Splunk Search

Community Activity

How do you use rex to slice a string up to the white space I have a string called PGM_NM. The contents of PGM_NM are "AE248 \AX0\AX0". I want to use the rex function to slice... by madisonf15 Engager in Splunk Search 08-03-2016 0 3	0	3
Formatting Log Name with Regex Hello. I am currently trying to do something with a list of logs that I have been given. All of the logs have the sa... by JibBgh New Member in Splunk Search 08-03-2016 0 6	0	6
Why am I unable to extract this field with my current rex statement? I have a regex that should be extracting the employeeType field from an event. Below is the text of the event and the... by jmaple Communicator in Splunk Search 08-03-2016 0 4	0	4
how can I format and chart a status message? Hello, a device in our system returns a status message that looks like the following (as seen in splunk search result... by msantich Path Finder in Splunk Search 08-03-2016 0 8	0	8
What markup language should "Overview" and "Details" be written in? Very simple question, I need to write these pages for an app, but don't have access to the account yet. Or is it done... by sulrich11 New Member in Splunk Search 08-03-2016 0 1	0	1
can i skip the lines when we start splunk for first time?? Hello i want to know whether we can skip the lines when we start the splunk for the first time. if we can any body l... by saifuddin9122 Path Finder in Splunk Search 08-03-2016 1 8	1	8
How to display Event_Status change? In a log file I have one field with name EVENT_STATUS. It has 3 values 1.Accepted 2. Pending 3. Rejected I have desig... by priyankamundarg Explorer in Splunk Search 08-03-2016 0 3	0	3
How do I remove \x00 characters from my log message? I have a log message which (thanks, M$) has been littered with \x00 text - originally null bytes. They appear every o... by Jason Motivator in Splunk Search 08-03-2016 3 7	3	7
is $ supported in regex for field extraction ? I've got the following log line and I wish I could extract the last IP address field: .................(variable num... by lauMarot Path Finder in Splunk Search 08-03-2016 0 17	0	17
I want to extract one field from different types of events. Please let know how to extract "status" filed from below logs. Please find the below events. I want to extract the field which will have Error, Warning, info and error. Let me know... by poojamande New Member in Splunk Search 08-03-2016 0 2	0	2
Why do Stats and Evenstats return different results when calculating percentiles? I am trying to work out the 99th percentile of some response times and after seeing discrepancies in a couple of sear... by MattLingwood Engager in Splunk Search 08-03-2016 0 3	0	3
Is it possible to use the same subsearch twice in a search? Hello, Is it possible to use the same subsearch twice in a search? Of course without having Splunk to execute the se... by pduflot Path Finder in Splunk Search 08-03-2016 0 1	0	1
Why does my search in curl return empty results? Hi guys, I tried to make a search using curl, but the problem is when the command finalizes, it return empty. Here ... by Buscatrufas Path Finder in Splunk Search 08-03-2016 0 1	0	1
How to edit my search to remove duplicate source, sourcetype, and _time values by host? Hi, This is my search and need to remove duplicate source, sourcetype, and last_time by host. Please suggest how to ... by syedsalam New Member in Splunk Search 08-02-2016 0 3	0	3
how can i get two different events individually where both are separated by pipe "\|" in the splunk data base. i am using splunk to get the logs. we build a data base where 2 or 3 log events are separated by pipe "\|" and tagged ... by annamareddi New Member in Splunk Search 08-02-2016 0 6	0	6
How do you show events on a timeline? Assuming I'm showing events on a timeline, say for example, timechart count(sign_ins) by date_hour date_hour \| user... by chustar Path Finder in Splunk Search 08-02-2016 0 3	0	3
how search things which do not belong to inner join? would like find things which can not inner join, meaning left side and right side which no common things how search t... by cyberportnoc Explorer in Splunk Search 08-02-2016 0 3	0	3
how to search successful or failure connection for firewall log? i use this log for 24 hours but no result even in last 7 days, however individual search inbound and outbound separa... by cyberportnoc Explorer in Splunk Search 08-02-2016 0 3	0	3
Joining two eventtypes based on an ID I currently have two sets of data where one includes all of the product views, and one includes all of the downloads ... by emamedov Explorer in Splunk Search 08-02-2016 0 3	0	3
Regex help! Hi How can i extract a dn from the following result. identity: acd123 cn=abc,ou=..,ou=.., xyz234 cn=acd,ou=abc,..... by kranthi851 New Member in Splunk Search 08-02-2016 0 2	0	2
How to highlight the lowest value in a statistics table with yellow or red? Hi, I have the search below and it works great. It outputs a table with the customer name, then a trendline, and th... by dbcase Motivator in Splunk Search 08-02-2016 0 3	0	3
How to extract these fields from my sample data? I have raw data like this, 09:00:06 08/01/2016 good TSMONW46PRDV [TSMONW46PRDV][AP] Disk Space Disk/File Sys... by anoopambli Communicator in Splunk Search 08-02-2016 1 12	1	12
How to change "infraction" data model to have global permissions and make it accessible across all apps. Can anyone suggest me where to change the settings to make the data model global. by Deepali5 New Member in Splunk Search 08-02-2016 0 1	0	1
How to remove field values Hi, I want to remove source and source type field value of Unix:Service Unix:Uptime Unix:Version package ps Pleas... by syed_star357 New Member in Splunk Search 08-02-2016 0 4	0	4
How to compare same field values at different times? How can I do a comparison with values from same field at different times? The logs belongs to the same index/sourcety... by muralianup Communicator in Splunk Search 08-02-2016 0 2	0	2