Splunk Search

Community Activity

How to modify my regular expression to extract strings between two pipes? hello, I need to extract the strings between both pipes " \| \| ", for instance, here are a few sample strings: (someti... by maximusdm Communicator in Splunk Search 02-02-2017 0 10	0	10
How to write a regular expression to identify multiple capturing groups? Hi, below is the stanza in transforms.conf. [rfc5424_header] REGEX = <(\d+)>\d{1}\s{1}\S+\s{1}\S+\s{1}(\S+)\s{1}... by ankithreddy777 Contributor in Splunk Search 02-02-2017 0 1	0	1
Where do you manually delete certain reports or dashboards on the server? So I have mass copied the search app from Server A to Server B (Along with the users directory) to basically copy ove... by Jarohnimo Builder in Splunk Search 02-02-2017 0 2	0	2
Why is my search using join returning zero results? hi i am trying to do something like index=uk search [subsearch] \| fields a b \| join a [index=uk search \| table a b c... by stephenmoorhous Path Finder in Splunk Search 02-02-2017 0 8	0	8
Why does an extracted timestamp field show as _raw? I've setup a field extractions with K=V; format and every field is working correctly except for the first field, "tim... by mvanberg Explorer in Splunk Search 02-02-2017 0 7	0	7
How to extract username from my data? Hi Splunkers, I have been struggling to extract user name from below values of user. user -------- user1@sa.com sab... by thambisetty_bal Path Finder in Splunk Search 02-02-2017 0 3	0	3
Manipulating Table Rows of Sensor Data to Shift _time tl;dr : Need to manipulate rows / cols of a table in a specific way to avoid using subsearch, can't figure out how. S... by ErikaE Communicator in Splunk Search 02-02-2017 0 2	0	2
Regex to split field, optional second field I have a field that has a pattern where there is a first portion of the string that I'd like to capture into one fiel... by pgreer_splunk Splunk Employee in Splunk Search 02-02-2017 0 2	0	2
How to edit my search into a timechart? In a past post someone helped me create the following search source=duo extracted_eventtype=authentication result="... by jpringle03 Path Finder in Splunk Search 02-02-2017 1 8	1	8
Mass rename of fields I want to rename any number of fields/columns based on simple patterns. From: randomfields, a1.name1.stuff, a2.name2... by landen99 Motivator in Splunk Search 02-02-2017 0 3	0	3
How to enable Search Assistant for all users on a Search Head Cluster? I would like to enable to search assistant on my Search Head Cluster. The documentation recommends an edit to the fil... by JDukeSplunk Builder in Splunk Search 02-02-2017 0 2	0	2
get latest time stamp from two timestamps HI I have two time stamps like "2017-01-30T19:22:39Z" "2017-01-29T19:17:33Z" From the above two timestamps I wan t... by Dassari New Member in Splunk Search 02-02-2017 0 3	0	3
Cron expression for first two mondays of every month I need a cron expression that would run a report on first two mondays of every month.What would be the expression?Tha... by ASISH_9 Engager in Splunk Search 02-02-2017 0 7	0	7
fields - values search command breaks dashboard when edit mode was activated Hi, I'm running Splunk 6.4.0 with two customers. When using the fields - values search command, the dashboard is no... by mhornste Path Finder in Splunk Search 02-01-2017 0 3	0	3
EVAL is overwriting field of other add-on Hi, I have an EVAL statements in two add-ons. The field names are same and the add-on that comes later in alphabetic... by rleena New Member in Splunk Search 02-01-2017 0 11	0	11
外部リンクをクリックし、外部リンクに直接ジャンプすることは可能でしょうか？ Webアクセスのデータの中にURL Link情報（例えばreferer)データの中に、例えば、www.splunk.comという文字があったとします。ダッシュボード内に、table refererというデータを表示することで、このU... by goji Path Finder in Splunk Search 02-01-2017 0 1	0	1
How to extract fields from my raw data? Need help to extract fields between comma (,). The raw data below have two results, FAILURE and SUCCESS. I want to cr... by rafiqul New Member in Splunk Search 02-01-2017 0 2	0	2
Is there a way to check for a file from n number of hosts and alert if there is no file from each host in last 30min? index=test File="*.txt" \| stats count by host \| where count<1 -->with this I am getting NoResults found" but I need ... by sai_john New Member in Splunk Search 02-01-2017 0 8	0	8
Why is a Splunk search throwing errors on a lookup that isn't being called? One of my users has a lookup table that they have saved appropriately into their app. It was running just fine. Now,... by gwalford Path Finder in Splunk Search 02-01-2017 1 6	1	6
How to remove leading periods from a field? Hi I have a search that returns the following . Adobe Acrobat XI Pro DSC .. Adobe Flash Player ActiveX DSC ... Ad... by ajdyer2000 Path Finder in Splunk Search 02-01-2017 0 2	0	2
How to write count of (SUM(X,Y,Z)) instead of count of (X OR Y OR Z) ? How can I change this query to count the SUM of my events/sec instead of the count of (X OR Y OR Z)/sec : host=myhos... by achetreanu New Member in Splunk Search 02-01-2017 0 17	0	17
How to edit my regular expression to extract the numbers and semicolons from my sample data? I don't understand how Splunk does regex! I have this search below: ... \| spath output=test path=a.b.c \| rex field=t... by ayusuf Engager in Splunk Search 02-01-2017 0 4	0	4
How to extract the nth letter from these sample host names using regular expression? How to extract the nth letter from the host using regular expression? Sample hosts are :- host=abcdefpghijkl11 (pro... by imthesplunker Path Finder in Splunk Search 02-01-2017 0 2	0	2
How to generate a line chart for disk space by server and hard drive? I'm new to Splunk and need some help with a chart for disk space usage. I'm getting the data already in Splunk Light... by jsndvl11 New Member in Splunk Search 02-01-2017 0 5	0	5
Help recreating report from different souce query: index=cat sourcetype=ctap host=sc58lcatp* source="*.out" "INFO: ZIP_SEARCH" OR "INFO: COMPARE" OR "INFO: COMP... by kmccowen Path Finder in Splunk Search 02-01-2017 0 3	0	3