Splunk Search

Community Activity

streamfwd ingestion of data from the pcap searching Hi, Following the Documentation provided by splunk I triggered streamfwd from the command line for my pcap. http://d... by ekremikizoglu Explorer in Splunk Search 11-04-2016 0 3	0	3
How to add line break in the eval function? Hi How to add the line break in the eval function base search\|eval new = src_host+","+"Event Code="+EventCode+","... by kiran331 Builder in Splunk Search 11-04-2016 0 3	0	3
Extracting a string from the search result INFO : Start Outputing Report: Project ID:c_exactworld_17121, Format:EXCEL Above is my search result, and I wanna ex... by zeewagon Engager in Splunk Search 11-04-2016 0 9	0	9
How does this search work? I am using the tag name in search query to filter down the app specific index, followed by "index=index1" to filter d... by jnithya Engager in Splunk Search 11-04-2016 0 1	0	1
How to set a field as the token to use in a dashboard? I have a search which will return me field email id. index=snow description=CPU \|table number sys_created_by nu... by surekhasplunk Communicator in Splunk Search 11-04-2016 2 4	2	4
How to generate a search for an exact word pattern? Hi All, I want to search a word in Splunk in a certain field for example "foo" and will return the following: foo b... by danielcmarcosjr Explorer in Splunk Search 11-04-2016 1 23	1	23
How to edit my REGEX in transforms.conf to allow certain data to get indexed in Splunk? Hi, I have a regex to allow certain data into Splunk via a transforms, and now I need to update it. I made some chan... by a212830 Champion in Splunk Search 11-04-2016 0 10	0	10
My first summary index - what am I doing wrong with the stats command? Dear Splunk gurus, I am trying to use Summary Indexing to improve reporting times for a Print Analytics dashboard. T... by alexoldman Explorer in Splunk Search 11-04-2016 3 3	3	3
([^\/]+)\/ REGEX meaning? Can someone explain me wht that simple regex means?? Sorry for this simple question but this is very new to me. I und... by Harishma Communicator in Splunk Search 11-04-2016 0 7	0	7
Why are my search results are not matching the lookup table? I am performing a search where I am making use of a CSV lookup and only get those results that match one of the field... by raghav130593 Explorer in Splunk Search 11-04-2016 0 2	0	2
How do I do SQL-like MINUS? All OrderId This query gives all distinct orderID basesearch \| dedup orderID \| table orderID This query gives all... by chatsai New Member in Splunk Search 11-03-2016 0 5	0	5
How do I sort my results from my sample data into different columns? I have the below data that I want to sort and show up in different columns as 1. Device (that shows the different rp... by bharpur183 Explorer in Splunk Search 11-03-2016 0 12	0	12
Why does my search only give strptime output for one of three time values? I have a field DATE_OF_BIRTH and the values are like 1962-09-30 00:00:00.0 1955-10-21 00:00:00.0 1988-10-31 00:00:00... by ppanchal Path Finder in Splunk Search 11-03-2016 0 3	0	3
Which of these field extractions defined in props.conf will Splunk consider for this field? I'd extracted 2 fields in props.conf as below: [abc_xml_v1] EXTRACT-abc_rac_cd_instance = ^/(cs\|app)/abc/.*/adump/(?... by pavanae Builder in Splunk Search 11-03-2016 0 1	0	1
How to parse my sample JSON data to get a stats count grouped by a certain value? For the json below: {"key5":"Thu Nov 03 08:34:19 CDT 2016","key1":"123456","key2":"{\"key21\":\"(123)-456-7890\",\"k... by splunk_skr Explorer in Splunk Search 11-03-2016 0 7	0	7
Results of two searches displayed on one chart I'm trying to take the results of 2 searches that are each searching a different index and display on one table to co... by rlautman Path Finder in Splunk Search 11-03-2016 2 5	2	5
-1 value at _time field using timechart Hello Splunkers. I'm having an issue with timechart; Scenario: I have a index that contains summarized data. I wa... by guimilare Communicator in Splunk Search 11-03-2016 0 9	0	9
Concatenate fields into a single string I have four fields: Signature_Name, Vendor_Signature, Incident_Detail_URL, Analyst_Assessment that I need to concaten... by efelder0 Communicator in Splunk Search 11-03-2016 6 6	6	6
Why is my alert not triggered even though there are results that meet the criteria? Hi All, We have a search which checks for a total count of failures in system in the last 24 hours: index=mydata ea... by kotig Path Finder in Splunk Search 11-03-2016 0 6	0	6
Distinct Count Where... Hey people, I'm trying to get multiple "distinct count where..." working but don't know where to start. The idea is... by singhh4 Path Finder in Splunk Search 11-03-2016 0 7	0	7
Timechart x-axis customized time I am getting date from my device in search date field like date=20140408045219. So i wanted to show the time chart ac... by abhi144 New Member in Splunk Search 11-03-2016 0 4	0	4
Counting Events and then finding the sum? Good Morning, Fellow Splunkers I'm interested in counting events per hour for a 24 hr period. I would also like to ... by asarran Path Finder in Splunk Search 11-03-2016 0 2	0	2
How to fetch data from multiple source types in a dashboard ? Hi Team, I have three sourcetypes, all the sourcetypes have two or three common fields , how to extract the data as... by rijinc Explorer in Splunk Search 11-03-2016 0 1	0	1
How to generate a search that will sort by a field and get aggregated data for the sorted field? I have a search string. index=data sourcetype=jobs QUEUE=myqueue\| dedup JOBID \| FIELDS CPU_USED, USER group by USER... by sweenj Explorer in Splunk Search 11-03-2016 0 3	0	3
Completely Newbie to REGEX I'm completely new to REGEX. Started off learning by going through some videos and splunk docs. Can someone please pr... by sarnagar Contributor in Splunk Search 11-03-2016 0 2	0	2