Splunk Search

Community Activity

How to generate a search for an exact word pattern? Hi All, I want to search a word in Splunk in a certain field for example "foo" and will return the following: foo b... by danielcmarcosjr Explorer in Splunk Search 11-04-2016 1 23	1	23
How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk? Hi, I have a regex to allow certain data into Splunk via a transforms, and now I need to update it. I made some chan... by a212830 Champion in Splunk Search 11-04-2016 0 10	0	10
My first summary index - what am I doing wrong with the stats command? Dear Splunk gurus, I am trying to use Summary Indexing to improve reporting times for a Print Analytics dashboard. T... by alexoldman Explorer in Splunk Search 11-04-2016 3 3	3	3
([^\/]+)\/ REGEX meaning? Can someone explain me wht that simple regex means?? Sorry for this simple question but this is very new to me. I und... by Harishma Communicator in Splunk Search 11-04-2016 0 7	0	7
Why are my search results are not matching the lookup table? I am performing a search where I am making use of a CSV lookup and only get those results that match one of the field... by raghav130593 Explorer in Splunk Search 11-04-2016 0 2	0	2
How do I do SQL-like MINUS? All OrderId This query gives all distinct orderID basesearch \| dedup orderID \| table orderID This query gives all... by chatsai New Member in Splunk Search 11-03-2016 0 5	0	5
How do I sort my results from my sample data into different columns? I have the below data that I want to sort and show up in different columns as 1. Device (that shows the different rp... by bharpur183 Explorer in Splunk Search 11-03-2016 0 12	0	12
Why does my search only give strptime output for one of three time values? I have a field DATE_OF_BIRTH and the values are like 1962-09-30 00:00:00.0 1955-10-21 00:00:00.0 1988-10-31 00:00:00... by ppanchal Path Finder in Splunk Search 11-03-2016 0 3	0	3
Which of these field extractions defined in props.conf will Splunk consider for this field? I'd extracted 2 fields in props.conf as below: [abc_xml_v1] EXTRACT-abc_rac_cd_instance = ^/(cs\|app)/abc/.*/adump/(?... by pavanae Builder in Splunk Search 11-03-2016 0 1	0	1
How to parse my sample JSON data to get a stats count grouped by a certain value? For the json below: {"key5":"Thu Nov 03 08:34:19 CDT 2016","key1":"123456","key2":"{\"key21\":\"(123)-456-7890\",\"k... by splunk_skr Explorer in Splunk Search 11-03-2016 0 7	0	7
Results of two searches displayed on one chart I'm trying to take the results of 2 searches that are each searching a different index and display on one table to co... by rlautman Path Finder in Splunk Search 11-03-2016 2 5	2	5
-1 value at _time field using timechart Hello Splunkers. I'm having an issue with timechart; Scenario: I have a index that contains summarized data. I wa... by guimilare Communicator in Splunk Search 11-03-2016 0 9	0	9
Concatenate fields into a single string I have four fields: Signature_Name, Vendor_Signature, Incident_Detail_URL, Analyst_Assessment that I need to concaten... by efelder0 Communicator in Splunk Search 11-03-2016 6 6	6	6
Why is my alert not triggered even though there are results that meet the criteria? Hi All, We have a search which checks for a total count of failures in system in the last 24 hours: index=mydata ea... by kotig Path Finder in Splunk Search 11-03-2016 0 6	0	6
Distinct Count Where... Hey people, I'm trying to get multiple "distinct count where..." working but don't know where to start. The idea is... by singhh4 Path Finder in Splunk Search 11-03-2016 0 7	0	7
Timechart x-axis customized time I am getting date from my device in search date field like date=20140408045219. So i wanted to show the time chart ac... by abhi144 New Member in Splunk Search 11-03-2016 0 4	0	4
Counting Events and then finding the sum? Good Morning, Fellow Splunkers I'm interested in counting events per hour for a 24 hr period. I would also like to ... by asarran Path Finder in Splunk Search 11-03-2016 0 2	0	2
How to fetch data from multiple source types in a dashboard ? Hi Team, I have three sourcetypes, all the sourcetypes have two or three common fields , how to extract the data as... by rijinc Explorer in Splunk Search 11-03-2016 0 1	0	1
How to generate a search that will sort by a field and get aggregated data for the sorted field? I have a search string. index=data sourcetype=jobs QUEUE=myqueue\| dedup JOBID \| FIELDS CPU_USED, USER group by USER... by sweenj Explorer in Splunk Search 11-03-2016 0 3	0	3
Completely Newbie to REGEX I'm completely new to REGEX. Started off learning by going through some videos and splunk docs. Can someone please pr... by sarnagar Contributor in Splunk Search 11-03-2016 0 2	0	2
not able to get app specific sourcetypes using tags. I have created tags in tags.conf inside my splunk app as below. [index=index1] app_index = enabled [index=index2] a... by ssujin Explorer in Splunk Search 11-03-2016 1 2	1	2
convert two values same name I have two field names from different sourcetype with the desired value that I want to put in a table with the same n... by hartfoml Motivator in Splunk Search 11-03-2016 0 2	0	2
servicenow incidents in splunk AM not able to see all the incidents which are there in my servicenow instance. I have splunk_TA_Snow app configured... by surekhasplunk Communicator in Splunk Search 11-03-2016 0 1	0	1
Inputlookup subsearch I have a csv file with some stats code, i have added as a lookup . I want to use two fields in stats code with say ... by msachdeva3 Explorer in Splunk Search 11-03-2016 0 2	0	2
How to match search output to a specific list of items using lookup (or other) Hi splunkers. Im running Splunk v6.4.3 and I need to match the output from a normal sourcetype="cisco:syslog" sear... by pjasa New Member in Splunk Search 11-02-2016 0 3	0	3