Splunk Search

Community Activity

Remove words from a String Hi guys! I need to remove words from 2 char in a string, I have a field like: comment="La pagina web es muy mala de... by sebafdez Explorer in Splunk Search 03-03-2017 0 3	0	3
Why is the table column edit symbol not showing up? I have formatted the table with simple table format visualization for columns in my local instance.. when i deploy it... by k_harini Communicator in Splunk Search 03-03-2017 0 1	0	1
RSS/Atom feed How can I add a RSS/Atom feed to my data input? by torreyt New Member in Splunk Search 03-02-2017 0 2	0	2
Sorting Rex extracted test My rex output extract gives following output in different environment. Is there any query to sort the returned text s... by nithinthomas New Member in Splunk Search 03-02-2017 0 4	0	4
How to extract file names from an unformatted URL string? Hi We need to extract file name from a URL. But URL in the log files have different formats or it has multiple spaces... by splunker9999 Path Finder in Splunk Search 03-02-2017 0 10	0	10
How do I use a stats sum and then divide by a field not used when summing? I have events that have tablespace, tablespace_size, table_owner, table_name, table_size ie WORK_TS 10000000 joe ... by riotto Path Finder in Splunk Search 03-02-2017 0 2	0	2
characters that need to be in quotations When you search in Splunk, I know some characters need to be in quotations-- field="value with spaces". I'm trying to... by camillak Path Finder in Splunk Search 03-02-2017 0 3	0	3
Why is my field extraction not consistent across all events? I want to extract a field which is uuid format and name it instanceid. props.conf settings EXTRACT-fields_5 = \[[i... by diavolo Path Finder in Splunk Search 03-02-2017 0 11	0	11
When using sparkline to display a table, why am I unable to list "host" field information? I'm not able to populate the host field with information when using the search below. When I look at the events tab, ... by jward6004 Explorer in Splunk Search 03-02-2017 0 2	0	2
Searching wildcard on a field that can possibly have null values Hello everyone, I am very close to a solution for my problem, but I am not quite there yet. I created a view that a... by centrafraserk Path Finder in Splunk Search 03-02-2017 1 5	1	5
I am trying to select a date range based on a single date field within a log. As an example - sourcetype="tickets" SubmitDate between 01/01/17 - 01/31/17. Any help would be appreciated. I am trying to select a date range based on a single date field within a log. As an example - sourcetype="tickets" S... by ChipOC New Member in Splunk Search 03-02-2017 0 1	0	1
Sorting Field name that is dynamically named in a particular order My search compares between the past two month (i.e. now we are in March, my search compares between January & Februar... by Parameshwara Path Finder in Splunk Search 03-02-2017 1 7	1	7
Percentage Timechart Hello I'm trying to add a percentage for each day. Here is what I have: index=tt OrderIntegration.asmx "PlaceOrderR... by tkwaller Builder in Splunk Search 03-02-2017 0 6	0	6
How to use field value count to filter the search result? I want to generate a search which generates results based on the threshold of field value count. I.E.,, My base sear... by Kwip Contributor in Splunk Search 03-01-2017 0 7	0	7
How to get correct host information from a Universal Forwarder to intermediary heavy forwarder to Splunk Cloud We have a setup where we have a syslog-ng server that forwards all events using a UF to a HF and then to the cloud. ... by tegnatomm Engager in Splunk Search 03-01-2017 0 2	0	2
understanding the transforms.conf hi, Can someone please explain me the below transforms.conf . I read the documentation ,but it's not clear to me . [... by kteng2024 Path Finder in Splunk Search 03-01-2017 0 2	0	2
How to write a query to have count of time where time is greater than 20s hits of one field "Time " against total time hits "Time" ,to create alert . here is a search i'm using for one alert. sourcetype=xx source="yy" method= timeDiff\| eval Time=ltrim(rtrim... by guru865 Path Finder in Splunk Search 03-01-2017 0 4	0	4
How to trim values from results Hi, We are looking to have my file name more readable and that being said FIlename looks like below and need to trim ... by splunker9999 Path Finder in Splunk Search 03-01-2017 0 6	0	6
How to generate a search to find unique IPs hitting a specific URL in Specific Time Range? Hello - I'm trying to write a search string that finds unique IPs hitting a specific URL in 30 minute bursts. For exa... by mistydennis Communicator in Splunk Search 03-01-2017 0 6	0	6
How to extract source and destination IP fields? I am trying to configure various search fields for a firewall log from the field extractor but Splunk is pulling up s... by rootchin Engager in Splunk Search 03-01-2017 1 3	1	3
Display only differences in values, between 2 events Hello, I'm looking events that track changes to a configuration. The first event is the "before" state the newest e... by chengka Explorer in Splunk Search 03-01-2017 0 14	0	14
How to edit my search to limit results to a specific user? Hi i'm working w/ the below search and getting good results for all currently logged in user accounts but would anyon... by cjsweeney1 Explorer in Splunk Search 03-01-2017 0 3	0	3
How to include only certain fields in an email sent from an alert I have an alert that looks for a pattern in an event that is an xml: ie. ":2017-03-01 06:02:16,194 INFO 7010 Syste... by riotto Path Finder in Splunk Search 03-01-2017 0 3	0	3
How to generate a search that determines inactivity of firewall rules? I'm having issues creating a search that determines inactivity of firewall rules. I'd like to determine if a firewal... by elpfarr Explorer in Splunk Search 03-01-2017 0 5	0	5
Unknown error for peer xxx. Search Results might be incomplete Splunk 6.4.2のSearch head 2台、Indexer 12台の分散環境を使っていますが、時間がかかるサーチを実行するとUI上に以下のエラーが表示されることがありますが、エラーが表示される原因および解決方法を教えてくだ... by cwl Contributor in Splunk Search 03-01-2017 0 1	0	1