Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

rex extraction of multiple fields from a record (multi-line)

I'm trying to extract some Oracle audit log fields on the fly. I can't seem to get my regex to match. Source: A...

by Communicator in

How do I get all the values.

I have tried this source=/var/log/testlog "EXP" OR "Q up" OR "X listing" | rex "(?<myword>EXP|Q up|X listing)" | ...

by New Member in

Can't replace a healthcheck string in nginx

Hi, I have looked at the docs and tried to remove a line from nginx access log regarding our LB : 192.168.27.16...

by New Member in

Subsearch Realtime - Parent Search Last 5 minutes

Is it possible to have a subsearch looking for a log entry in realtime, then take that field and look back the past 5...

by Builder in

Using rex to extract one or two character digit from string

Hello I am trying to extract some digits from a string and I can't seem to get the regex to work. Here is an example ...

by Path Finder in

Search for unique count of users

Hi, I have a Splunk query which lets me view the frequency of visits to pages in my app. sourcetype="iis" sourc...

by Explorer in

Count By host

I am using this statement below to run every hour of the day looking for the value that is 1 on multiple hosts named ...

by Motivator in

My Selected Fields do not stay in the Selected Fields Area

I have some saved searches and I have fields from a data source (csv file) and my fields are defined in props and tra...

by Explorer in

Multi-valued Index-time key extraction not working, please help!

Hi all, I've been struggling with Splunk for weeks now (and had Developer training!) and I still can't get it to d...

by Explorer in

regular expression for XML Log

I have following log in xml format <tec><items><item><name>Status</name><value>Online</value></item><item><name>Co...

by Builder in

Can't extract fields names from tab delimited source

Hi. I'm new to Splunk. I've got basic import and searching working on the windows install, but I want to get the fiel...

by Explorer in

fomation in pattern matching- please help urgently

I have 2 keywords and I am running query : index="maa" | table Name Age Location | rex field="Location" (? ...

by Contributor in

bar chart with five search

I want to create a bar chart with these following search eventtype="et_system_metrics" Stage=A* | stats count(ev...

by Builder in

What's wrong in this sub search ?

What is the wrong in this sub search ? Individually both are working fine. eventtype="et_system_metrics" Stage=A*...

by Builder in

problem with REX

I am giving the following search : index="maa" | table Name Age Location | rex field="Location" (? (?i)"de...

by Contributor in

how to merge multiple rex commands

Hi, I have a query as follows : index="maa" |rex field="Location" (? (?i)"delhi") | eval ONE=lower(ONE)...

by Contributor in

Search for items not matching values from a lookup

Related to http://splunk-base.splunk.com/answers/7581/best-way-to-search-using-a-lookup-table I want this inverse ...

by Explorer in

Rex in If else ladder

Hi, I am running the below query and want to print 0 for the keyword that is not matched , can this be possible to gi...

by Contributor in

Alerting based on deviation on multi dimensional data

I have a challenge that I'm hoping someone can help with. There are around 24,000,000 events being indexed per 24 ...

by Explorer in

Unabe to get the search result in text box using javascript inside html module

Hi, Just have a look at this code < module name="HiddenSearch" layoutPanel="panel_row2_col1" autoRun="True"> ...

by Path Finder in

Splunk Search

Discussions

rex extraction of multiple fields from a record (multi-line)

How do I get all the values.

Can't replace a healthcheck string in nginx

Subsearch Realtime - Parent Search Last 5 minutes

Using rex to extract one or two character digit from string

Search for unique count of users

Count By host

My Selected Fields do not stay in the Selected Fields Area

Multi-valued Index-time key extraction not working, please help!

regular expression for XML Log

Can't extract fields names from tab delimited source

fomation in pattern matching- please help urgently

bar chart with five search

What's wrong in this sub search ?

problem with REX

how to merge multiple rex commands

Search for items not matching values from a lookup

Rex in If else ladder

Alerting based on deviation on multi dimensional data

Unabe to get the search result in text box using javascript inside html module

Add 2 static rows to dropdown search results befor...

Get conditional value from logs

Number of unique days a given IP address was used

tstats count on accelerated data models giving dif...

I need to get a kvstore lookup from my ES search h...