Splunk Search

Community Activity

How to rename a field that was recently extracted? I recently extracted a few fields such as GBPS and now I would like to rename this particular field Bps. Thank You, ... by UsualSuspect7 Engager in Splunk Search 07-28-2016 0 2	0	2
How to search the average percentage of two different stats and display both on the same timechart? I'm having trouble displaying the count of 400-499 errors as 1 series on a timechart, and 500-599 errors as a separat... by bgeshk Engager in Splunk Search 07-28-2016 0 1	0	1
How do I extract this date time field from my sample data using rex? I used this search, but it is not extracting the date time field properly. I will use this date time as a common fiel... by cyberportnoc Explorer in Splunk Search 07-28-2016 0 2	0	2
How to search for dashboards and reports created by a specific user/owner? Hi Team, I was looking for reports, searches, saved searches, and Dashboards created by specific users/owners. Some ... by vinodsinha Explorer in Splunk Search 07-28-2016 1 9	1	9
How to replace URLs in multivalue fields in my logs with values from a CSV lookup file? Hi. I have a lookup which contains a list of URLs and 3 more fields loaded from a CSV file: Example: URL, value1, ... by Dosambela1 New Member in Splunk Search 07-28-2016 0 4	0	4
Splunk and QRadar integration Hello, I am interested in examples of integration of Splunk as data source to QRadar. May be somebody has any? What ... by andrey2007 Contributor in Splunk Search 07-28-2016 1 7	1	7
Sum of most used application in bytes when I have multiple applications Hi everyone, I'm pretty new to Splunk (just started a little more than 2 weeks ago). Currently I'm making a panel t... by ddong Engager in Splunk Search 07-28-2016 0 2	0	2
VPN user login from different location within one Hour Hi I am looking for the users who login from two different countries within hour hour. user C... by rashid47010 Communicator in Splunk Search 07-28-2016 0 3	0	3
Why I have very old time in my job list? Dear All Splunkers, I've a very problem in my job list which is I got the oldest query, but actually there is not con... by jujis008 Explorer in Splunk Search 07-28-2016 1 6	1	6
How do I add this regex string to my search? Hello - I have the search running below. How do I add "AAAY80" to the search? Search: index=hdx_payer sourcet... by cj039165 New Member in Splunk Search 07-28-2016 0 9	0	9
Eval strptime not creating new field I'm trying to create a calculation based on subtracting 2 dates so I'm trying to create a new eval field that convert... by svercelli Path Finder in Splunk Search 07-27-2016 0 2	0	2
how to extract this ip address "api" AND "delete" AND ("neutron" OR "nova" OR "cinder" OR "glance") \| rex field=_raw "api:(?\s\d+.\d+.\d+.\d+)" \| st... by cyberportnoc Explorer in Splunk Search 07-27-2016 0 8	0	8
How to set _time to specific limit(with in days) in earliest 30 days logs Splunk Query: "JDW14563" "START TIME" earliest=-30d \| eval seconds=(date_hour360)+(date_minutes60)\| chart values l... by kumarrm New Member in Splunk Search 07-27-2016 0 5	0	5
"No search query provided" when using base search in a dashboard OK, so I've been working away on this one for a little while now and can't see what I've missed. I've created a base... by pjb2160 Path Finder in Splunk Search 07-27-2016 0 1	0	1
How to extract a multiline "User-Agent" field from my data? S,login.test.com,HTTPS,,2016-07-27T06:41:43.000Z,,iPad,0,,login.test.com,,1469601703,NA,PROD-150607-to-as-edgenode-3,... by dongeui_hong New Member in Splunk Search 07-27-2016 0 2	0	2
inputlookup returning 0 fields Hello all, I've done this a million times, but for some reason, it's not working for me today, and I suspect it's so... by j4adam Communicator in Splunk Search 07-27-2016 0 6	0	6
How to edit my search to display a percentage in my table? What am I missing here? We have JVMs logging out to file every time there is a Garbage Collect, I'm trying to do a si... by iatwal Path Finder in Splunk Search 07-27-2016 0 5	0	5
How would I exclude events that normally occur after a restart of a server? On our Linux servers, we see that audit policies are re-applied to the audit service whenever the service is restarte... by jmaple Communicator in Splunk Search 07-27-2016 0 10	0	10
How do I get the percentage of events in a logging file Hello - I have a log file were ALL responses contain [Thread-645990] (note, the number changes for each response). ... by cj039165 New Member in Splunk Search 07-27-2016 0 8	0	8
How to search the most frequently indexed lines in Splunk? Hi, I would like to know how can we get top 10 or 20 lines which get indexed in Splunk from our log files. This is t... by raghavarora12 New Member in Splunk Search 07-27-2016 0 2	0	2
How to write a search to calculate a ratio using my sample data? Hi I'm trying to calculate the conversion rate of people going from a product page to a payment page. ie given the ... by stephenmoorhous Path Finder in Splunk Search 07-27-2016 0 4	0	4
How to extract fields from a field? Hi, I have a field defined as message_text and it has entries like the below. It also has other entries that diff... by dbcase Motivator in Splunk Search 07-27-2016 1 9	1	9
date related issue Hi, I am facing date related issue in my some of the splunk logs. Today is 26 July but it is showing timing somethin... by sunnyparmar Communicator in Splunk Search 07-27-2016 0 5	0	5
How to parse proxy information to create a list of rootlevel domains and tld? Scenario: I am trying to create a list of all the unique domains (from web requests) from the proxy. Currently I am... by packet_hunter Contributor in Splunk Search 07-27-2016 0 3	0	3
How do I show the source file and host for a search result in email alerts? I have an alert set up that will send an email to a group of individuals when we get responses from a payer with AAA*... by cj039165 New Member in Splunk Search 07-27-2016 0 2	0	2