Splunk Search

Community Activity

How to extract fields from a field? Hi, I have a field defined as message_text and it has entries like the below. It also has other entries that diff... by dbcase Motivator in Splunk Search 07-27-2016 1 9	1	9
date related issue Hi, I am facing date related issue in my some of the splunk logs. Today is 26 July but it is showing timing somethin... by sunnyparmar Communicator in Splunk Search 07-27-2016 0 5	0	5
How to parse proxy information to create a list of rootlevel domains and tld? Scenario: I am trying to create a list of all the unique domains (from web requests) from the proxy. Currently I am... by packet_hunter Contributor in Splunk Search 07-27-2016 0 3	0	3
How do I show the source file and host for a search result in email alerts? I have an alert set up that will send an email to a group of individuals when we get responses from a payer with AAA*... by cj039165 New Member in Splunk Search 07-27-2016 0 2	0	2
Sum the results of searches from separate panels Hi there, I'd like to create a dashboard with 3 panels, each one containing a separate search that produces a table.... by ojasklowski Explorer in Splunk Search 07-27-2016 0 4	0	4
How do I convert this search into a tstats search leveraging the web datamodel? Here's the search: index=proxysg sourcetype=proxysg \| replace pandora with www.pandora.com in url \| replace *faceb... by jaywilwk Engager in Splunk Search 07-27-2016 0 3	0	3
X-Axis duration in hours, not seconds I am using the following search to get a total VPN connection time for users: index=pan_logs eventtype=pan_system lo... by pashtet13 New Member in Splunk Search 07-27-2016 0 7	0	7
Multiple summary indexes Hi, I need to schedule daily jobs for summary indexing.. There are 6 of the same jobs (licence usage over a month(3)... by mansel_scheffel Explorer in Splunk Search 07-27-2016 0 1	0	1
How can I highlight more than 1 string without getting this error message: "The extraction failed. If you are extracting multiple fields, try removing one or more fields"? I'm trying to extract Signature Algorithm, but Splunk only recognizes the exact string(sha256WithRSAEncryption) in sa... by jenniferleenyc Engager in Splunk Search 07-27-2016 0 4	0	4
How to edit my search to compare software version numbers to find the latest version? HI, I have a field called AppVersion. The field value represents the version of a piece of software. Example AppV... by Aaron_Fogarty Path Finder in Splunk Search 07-27-2016 0 8	0	8
How to pull a value from one column based on condition on another column? I am trying to run an equivalent of the below query in splunk search, please help. SELECT CONCAT(run, '.', tag) as f... by infoneo New Member in Splunk Search 07-27-2016 0 1	0	1
How to edit my rex search to extract two different or duplicate IP addresses at the same time? Current search: search "xxx" \| rex field=_raw "api:(?\s\d+.\d+.\d+.\d+)" I'm using the rex command, but it does no... by cyberportnoc Explorer in Splunk Search 07-27-2016 0 2	0	2
how to use search result and search again for each grouped value ("conn=" AND "IP=") \| rex field=_raw "conn=(?\d+)" \| join connum [search "err=49" AND "conn" \| rex field=_raw "conn=(... by cyberportnoc Explorer in Splunk Search 07-27-2016 0 1	0	1
How to show a timeline of concurrent transactions Hi, I'm trying to create a chart showing batch jobs on a timeline, in the manner of an evolutionary or geological ti... by joelbyrnes Engager in Splunk Search 07-27-2016 1 1	1	1
Improve Search Performance Hi, Ive constructed the below 5 searches to populate a dashboard, once they go onto our live systems they are going ... by mwdbhyat Builder in Splunk Search 07-27-2016 0 3	0	3
tstats with timchart Hi, If I use tstats and timechart will the timechart slow down my search drastically(There is a ton of data so tryin... by mansel_scheffel Explorer in Splunk Search 07-27-2016 0 1	0	1
How to resize the width of a single value field Hi, Want to reduce the width size of single value field. I want first 2 fields to be closer and then some space a... by payal23 Path Finder in Splunk Search 07-26-2016 0 1	0	1
Why are the emailed results of my search not formatted the same as results in Splunk Web? I have a real time search that sends an email if there are any results. In Splunk, the search is formatted as I would... by mdufrasne Explorer in Splunk Search 07-26-2016 0 3	0	3
Bar Chart Line, based stats sum Regard's, I have a bar chart is a project cost of summation. In this chart I need to have two vertical lines where ... by markux Path Finder in Splunk Search 07-26-2016 0 7	0	7
How to extract MAC addresses from a log that has all values delimited by a comma, but the order of fields can change? Hi, I am trying to extract MAC addresses from a log that has all the values separated by a comma. I would use the d... by aer9480 Explorer in Splunk Search 07-26-2016 0 8	0	8
whitelist match issues Hi everyone, I am having an issue where a logical AND NOT isn't working properly. Simply put I have an alert for mai... by alaking Explorer in Splunk Search 07-26-2016 0 1	0	1
How to display certain background colors for single value visualizations based on search results? I am trying to make my search have 3 different background colors: Green if healthy, Yellow if warning, Red if critica... by JoshuaJohn Contributor in Splunk Search 07-26-2016 0 1	0	1
Calculate time difference in two different logs Hello - Stumped on this. I have two different log files. One logs the time (and data) in transactions sent, the othe... by cj039165 New Member in Splunk Search 07-26-2016 0 11	0	11
Search event count limited from REST API but not UI search Hi, I'm running a search as follows via the Splunk Web UI ie. search index="xxxx" sourcetype="some_gateway" for a gi... by tabchb Explorer in Splunk Search 07-26-2016 1 7	1	7
How to search for earlier events for a given field? I'm trying to create a report which will find the number of 'new users'. I've extracted the field user. I want to fin... by pladamsplunk Explorer in Splunk Search 07-26-2016 0 7	0	7