Splunk Search

Community Activity

How to ignore some events at index time? Hello, I have to index only events that contains the string "$$log$$". I try with a transforms like [ignore] REGEX =... by ktn01 Path Finder in Splunk Search 02-03-2017 0 2	0	2
how to remove white space in the beginning of string value in field? In my field value are unstructured, few of the strings having space at beginning. Do anyone help, how to eliminate th... by karthikeyan_k14 New Member in Splunk Search 02-03-2017 0 1	0	1
How to separate the ordering of a chart Legend with the actual chart? Has anyone know how to "decouple" or separate the ordering of a chart Legend with the actual chart? I've looked at "... by dcroteau Splunk Employee in Splunk Search 02-03-2017 0 4	0	4
Any search examples for displaying a flame graph visualization? Hi, i am trying to implement visualization using flame graph, i was able to download flames code from git. can someo... by rajgowd1 Communicator in Splunk Search 02-03-2017 1 1	1	1
How to edit my search to determine if a field has a null or blank value? I'm trying to determine whether a field has a value but my search isn't giving me expected results, I've tried this: ... by dan_pudwell Explorer in Splunk Search 02-03-2017 0 3	0	3
How to write multiple fields into one column as values? Hi, I have a data that looks like this: ---------- ID1 field1=value1&field2=value2&field3=value3 --------... by snetuschil New Member in Splunk Search 02-03-2017 0 5	0	5
How to write a search for mapping fields based on dependency Hi, I have a sample dataset as follows: PROCCESS_NAME STATUS p1 PASS p2 PASS p3 PASS ... by harshal_chakran Builder in Splunk Search 02-02-2017 0 4	0	4
Recursive search I have a script that generates the time offset of a server from it's source, however, what I want to be able to do is... by ofgem_bird Engager in Splunk Search 02-02-2017 0 1	0	1
How to fill empty field with the time now My search throws empty time-related fields and I want to fill that compo with the current time by medveleyenet1 New Member in Splunk Search 02-02-2017 0 1	0	1
How do I compare my lookup table to multiple fields? I have a lookup table with IP address indicators that I would like to be alerted on whether the IP address is the sou... by MonkeyK Builder in Splunk Search 02-02-2017 1 8	1	8
How to modify my regular expression to extract strings between two pipes? hello, I need to extract the strings between both pipes " \| \| ", for instance, here are a few sample strings: (someti... by maximusdm Communicator in Splunk Search 02-02-2017 0 10	0	10
How to write a regular expression to identify multiple capturing groups? Hi, below is the stanza in transforms.conf. [rfc5424_header] REGEX = <(\d+)>\d{1}\s{1}\S+\s{1}\S+\s{1}(\S+)\s{1}... by ankithreddy777 Contributor in Splunk Search 02-02-2017 0 1	0	1
Where do you manually delete certain reports or dashboards on the server? So I have mass copied the search app from Server A to Server B (Along with the users directory) to basically copy ove... by Jarohnimo Builder in Splunk Search 02-02-2017 0 2	0	2
Why is my search using join returning zero results? hi i am trying to do something like index=uk search [subsearch] \| fields a b \| join a [index=uk search \| table a b c... by stephenmoorhous Path Finder in Splunk Search 02-02-2017 0 8	0	8
Why does an extracted timestamp field show as _raw? I've setup a field extractions with K=V; format and every field is working correctly except for the first field, "tim... by mvanberg Explorer in Splunk Search 02-02-2017 0 7	0	7
How to extract username from my data? Hi Splunkers, I have been struggling to extract user name from below values of user. user -------- user1@sa.com sab... by thambisetty_bal Path Finder in Splunk Search 02-02-2017 0 3	0	3
Manipulating Table Rows of Sensor Data to Shift _time tl;dr : Need to manipulate rows / cols of a table in a specific way to avoid using subsearch, can't figure out how. S... by ErikaE Communicator in Splunk Search 02-02-2017 0 2	0	2
Regex to split field, optional second field I have a field that has a pattern where there is a first portion of the string that I'd like to capture into one fiel... by pgreer_splunk Splunk Employee in Splunk Search 02-02-2017 0 2	0	2
How to edit my search into a timechart? In a past post someone helped me create the following search source=duo extracted_eventtype=authentication result="... by jpringle03 Path Finder in Splunk Search 02-02-2017 1 8	1	8
Mass rename of fields I want to rename any number of fields/columns based on simple patterns. From: randomfields, a1.name1.stuff, a2.name2... by landen99 Motivator in Splunk Search 02-02-2017 0 3	0	3
How to enable Search Assistant for all users on a Search Head Cluster? I would like to enable to search assistant on my Search Head Cluster. The documentation recommends an edit to the fil... by JDukeSplunk Builder in Splunk Search 02-02-2017 0 2	0	2
get latest time stamp from two timestamps HI I have two time stamps like "2017-01-30T19:22:39Z" "2017-01-29T19:17:33Z" From the above two timestamps I wan t... by Dassari New Member in Splunk Search 02-02-2017 0 3	0	3
Cron expression for first two mondays of every month I need a cron expression that would run a report on first two mondays of every month.What would be the expression?Tha... by ASISH_9 Engager in Splunk Search 02-02-2017 0 7	0	7
fields - values search command breaks dashboard when edit mode was activated Hi, I'm running Splunk 6.4.0 with two customers. When using the fields - values search command, the dashboard is no... by mhornste Path Finder in Splunk Search 02-01-2017 0 3	0	3
EVAL is overwriting field of other add-on Hi, I have an EVAL statements in two add-ons. The field names are same and the add-on that comes later in alphabetic... by rleena New Member in Splunk Search 02-01-2017 0 11	0	11