Splunk Search

Discussions

Thread Info

Rex not iterating over large string

I am trying to use rex to extract the hostnames and put them in a table, but rex is only matching the first string an...

by Path Finder in

How to edit my search for process flow analysis to sort and group values as expected?

Hi, I followed instructions here: https://answers.splunk.com/answers/132016/process-flow-tracing-point-to-point-l...

by Path Finder in

Search results to lookup table

Hi, I am currently running a search in a custom app that finds sourcetypes by number of hosts: - | tstats dc(host)...

by Builder in

Splunk Search does now show expected results

Hi I have a specific event massage that I'm trying to search for. Now my ideal seach string looks like this: ...

by New Member in

Error:std::bad_alloc Whenever I try to visualize a search

Splunk newbie here, I've installed Splunk onto a small ubuntu VM (512MB RAM and 20GB disk space) This should be OK be...

by Engager in

How to extract multiple values from XML logs and display all events where FieldA is not equal to FieldB?

I have some XML responses logged in Splunk which is pretty nested. Let's say there are multiple records of the form. ...

by Engager in

How to change the font, color, size, brush, shape, and related palette properties for charts in Splunk 6.4.x?

Hi Team, Can any one please help me how can I change the size of the font on Splunk charts. Also i wish to make fe...

by Communicator in

How to edit my search to get the percentage of hosts by HTTP response code?

I have http response codes, and I have hosts. I want my data to show both of them and how they correlate with each...

by Contributor in

how to order a result by the sequence of the terms I've searched?

Hello, I have the following query: Index=A BALL SQUARE TRIANGLE | stats count by Keyword The result I get...

by Engager in

How to edit my regular expression to extract numbers before key characters in my sample data?

I have this statement: 10.211.1.114 10.222.3.33:4331 - 2016-09-07 14:10:06 0.004 GET /openapi-rest-w...

by Contributor in

Date column has some bad data. I just want to remove the row if the date is doubled up in a row. How do I discard a row based on character count or other logic?

Hello Splunkers, Question about discarding rows, I want to disgard a row that is longer than 19 characters, if fou...

by Communicator in

How to trigger an alert when I get an event with a certain string of text, and only display newest events using the date in the log file?

Hi, I'm trying to get alerts on Splunk every time I get a new entry with text 'No space left on device' in a log f...

by Engager in

Visitor flow stats on website

I implemented the sp.js website analytics event collector with splunk. Now I have a lot of events collected, includin...

by Path Finder in

How to get difference of events between main search and a extracted search

Hi Ninjas I have a search which returns 1500 events. From that search I have extracted a field (eg FieldX) using a...

by Path Finder in

How to create multivalue field with regex?

Hello I want to push values into a multivalue field. The raw data are looking like the following: Sep 6 14:2...

by Path Finder in

How to sum changing values on a timechart?

Hi everyone, I've got a sample log that looks like [2013-06-03 11:35:42:66 EDT] RESPONSES 200=17 503=5 401=2. The 20...

by Path Finder in

Comparing different fields from different rows

Hi, I've a search query that returns 2 events with two different fields; EXTRA_FIELD_3 = XXXXXX GUNCELSAYI ...

by Path Finder in

Search only spesific country

Hi I'm new in splunk.I have a firewall that send the log to splunk , and one of the information provide in the firewa...

by New Member in

How to send the output of one sourcetype into another

Hi, I am trying to run a search query wherein where in output of one query acts as inupt for the following query. ...

by New Member in

Lookup tables: encoding and accented characters

Hi everybody, I have some problems with lookup tables based on CSV files. My environment consists in a central Spl...

by Path Finder in

How to edit my regular expression to extract the URL from both of my sample log entries?

Hi, I have these two entries in the same log. I'm try to extract out the URL in bold below For the first one I ...

by Motivator in

How to write a search to only keep a certain type of value for a multivalue field?

Hello Splunkers, I have a question about data I am trying to draw from Splunk. If you look at the fields, I am am ...

by Communicator in

How do I create a transaction when not all fields are present?

Hi! I am a Splunk beginner and have the following question. I have some events I would like to transact, but n...

by New Member in

How to edit my search to identify utilization of devices, then categorize them into buckets of utilization?

I need to get my search to identify the utilization of devices, and then categorize them into buckets of utilization ...

by New Member in

how to simulate flow data like real time search for hunk?

hi i know that hunk doesn't support real time searching for hadoop data. how can i do if i will refresh or restart...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Rex not iterating over large string

How to edit my search for process flow analysis to sort and group values as expected?

Search results to lookup table

Splunk Search does now show expected results

Error:std::bad_alloc Whenever I try to visualize a search

How to extract multiple values from XML logs and display all events where FieldA is not equal to FieldB?

How to change the font, color, size, brush, shape, and related palette properties for charts in Splunk 6.4.x?

How to edit my search to get the percentage of hosts by HTTP response code?

how to order a result by the sequence of the terms I've searched?

How to edit my regular expression to extract numbers before key characters in my sample data?

Date column has some bad data. I just want to remove the row if the date is doubled up in a row. How do I discard a row based on character count or other logic?

How to trigger an alert when I get an event with a certain string of text, and only display newest events using the date in the log file?

Visitor flow stats on website

How to get difference of events between main search and a extracted search

How to create multivalue field with regex?

How to sum changing values on a timechart?

Comparing different fields from different rows

Search only spesific country

How to send the output of one sourcetype into another

Lookup tables: encoding and accented characters

How to edit my regular expression to extract the URL from both of my sample log entries?

How to write a search to only keep a certain type of value for a multivalue field?

How do I create a transaction when not all fields are present?

How to edit my search to identify utilization of devices, then categorize them into buckets of utilization?

how to simulate flow data like real time search for hunk?

Advanced Splunk Data Management Strategies

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...