Splunk Search

Community Activity

Regex for field extraction is not working properly I just did a regex for proxy fields extractions and it seems that is not working as it should have. Not sure why. Fie... by daniel_augustyn Contributor in Splunk Search 01-18-2016 0 10	0	10
How to use a lookup file to create a new field? (Ex: Http Status code and description from csv file -> create new field http_description) Hi , How do I create a new field based on the lookup file (csv file has tow columns - status , description). Now I wa... by Kukkadapu Path Finder in Splunk Search 01-18-2016 0 4	0	4
How to plot every minute between a start and end time for multiple events on a timechart? All, I hope someone can help me. I am trying to plot every minute of an event between a start and end time to get ... by srobinsonxtl Path Finder in Splunk Search 01-18-2016 0 8	0	8
How to deduct two sums I am trying to sum 2 Fields of a search and then deduct the one from the other: my idea is not working: \| stats sum... by highriser666 New Member in Splunk Search 01-18-2016 0 7	0	7
How to use fields containing semicolons (:) in search command functions? Hello, I am trying to use a variable from my data which has columns as in this example: ep_9:sMeterS:SummationDeliv... by pkurt Path Finder in Splunk Search 01-18-2016 1 2	1	2
how to retrieve the len of the results in a custom command Hello, I am using a custom splunk command and I discovered that it has random behavior when there is more than about ... by clorne Communicator in Splunk Search 01-18-2016 0 3	0	3
How do I get the sum of values for non-unique fields? Hi. I have 4 events with field smsresult= , and I have to sum the values of this field. I tried to use stats sum(... by cabbageel New Member in Splunk Search 01-18-2016 0 3	0	3
How can I get a list of all the events fields including their data type (string, number...)? How can I get a list of all the events fields including their data type? by adilevar Engager in Splunk Search 01-18-2016 1 1	1	1
Search by source name in virtual index does not show results Hi, i need to get the raw data of file based on source file name. For that i have used below query. source="xml_f... by sdaruna Explorer in Splunk Search 01-18-2016 0 2	0	2
Appending a two column graph to another two column graph Hey guys, I asked a question recently about an appended column on a graph not selecting the correct events when it i... by Spiere Path Finder in Splunk Search 01-18-2016 0 4	0	4
How do you count multiple fields with the stats count command? Hey guys, Question for you. I have a query where I am searching for multiple field names inside of the query - sour... by Spiere Path Finder in Splunk Search 01-18-2016 0 4	0	4
Field extracting using Regex I am trying to extract username & password from below event - form_key=6LgmjzGyzOYLIf11&login[username]=dev_lee@gma... by satishsdange Builder in Splunk Search 01-18-2016 0 2	0	2
グラフに表示するプロット数の上限値の変更方法グラフに表示するデータのプロット数の上限値の変更方法を教えて下さい。 by Splunk_Shinobi Splunk Employee in Splunk Search 01-18-2016 0 2	0	2
Change color of Splunk graph based on string value I have seen this question and this docs page, together with a few other questions on the topic, but I am having some ... by danielpellarini Path Finder in Splunk Search 01-17-2016 0 8	0	8
Timechart Cell value replace numeric value by conditional string Hi All, i am newbie to Splunk and need an assistance in writing a splunk dashboard where i wish to replace the averag... by rishiaggarwal Explorer in Splunk Search 01-17-2016 0 2	0	2
Lookups vs Events Questions I'm trying to understand what, exactly, lookup tables are. It seems like getwatchlist just populates Splunk like any... by user4455 Explorer in Splunk Search 01-16-2016 0 2	0	2
Required robust regex to fetch the last value of the log events. Hi, I need a regex which will fetch the last value of log events ends with [abcd]. Currently the challenge i'm facing... by muthvin New Member in Splunk Search 01-16-2016 0 2	0	2
create a new column with average of a perticular field for every row Hi All I am trying to create a new column with the average of a field name (back_post_duration) . I need to add thi... by sukundur Engager in Splunk Search 01-16-2016 0 2	0	2
Why is my search pulling the wrong events when selecting an appended column on a graph? Hey guys, I recently created a graph using the search: sourcetype=testing PhpFatal="PHP Fatal error" \| stats count... by Spiere Path Finder in Splunk Search 01-15-2016 0 11	0	11
Why are we getting an incorrect date in our resulting table? the job: 0019295 which shows run time on Thu Jan 14 07:00:02:2016 actually ran on Wed Jan 13 07:00:19 2016 Sanpshot ... by athorat Communicator in Splunk Search 01-15-2016 0 9	0	9
How do I extract a field from a URL and group by that field? How do I group data and get a count for usage per customer? My data is Time and Event. The event data is a URL and th... by maddy1011 Explorer in Splunk Search 01-15-2016 0 9	0	9
Tricky latest login state question Hi Guys, I'm having a bit of trouble with this. Basically I wish to show who is into this device on a dashboard and I... by SecureIA Path Finder in Splunk Search 01-15-2016 0 5	0	5
How to show two search results in one dashboard panel HI all I have two search which yield the table like this below: Module1 Module2 Name1 1.2 2.2 Name2 1.5 3.2 Na... by muthvin New Member in Splunk Search 01-15-2016 0 3	0	3
Looking for way to return a value from subsearch when it returns zero results Maybe there is a much easier way to do that I'm just missing.....but here goes. I have a search that I am using to a... by jjohns86 Explorer in Splunk Search 01-15-2016 0 3	0	3
Reformat table so values become Column headings I have a search that ends with \| stats sum(count) AS Hits by _time GUID cs_uri_stem Which results in a table I ... by DanielFordWA Contributor in Splunk Search 01-15-2016 0 1	0	1