Splunk Search

Community Activity

How to extract multiple values for multiple fields from my sample multiline event using rex? Below is my mentioned sample event details. I want to extract fields into a table using regex operations. I need to o... by vijax Engager in Splunk Search 12-08-2016 0 5	0	5
How do you quantify how much data is coming in for a specific key-value pair? I am trying to find out just how much data is coming in for a specific key value pair? So we have only two sourcetype... by campbellj1977 Explorer in Splunk Search 12-08-2016 0 2	0	2
How to write a recursive search to build a tree structure? I have a csv index imported in Splunk and it represents static pairs "child-account" structure i,e: account,parent ... by unchura Explorer in Splunk Search 12-08-2016 0 5	0	5
How to edit my search to calculate a field? Hi, I am trying to calculate a field from a data that I receive from a vulnerability system. severity field retur... by ttchorz Path Finder in Splunk Search 12-08-2016 0 4	0	4
How to write a transaction search to expand multivalued fields into separate single value events? Hi, I'm having difficulties expanding a multivalued Transaction event back into individual events. The overall goal ... by dc595 Explorer in Splunk Search 12-08-2016 0 5	0	5
How to create a time chart using multiple custom time fields, not _time? I'm trying to chart two different things in the same graph using two different custom time fields. It almost works (t... by abake Engager in Splunk Search 12-08-2016 1 3	1	3
How to build a search that compares the results of 2 dates and shows delta? I have the following data Date Server Value 1st Jan abc 10 1st Jan xyz ... by smcdonald20 Path Finder in Splunk Search 12-08-2016 0 4	0	4
How to search errors for last month and the current month, and find what errors are new based on the error message? I haven't found any resource in the threads on how to do this, but what I would like to do is ask Splunk: Get me err... by tragiccode New Member in Splunk Search 12-08-2016 0 7	0	7
How can I use the lookup command where the target field is the root of the source field? Hello all, I have to use a lookup to get data but the problem is that the source field for the lookup is longer than... by andrewtrobec Motivator in Splunk Search 12-08-2016 0 5	0	5
How to display my table in xyseries? I Have the following Display Domain Application ReportingMonth Price ADD Dotnet ... by ASISH_9 Engager in Splunk Search 12-08-2016 0 1	0	1
How to write a search to monitor data center traffic? Hello All, I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup file... by swapsplunk Explorer in Splunk Search 12-08-2016 0 2	0	2
How to search for a pair of substrings in a subsearch to filter my results? Hi at all, I have a lookup with two fields: field1field2 I have to filter a search using the pairs of the two field... by gcusello SplunkTrust in Splunk Search 12-08-2016 0 15	0	15
How to edit my regular expression to extract a field value? I have the following field value in field script_field. Test script /name/name/check.sh ran VM Script - xi2v I want... by email2vamsi Explorer in Splunk Search 12-08-2016 0 4	0	4
What is the regular expression that will get the servlet name in a URL? Taking an example below, I am looking to be make a regular expression that will give me name of servlet form below (a... by rbathla New Member in Splunk Search 12-07-2016 0 1	0	1
How can I combine several transactions into one search and chart Hi, I am trying to get some performance/profiling statistics from our system. The log is very elar and aesy to read ... by kaurinko Communicator in Splunk Search 12-07-2016 0 4	0	4
How to apply the predict command with group by for multiple column values in one search ? I want to apply the predict command on multiple column values with one search. My table values are like this: fet... by intelsubham Explorer in Splunk Search 12-07-2016 2 2	2	2
How to create a search that will trigger an alert when there are no events? I want to trigger an alert if there are no events in the selected time range. please help me with sample search. by sravankaripe Communicator in Splunk Search 12-07-2016 1 5	1	5
How to match two CSV files using lookup? How would I match two csv files using lookups? The first csv contains a list of CIDR subnet ranges for each site and ... by hmrabet New Member in Splunk Search 12-07-2016 0 1	0	1
How to find daily maximum and minimum failure rates over the last 7 days? Hi all, the following search I have is calculating the failure rate per day over the last 7 days (set by the time pic... by demkic Explorer in Splunk Search 12-07-2016 0 14	0	14
Why is Splunk not finding all events based on a field in a lookup file? Hi, I have a lookup file that looks like this (filename=12-07-16_CPEs.csv) Cpe_ID 9c97265f6d0f 5898353e54ab 589835f... by dbcase Motivator in Splunk Search 12-07-2016 0 1	0	1
How to generate a search that displays a cumulative percentage column? Hi I have the log below. score 1 10 2 22 3 33 4 ... by kualo Explorer in Splunk Search 12-07-2016 0 1	0	1
How to extract the last 5 digits in my results as a new field? How to extract the last 5 digits from the following results, I need last 5 digits as a new field 00022234 001234 012... by kiran331 Builder in Splunk Search 12-07-2016 0 1	0	1
Why does highlight not highlight? What am I doing wrong? This should be dead simple. Obviosuly I am missing something. host=tcserver1 \| highlight ERROR I just want a pretty... by neiljpeterson Communicator in Splunk Search 12-07-2016 0 6	0	6
Why does my search for total index size per day not match the Distributed Management Console? I have searched for data ingestion rate per day for a particular index using below search. And verified it with index... by ankithreddy777 Contributor in Splunk Search 12-07-2016 1 1	1	1
How to convert time format to epoch time in order to calculate difference? Hi How to convert the time format ‎"2016‎-‎12‎-‎07T09:33:33.040875200Z" to epoch time for calculating difference an... by kiran331 Builder in Splunk Search 12-07-2016 0 7	0	7