Splunk Search

Community Activity

How to search for a pair of substrings in a subsearch to filter my results? Hi at all, I have a lookup with two fields: field1field2 I have to filter a search using the pairs of the two field... by gcusello SplunkTrust in Splunk Search 12-08-2016 0 15	0	15
How to edit my regular expression to extract a field value? I have the following field value in field script_field. Test script /name/name/check.sh ran VM Script - xi2v I want... by email2vamsi Explorer in Splunk Search 12-08-2016 0 4	0	4
What is the regular expression that will get the servlet name in a URL? Taking an example below, I am looking to be make a regular expression that will give me name of servlet form below (a... by rbathla New Member in Splunk Search 12-07-2016 0 1	0	1
How can I combine several transactions into one search and chart Hi, I am trying to get some performance/profiling statistics from our system. The log is very elar and aesy to read ... by kaurinko Communicator in Splunk Search 12-07-2016 0 4	0	4
How to apply the predict command with group by for multiple column values in one search ? I want to apply the predict command on multiple column values with one search. My table values are like this: fet... by intelsubham Explorer in Splunk Search 12-07-2016 2 2	2	2
How to create a search that will trigger an alert when there are no events? I want to trigger an alert if there are no events in the selected time range. please help me with sample search. by sravankaripe Communicator in Splunk Search 12-07-2016 1 5	1	5
How to match two CSV files using lookup? How would I match two csv files using lookups? The first csv contains a list of CIDR subnet ranges for each site and ... by hmrabet New Member in Splunk Search 12-07-2016 0 1	0	1
How to find daily maximum and minimum failure rates over the last 7 days? Hi all, the following search I have is calculating the failure rate per day over the last 7 days (set by the time pic... by demkic Explorer in Splunk Search 12-07-2016 0 14	0	14
Why is Splunk not finding all events based on a field in a lookup file? Hi, I have a lookup file that looks like this (filename=12-07-16_CPEs.csv) Cpe_ID 9c97265f6d0f 5898353e54ab 589835f... by dbcase Motivator in Splunk Search 12-07-2016 0 1	0	1
How to generate a search that displays a cumulative percentage column? Hi I have the log below. score 1 10 2 22 3 33 4 ... by kualo Explorer in Splunk Search 12-07-2016 0 1	0	1
How to extract the last 5 digits in my results as a new field? How to extract the last 5 digits from the following results, I need last 5 digits as a new field 00022234 001234 012... by kiran331 Builder in Splunk Search 12-07-2016 0 1	0	1
Why does highlight not highlight? What am I doing wrong? This should be dead simple. Obviosuly I am missing something. host=tcserver1 \| highlight ERROR I just want a pretty... by neiljpeterson Communicator in Splunk Search 12-07-2016 0 6	0	6
Why does my search for total index size per day not match the Distributed Management Console? I have searched for data ingestion rate per day for a particular index using below search. And verified it with index... by ankithreddy777 Contributor in Splunk Search 12-07-2016 1 1	1	1
How to convert time format to epoch time in order to calculate difference? Hi How to convert the time format ‎"2016‎-‎12‎-‎07T09:33:33.040875200Z" to epoch time for calculating difference an... by kiran331 Builder in Splunk Search 12-07-2016 0 7	0	7
How to extract portions of an event? I have a event which is like below. "searchString" index=ABC1............XYZ1"/searchString" 123456789 "searchString... by kkompalli New Member in Splunk Search 12-07-2016 0 1	0	1
Feature Request: CIDR matching for IPv6 in search Could CIDR matching for IPv6 be enabled in the search command instead of piping to a where command? I have had some d... by tbias New Member in Splunk Search 12-07-2016 0 1	0	1
How to extract fields from two separate events into two separate fields, not one single field? The following block shows two events with their headers. The first event has four fields. The second event has five f... by email2vamsi Explorer in Splunk Search 12-07-2016 0 5	0	5
How to define a transaction search based on different start and end formats? I am a Splunk newbie at beginner level. Trying to use transactions to get the length of duration of a given user sess... by psteja Engager in Splunk Search 12-07-2016 0 6	0	6
How to generate a search that will count based on filename in the log? Hi, i need to count the stat based on different type of source and field (based on 1st 3 char of the filename of the ... by newbiesplunk Path Finder in Splunk Search 12-07-2016 0 1	0	1
How to generate a search that will calculate response time based on my event? I have to take response time from given 12/07/2016 07:36:49 :: :: 090A24936 Req. : 07:36:49:450 --- 090A24936 Reply ... by karthi2809 Builder in Splunk Search 12-07-2016 0 1	0	1
How to create a field from value of an existing field? i have this search index=cmedia sourcetype="adspecificsnmp" \| rex field=_raw mode=sed "s/=,/=NA,/g" \| rex field=... by rwiley Explorer in Splunk Search 12-07-2016 0 5	0	5
Are there any limitations using on using the _raw field in an eval case statement? Hi, I was trying to construct an eval case statement using default _raw field and observed strange results. Here is ... by sgundeti Path Finder in Splunk Search 12-07-2016 0 3	0	3
How to edit my tstats search with inputlookup to return additional columns from a CSV file? Hi All, Need your help to refine this search. Currently in the search, we are using the tstats command along with i... by sumitkathpal Explorer in Splunk Search 12-07-2016 0 2	0	2
How do I extract these fields and corresponding values parsing while JSON data? I have a following JSON input. { "StartTime": { "@item": "1", "#text": "2016/11/21 09:35:25" ... by sarfarajsayyad New Member in Splunk Search 12-07-2016 0 6	0	6
How to edit my regular expression to grab the first line in a log? I have a log file like this: Type: something/something; something The next line I want to write a Splunk search to... by sankarms Explorer in Splunk Search 12-06-2016 0 4	0	4