Splunk Search

Community Activity

How to use regular expression to cut the beginning of an Exception message? How to use regular expression for an Exception message from a Source=Windows:Application to cut the beginning of the ... by jward6004 Explorer in Splunk Search 02-03-2017 0 1	0	1
How to enable users to select from a set of chart types on a panel? Expected result: I have a panel displaying a line chart, the user can access (without the "Edit" option) the pre-set ... by zeinstein Path Finder in Splunk Search 02-03-2017 0 4	0	4
How to add my regular expression to a search? Hi all, I have a regular expression ^(.*)bytes read (?P\d+) written (?P\d+)$, where i edited the proper regular exp... by sujith0311 New Member in Splunk Search 02-03-2017 0 5	0	5
Why is my table search not displaying the application name? Hi, i am trying to display success,error and others with percentage in a table but application name is not displaying... by rajgowd1 Communicator in Splunk Search 02-03-2017 0 4	0	4
Is there a search to check if the universal forwarder has enabled forceTimeBasedAutoLB? I have enabled forceTimeBasedAutoLB on universal forwarder, but i want check whether that forwarder is making use of... by kteng2024 Path Finder in Splunk Search 02-03-2017 0 1	0	1
Why does my regular expression ignore escaped double quotes in value? When extracting the request or cookie from httpd logs I'm having problems capturing an entire request when the reques... by lumpymilk Explorer in Splunk Search 02-03-2017 0 5	0	5
How to add values of multiple fields and display daily total for past 7 days Hi all, I am having trouble figuring out how to multiply the number of events by the values that are given in the f... by demkic Explorer in Splunk Search 02-03-2017 0 3	0	3
How can i return values for a field that has 0 events? Here is my query. sourcetype="access_combined" product_name=* action=purchase \| chart count over product_name by act... by jayj New Member in Splunk Search 02-03-2017 0 5	0	5
how to edit my search to set an alert when disk usage is 60% and above? There are c/d/e/f/p disk in servers, i want to set alert for the servers whose drive utilization is 60% and above..... by vijaykumartcs Explorer in Splunk Search 02-03-2017 0 2	0	2
How to ignore some events at index time? Hello, I have to index only events that contains the string "$$log$$". I try with a transforms like [ignore] REGEX =... by ktn01 Path Finder in Splunk Search 02-03-2017 0 2	0	2
how to remove white space in the beginning of string value in field? In my field value are unstructured, few of the strings having space at beginning. Do anyone help, how to eliminate th... by karthikeyan_k14 New Member in Splunk Search 02-03-2017 0 1	0	1
How to separate the ordering of a chart Legend with the actual chart? Has anyone know how to "decouple" or separate the ordering of a chart Legend with the actual chart? I've looked at "... by dcroteau Splunk Employee in Splunk Search 02-03-2017 0 4	0	4
Any search examples for displaying a flame graph visualization? Hi, i am trying to implement visualization using flame graph, i was able to download flames code from git. can someo... by rajgowd1 Communicator in Splunk Search 02-03-2017 1 1	1	1
How to edit my search to determine if a field has a null or blank value? I'm trying to determine whether a field has a value but my search isn't giving me expected results, I've tried this: ... by dan_pudwell Explorer in Splunk Search 02-03-2017 0 3	0	3
How to write multiple fields into one column as values? Hi, I have a data that looks like this: ---------- ID1 field1=value1&field2=value2&field3=value3 --------... by snetuschil New Member in Splunk Search 02-03-2017 0 5	0	5
How to write a search for mapping fields based on dependency Hi, I have a sample dataset as follows: PROCCESS_NAME STATUS p1 PASS p2 PASS p3 PASS ... by harshal_chakran Builder in Splunk Search 02-02-2017 0 4	0	4
Recursive search I have a script that generates the time offset of a server from it's source, however, what I want to be able to do is... by ofgem_bird Engager in Splunk Search 02-02-2017 0 1	0	1
How to fill empty field with the time now My search throws empty time-related fields and I want to fill that compo with the current time by medveleyenet1 New Member in Splunk Search 02-02-2017 0 1	0	1
How do I compare my lookup table to multiple fields? I have a lookup table with IP address indicators that I would like to be alerted on whether the IP address is the sou... by MonkeyK Builder in Splunk Search 02-02-2017 1 8	1	8
How to modify my regular expression to extract strings between two pipes? hello, I need to extract the strings between both pipes " \| \| ", for instance, here are a few sample strings: (someti... by maximusdm Communicator in Splunk Search 02-02-2017 0 10	0	10
How to write a regular expression to identify multiple capturing groups? Hi, below is the stanza in transforms.conf. [rfc5424_header] REGEX = <(\d+)>\d{1}\s{1}\S+\s{1}\S+\s{1}(\S+)\s{1}... by ankithreddy777 Contributor in Splunk Search 02-02-2017 0 1	0	1
Where do you manually delete certain reports or dashboards on the server? So I have mass copied the search app from Server A to Server B (Along with the users directory) to basically copy ove... by Jarohnimo Builder in Splunk Search 02-02-2017 0 2	0	2
Why is my search using join returning zero results? hi i am trying to do something like index=uk search [subsearch] \| fields a b \| join a [index=uk search \| table a b c... by stephenmoorhous Path Finder in Splunk Search 02-02-2017 0 8	0	8
Why does an extracted timestamp field show as _raw? I've setup a field extractions with K=V; format and every field is working correctly except for the first field, "tim... by mvanberg Explorer in Splunk Search 02-02-2017 0 7	0	7
How to extract username from my data? Hi Splunkers, I have been struggling to extract user name from below values of user. user -------- user1@sa.com sab... by thambisetty_bal Path Finder in Splunk Search 02-02-2017 0 3	0	3