Splunk Search

Community Activity

How can I strip the headers for JSON to parse correctly? Currently not working! I am trying to remove the header of my JSON data but my current setup will not work, it continues to parse with the h... by danfein New Member in Splunk Search 12-31-2016 0 5	0	5
Regex Help! Hi Let me know how to replace [.] by . in the below fields. 78[.]123[.]66[.]18 ans[.]rttw[.]dd[.]hf Thanks in Adva... by kiran331 Builder in Splunk Search 12-31-2016 0 2	0	2
Display Real Time Calculations Without a Search Hello, I previously posted a question* about Real Time searches, and, thanks to the answers, I was able to achieve w... by _dave_b Communicator in Splunk Search 12-30-2016 0 3	0	3
How to create transaction where single value matches multi-value field? Hi, I'm working with some DNS query logs (actually timestamped tcpdump output) and trying to match them to firewall ... by asleeis Path Finder in Splunk Search 12-30-2016 0 8	0	8
Regex help!!! Hi, Can someone please help with formatting IP address or FQDN,we nee to remove [ ] in the below. These below detai... by splunker9999 Path Finder in Splunk Search 12-30-2016 0 2	0	2
Splunk Join help Hi, We are looking to join INDICATOR VALUE from lookup table to the search and needs to find out if a value is same. ... by splunker9999 Path Finder in Splunk Search 12-30-2016 0 2	0	2
Eval and sum problemn I have a couple events to search for 3 fields MySearch \| eval UTCOD=if((FIRST_ACT=5 and SECOND_ACT=2), 1, 0) \| eval ... by jnahuelperez35 Path Finder in Splunk Search 12-30-2016 0 2	0	2
Finding the hosts who time difference is 1hr to 10hrs ? Hi, i want to print the hosts,Time difference whose lastTime and recentTime is between 1hr to 10hrs . Below is the q... by kteng2024 Path Finder in Splunk Search 12-30-2016 0 3	0	3
Need to add the numeric value after split HI All, I have a log like below,there are under Message field in the logs : ApplicationName date. total: 2.This is ... by AdixitSplunk Path Finder in Splunk Search 12-29-2016 0 3	0	3
Matching field from one index to an identical field in a second index to get the value of another field in the second index I've spent over a month reading on here and trying to do this myself, but it's time to throw up the white flag. I've... by uh2 New Member in Splunk Search 12-29-2016 0 3	0	3
Continuous Display of Time Since Event Hello, I have made a dashboard that searches for an event, displays the time-stamp of that event, and the time elapse... by _dave_b Communicator in Splunk Search 12-29-2016 0 5	0	5
csv extrtactions not working Hello am trying to ingest csv data into splunk. inputs.conf [monitor:///tmp/mycsv/test.csv] sourcetype=mytest ind... by saifuddin9122 Path Finder in Splunk Search 12-29-2016 0 5	0	5
QUery to find new Deployment clients that started reporting to Deployment Server Hi , We are actually migrating our environment ,as part of that thought of creating a search query which could tell ... by splunker9999 Path Finder in Splunk Search 12-29-2016 0 2	0	2
How to find the multiple IP sources per user? Hi I am trying to filter my search by user name and Ip.I used the simple command (mysearch)\|table src_user,src_ip , ... by nazanin2016 Path Finder in Splunk Search 12-28-2016 0 2	0	2
Persistent queues tcp Splunk has an option of a disk based persistent queue on a TCP input. The option is not available for splunktcp input... by lisaac Path Finder in Splunk Search 12-28-2016 0 1	0	1
Using logs with IP addresses, how can I develop a search that defines remote login from a different geolocations within 1 hour? I need to define Remote login from different locations within 1 hour, but my vpn log doesn't have information concern... by nazanin2016 Path Finder in Splunk Search 12-28-2016 0 3	0	3
How to get Indexer utilization of last 24 hrs. Hi Guys, I am trying to get the utilization of all the indexer for last 24 hrs. I am trying to enter below string ... by Steave4app New Member in Splunk Search 12-28-2016 0 6	0	6
streamstats: reset_after function didn't work,[streamstats]: reset_after doesn't works Hi, I try to use the function reset_after="("<'eval-expression'>")" of the command streamchart but it didn't work. I ... by audherma Engager in Splunk Search 12-28-2016 1 6	1	6
Can extract or kv command be limited to a specific field? It seems the extract/kv command uses _raw as input to do its parsing. Is there any way to pass a previously extracted... by recurse New Member in Splunk Search 12-28-2016 0 3	0	3
Can i have field names with spaces ? Hi , Can I have the fieldnames with spaces . i.e I have used the rename command in my search Query as follows.. my ... by rakesh_498115 Motivator in Splunk Search 12-28-2016 2 4	2	4
How can I extract these highlighted fields? Hi all i want to get the below highlighted field. "10.123.123.123","VM","??????????","VW_MCMM01_IvsHa","yellow","2016... by flora123 Path Finder in Splunk Search 12-27-2016 0 7	0	7
How to generate a search to find errors by type for my error log? ERROR - *(somedata). FlatFile ERROR - 2649 BUSINESS_LOGIC ERROR - More than 1 primary id found for the given offer... by kirankotla New Member in Splunk Search 12-27-2016 0 3	0	3
how to edit my search to display list of hosts instead of count? i have written the following search to generate list of sourcetype and indexes with host count, but i want to list al... by chanamoluk Explorer in Splunk Search 12-27-2016 0 1	0	1
When creating a field extraction, why am I unable to expand the event to select the fields I want? Hi All, I am trying to extract some fields from a large XML file. When I use the "extract new fields" selector, I c... by packet_hunter Contributor in Splunk Search 12-27-2016 0 7	0	7
How to change the data in a table after clicking on bar graphs? Hello, I would like to ask, how to do this in Splunk: If you have a chart (bar graphs) and a table with data. If I ... by danielcmarcosjr Explorer in Splunk Search 12-27-2016 0 2	0	2