Splunk Search

Community Activity

rex help plz "sessionID":"ABCDFE-112451x55-3734-4601-82a9-7ab6c5151d85" "sessionID":"123456789012" "sessionID":"12dsfvvxv3" Pleas... by sravankaripe Communicator in Splunk Search 02-15-2017 0 2	0	2
REX command for the logline I need to write a rex command for the below log, Please help me out. log: xxx,xxx, D_Name="sag01 "TCC - QA - ORAA cv... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 4	0	4
How to pass regular expression in variable to the match? HI All, How to pass regular expression to the variable to match command? Please help.. in Following search qu... by rsathish47 Contributor in Splunk Search 02-15-2017 0 3	0	3
Host override at search time I want to override the Host value at search time, not at index time because I need to override it just in the context... by giorgio_adami_m Path Finder in Splunk Search 02-15-2017 2 6	2	6
Joining accelerated data models using tstats Hi guys - I have 3 data models, all accelerated, that I would like to join for a simple count of all events (dm1 + d... by himynamesdave Contributor in Splunk Search 02-15-2017 0 13	0	13
Searching a URL for file name that may contain spaces Have a record in a log that looks like the following: Wed Oct 26 10:41:14 2016 0 10.40.112.27 437434 /dirlevel1/dirl... by Mkaz New Member in Splunk Search 02-15-2017 0 12	0	12
how to convert the for loop in to splunk search i have a for loop statement need to get converted to splunk query .. i am not aware how to store the variable and use... by beenagulzar New Member in Splunk Search 02-15-2017 0 1	0	1
Writing rex to grep a value from the field I have 3 different values to be extracted. Please help me in writing rex command here is the field values name="ascd... by nivethainspire_ Explorer in Splunk Search 02-15-2017 0 1	0	1
Splitting Entries into 2 columns for same field I need AD auth events and some have multiple entries for Account Name field. One entry is a hyphen (-). Can someone h... by sharadkapurala New Member in Splunk Search 02-15-2017 0 1	0	1
split fields upon indexing/ use regex to split fields Hi, I have source data comma delimited like this from JMeter: timeStamp,elapsed,label,responseCode,responseMessage,... by mhornste Path Finder in Splunk Search 02-15-2017 0 9	0	9
Query to find the license usage by a particular host or index on a daily basis I need to know the license usage of 5 indexes on a daily basis. All the options I have been trying gives me the licen... by mintughosh Path Finder in Splunk Search 02-14-2017 0 2	0	2
How to extract particular value using regular expression? In the below event "status" key has the value either "1" or "0" . I am looking out to extract those "status" having t... by chetanhonnavile Explorer in Splunk Search 02-14-2017 0 8	0	8
Search Time Range Hi, I have a simple question, what is the difference between earliest=-15m with earliest=-15m@s? I could not find a... by dellytaniasetia Explorer in Splunk Search 02-14-2017 0 1	0	1
How to search currently active VPN sessions? So my data has, for example, code 001 for connected and 002 for disconnected. Also, each VPN session has a unique ses... by mattbirk Explorer in Splunk Search 02-14-2017 1 5	1	5
Why does my regular expression work in search, but it does not work in transforms.conf? I'm having trouble converting a search string into a working regular expression in transforms.conf to send events to ... by murhammr Path Finder in Splunk Search 02-14-2017 0 7	0	7
How to find thrput of data being searched in Splunk? We are planning to for a F5 load-balancer to be placed in front of the search heads. For sizing, how can I find out t... by nravichandran Communicator in Splunk Search 02-14-2017 0 2	0	2
Why does the timechart command display inconsistent results when the time range is changed? When I use the following search (some criteria obfuscated for security): index=main sourcetype=transaction applicat... by fvegdom Path Finder in Splunk Search 02-14-2017 1 19	1	19
Field Aliasing and any performance impact Good morning! I am having to parse out Bro log files and with the help of the forum I was more than successful at doi... by brent_weaver Builder in Splunk Search 02-14-2017 0 3	0	3
How do I get a distinct list of users within the span of 1 day over 30 days? I'm working on creating a report to monitor VPN usage based on unique user per day. I was able to get the format I wa... by jmaple Communicator in Splunk Search 02-14-2017 0 1	0	1
Lookup using an indexed log file Hi guys I'm not an expert of Splunk. I was wondering if I can use a lookup to reference fields that are stored into ... by faustf Communicator in Splunk Search 02-14-2017 0 1	0	1
How to use timechart command to calculate the average of a field? My raw data: Feb 7 18:18:23 impact 1 Gbps/137.54 Kpps, importance 2... Feb 7 18:18:23 impact 3600 Mbps/137.54 Kpps... by chengyu Path Finder in Splunk Search 02-13-2017 0 5	0	5
Regex field != expression not matching I have a query where I am performing regex matching on two different fields, field1 and field2. index=proxylogs uri!=... by raghav130593 Explorer in Splunk Search 02-13-2017 0 4	0	4
What are the differences between Splunk vs HP Arcsight as a SIEM tool? Hi All, I am planning to start learning about Splunk. I wanted to know the difference between Splunk and HP Arcsight... by pradeep577 Path Finder in Splunk Search 02-13-2017 2 3	2	3
How can I show results for a field that is disabled and not re-enabled in a certain amount of time? How can I show results for a field that is disabled and not re-enabled in a certain amount of time? I want to be ale... by JRougeau Engager in Splunk Search 02-13-2017 0 1	0	1
Values(x) showing too many results. Is there a way to limit the number of results to a field? I am trying to limit the number of results shown when I use the values command. Here is my search: index="mydata" e... by ivanayala New Member in Splunk Search 02-13-2017 0 7	0	7