a regular expression on a multivalue field I have a multivalue (MV) field "filetypes" with values such as: test/Makefile.am,test/och_test.cc,test/fully1.py,24,... by jlkokko Path Finder in Splunk Search 03-08-2017 1 4	1	4
Hosts that have sent events over the last eight weeks (by week) but taking into account owner vacation I have a low volume index where hosts send one event every 24 hours. I need to determine if each host in today's sea... by regriffith Path Finder in Splunk Search 03-08-2017 0 3	0	3
Peak hours of the week by total daily percentage Hi, I need to display the peak times of day that events are occurring. Essentially, I want to find out the peak time... by SecureIA Path Finder in Splunk Search 03-08-2017 0 4	0	4
How to convert this string into a usable time format? Hi and thanks in advance, I am trying to convert the following time example field: 2017-03-02T09:41:38.405Z i... by jperezes Path Finder in Splunk Search 03-08-2017 0 2	0	2
Tried DELIMS, REPORT but cannot get neither working sample data : Number: 152119522 Date : 12/01/2015 12:00:00 AM, Execution Time: 1945 Area Code: 21 Area Name: reading... by Esky73 Builder in Splunk Search 03-07-2017 0 2	0	2
Display Field Even No Values Hi i encounter an issues when i try to display field in table form without any values my data look like table below: ... by qygoh Engager in Splunk Search 03-07-2017 0 10	0	10
MVZIP With the same field on the same Line Hello All, I have a set of data that looks like the excerpt below: [44] 2017-12-22 to 2017-12-29: 2017-12-22... by raby1996 Path Finder in Splunk Search 03-07-2017 0 2	0	2
How to display a gauge chart when null values are received? Hi guys i have a gauge chart which normally will display values. however i encounter issues when there is no value, h... by qygoh Engager in Splunk Search 03-07-2017 0 4	0	4
need some help creating tokens I have a scheduled alert that I need to send to different recipients with different messages depending on the search ... by packet_hunter Contributor in Splunk Search 03-07-2017 0 9	0	9
Is "strftime() %X" defined by the Splunk server's operating system or the locale the browser? From Splunk docs for %X: The time in the format for the current locale. For US English the format for 9:30 AM is 9:30... by simpkins1958 Contributor in Splunk Search 03-07-2017 0 1	0	1