Splunk Search

Community Activity

Regex help on multiline fields and mvexpand My data sample is as below C12345 my1Surname, my1First Role Access (Group1) - I ... by koshyk Super Champion in Splunk Search 02-12-2017 0 2	0	2
checking the duplicate sourcetypes for monitor stanzas in UF what happens if 2 different monitoring stanzas have same source type name ? . Is there any query to verify whether di... by kteng2024 Path Finder in Splunk Search 02-12-2017 0 3	0	3
How can I dedup across rows and columns in a pivot table? I have a pivot table with data, but I need to find the number of times these values occur. However, a user can input ... by ereed18 Engager in Splunk Search 02-11-2017 0 2	0	2
How do I write a regular expression to return a matching pattern in my logs? Any string starting with COLDAPP , ending with double colon, would be a Tx id in my logs. it can be at the beginning/... by pradjswl Explorer in Splunk Search 02-11-2017 1 9	1	9
How to properly index data from a CSV input with timestamp column I'm trying to index CSV format inputs and the timestamp can be indicated by the fields within, rather than the time t... by jayakumar89 Explorer in Splunk Search 02-11-2017 0 3	0	3
how to eval new field to filter events by a number in the raw data i want to filter my data, based on the key numbers present in raw events. example event1: sdfgn dfnlk 1/25/2017 ldjo... by annamareddi New Member in Splunk Search 02-11-2017 0 2	0	2
How to generate a search to find out hosts in Splunkd that have restarted? Can i please know the search to find out the hosts in Splunkd that have restarted or has " splunkd started Conf mut... by kteng2024 Path Finder in Splunk Search 02-11-2017 0 2	0	2
DGA Regex in Splunk I am trying to search through logs for unusual domains generated by DGAs. I want to use regex to search for domain na... by masfar Engager in Splunk Search 02-11-2017 0 7	0	7
Need help to create search for the same time over days All, I am running this simple search from 12pm to 2pm: index=ssn sourcetype=app-gmr eventtype=start_job \| stats cou... by GersonGarcia Path Finder in Splunk Search 02-11-2017 0 3	0	3
Why does using eventstats result in seemingly lost data at a certain number of events? I'm trying to calculate the percentage of a specific account's usage. To do this, I'm calculating the usage across al... by mburgoon New Member in Splunk Search 02-11-2017 0 2	0	2
Need help with a greater than in seconds My search alert filter: host=web-* "\"response_code\": 5*," OR "\"message\": \"Application Error\"" OR "\"response_co... by trehman New Member in Splunk Search 02-10-2017 0 2	0	2
How to Edit my search Query to Show images in the Dashboard panel? Hello How to add the images in Splunk Dashboard panel, I have to show a 'Tick' mark when I see logs from a Index and... by kiran331 Builder in Splunk Search 02-10-2017 0 3	0	3
how to show three values in label in visualization of splunk in my chart I am showing three variable values using xyseries command. But looking at bar chart we can see only two ... by karthikeyan_k14 New Member in Splunk Search 02-10-2017 0 12	0	12
Use table value in later stats command such as avg, max I have a search which outputs a table such as apiNAME (-- this is the column head with values as below) apiA_MS api... by bing_zheng New Member in Splunk Search 02-10-2017 0 5	0	5
How to convert my response time field into seconds? i want to retrieve responsetime and convert it into seconds. please help me with Rex IP Respo... by sravankaripe Communicator in Splunk Search 02-10-2017 1 3	1	3
Convert data from "%Y-%m" to epoch and again to "%Y-%m" Hi guys, I am begginer which some problems with converting. I tried to parse date in format %Y-%m like 2017-01 to epo... by Accak Path Finder in Splunk Search 02-10-2017 0 4	0	4
Subsearches compairing datasets Hello all, I have a search technique I've been using to compare smaller sets of data, to find the difference, howeve... by adamsmith47 Communicator in Splunk Search 02-10-2017 0 4	0	4
How to generate a search that will display event times by sourcetype? I am trying to write a search that will return a report of event times by hour for each sourcetype. For example, ... by lasonyadj New Member in Splunk Search 02-10-2017 0 4	0	4
Combining 2 RE into single RE Hi, For every event in the SPLUNK, I have set the RE for host field. In general all the input to Splunk is of the fo... by muralisushma7 Explorer in Splunk Search 02-10-2017 0 9	0	9
regular expression in my lookup table hi,all,here is my problem: here is my search: mysearch \| table fields1 fields2 and I got: fields1 fields2 f... by fengl2 Explorer in Splunk Search 02-10-2017 2 9	2	9
Help need to format output All, I have this search: index=main sourcetype=app-gmr eventtype=start_job OR eventtype=end_job \| table _time event... by GersonGarcia Path Finder in Splunk Search 02-10-2017 0 7	0	7
Splunk using cipherSuite caused CLI command issues I am on Splunk Version : 6.1.3 and trying to use splunk supported cipherSuite from TLSv1.2, but it is causing the... by sat94541 Communicator in Splunk Search 02-10-2017 0 12	0	12
How to troubleshoot the error "There are currently no forwarders configured as deployment clients to this instance"? Im new to splunk ,though i have universal forwarder installed, im still seeing this error on my data inputs page? by sairamvarma New Member in Splunk Search 02-10-2017 0 1	0	1
help me with field extraction i want to convert it to i want this fields Average overtime Max value overtime min value overtime by sravankaripe Communicator in Splunk Search 02-10-2017 0 4	0	4
how to get the count of transactions monthly where Transaction_Date is greater than 01/01/2016 ? I have fields like Transaction_Date and Status. How Can I get the count of transactions which where active (i.e Sta... by repo12 New Member in Splunk Search 02-10-2017 0 3	0	3