Splunk Search

Community Activity

Field extracting using Regex I am trying to extract username & password from below event - form_key=6LgmjzGyzOYLIf11&login[username]=dev_lee@gma... by satishsdange Builder in Splunk Search 01-18-2016 0 2	0	2
グラフに表示するプロット数の上限値の変更方法グラフに表示するデータのプロット数の上限値の変更方法を教えて下さい。 by Splunk_Shinobi Splunk Employee in Splunk Search 01-18-2016 0 2	0	2
Change color of Splunk graph based on string value I have seen this question and this docs page, together with a few other questions on the topic, but I am having some ... by danielpellarini Path Finder in Splunk Search 01-17-2016 0 8	0	8
Timechart Cell value replace numeric value by conditional string Hi All, i am newbie to Splunk and need an assistance in writing a splunk dashboard where i wish to replace the averag... by rishiaggarwal Explorer in Splunk Search 01-17-2016 0 2	0	2
Lookups vs Events Questions I'm trying to understand what, exactly, lookup tables are. It seems like getwatchlist just populates Splunk like any... by user4455 Explorer in Splunk Search 01-16-2016 0 2	0	2
Required robust regex to fetch the last value of the log events. Hi, I need a regex which will fetch the last value of log events ends with [abcd]. Currently the challenge i'm facing... by muthvin New Member in Splunk Search 01-16-2016 0 2	0	2
create a new column with average of a perticular field for every row Hi All I am trying to create a new column with the average of a field name (back_post_duration) . I need to add thi... by sukundur Engager in Splunk Search 01-16-2016 0 2	0	2
Why is my search pulling the wrong events when selecting an appended column on a graph? Hey guys, I recently created a graph using the search: sourcetype=testing PhpFatal="PHP Fatal error" \| stats count... by Spiere Path Finder in Splunk Search 01-15-2016 0 11	0	11
Why are we getting an incorrect date in our resulting table? the job: 0019295 which shows run time on Thu Jan 14 07:00:02:2016 actually ran on Wed Jan 13 07:00:19 2016 Sanpshot ... by athorat Communicator in Splunk Search 01-15-2016 0 9	0	9
How do I extract a field from a URL and group by that field? How do I group data and get a count for usage per customer? My data is Time and Event. The event data is a URL and th... by maddy1011 Explorer in Splunk Search 01-15-2016 0 9	0	9
Tricky latest login state question Hi Guys, I'm having a bit of trouble with this. Basically I wish to show who is into this device on a dashboard and I... by SecureIA Path Finder in Splunk Search 01-15-2016 0 5	0	5
How to show two search results in one dashboard panel HI all I have two search which yield the table like this below: Module1 Module2 Name1 1.2 2.2 Name2 1.5 3.2 Na... by muthvin New Member in Splunk Search 01-15-2016 0 3	0	3
Looking for way to return a value from subsearch when it returns zero results Maybe there is a much easier way to do that I'm just missing.....but here goes. I have a search that I am using to a... by jjohns86 Explorer in Splunk Search 01-15-2016 0 3	0	3
Reformat table so values become Column headings I have a search that ends with \| stats sum(count) AS Hits by _time GUID cs_uri_stem Which results in a table I ... by DanielFordWA Contributor in Splunk Search 01-15-2016 0 1	0	1
How can I retrieve count or distinct count of some field values ? I have lots of logs for client order id ( field_ name is clitag ), i have to find unique count of client order( field... by gpant Explorer in Splunk Search 01-15-2016 0 6	0	6
Error: [indexer1] Empty csv lookup file Hi, I've got a large (170.000 rows) lookupfile that is used in several searches. I've scheduled these searches to ru... by HeinzWaescher Motivator in Splunk Search 01-15-2016 0 11	0	11
Messed up input data ruining/slowing down search? Hi! I accidentally indexed really bizarre logs (partially downloaded logs) and assigned it to a sourcetype. Now se... by monicato Path Finder in Splunk Search 01-15-2016 0 3	0	3
How can I do a cumulative timechart with dedup? I've got some data with three applicable fields, hostname, requirement, and requirementstatus. Each day I may receive... by ITSX Explorer in Splunk Search 01-14-2016 0 6	0	6
How do I run a programmatic search against a Search Head Cluster? Is there anything special about interacting with a Search Head Cluster via the REST APIs? Specifically, what endpoi... by Lowell Super Champion in Splunk Search 01-14-2016 0 1	0	1
Updating fields in a lookup through a scheduled search Fellow Splunkers! I am attempting to update fields within a lookup file, and fortunatley there are only 2 fields. I ... by tmarlette Motivator in Splunk Search 01-14-2016 0 3	0	3
How to work out the age of a user based on date of birth? I want to group users by their age which range from roughly 5 years to 90. The dateofbirth field is formatted like th... by Amohlmann Communicator in Splunk Search 01-14-2016 0 11	0	11
Do unused search-time field extractions significantly impact performance if the extracted fields are not used? I have a new analyst requesting to add some search-time field extractions for sourcetype=syslog to simplify reporting... by wegscd Contributor in Splunk Search 01-14-2016 2 1	2	1
Why is my PDF report not displaying the chart from my custom js script? Hi All, My dashboard has a custom js script, and while sending the PDF report, my graph which is from the js script ... by bharathkumarnec Contributor in Splunk Search 01-14-2016 0 2	0	2
App for Stream - pcap replay I have a pcap with DNS traffic that I want to analyze. I downloaded the 'Stream Examples' app and the main Splunk App... by sswansonchtr Path Finder in Splunk Search 01-14-2016 0 6	0	6
Inline vs Saved Search Which do you recommend from a OS and search performance perspective and for realtime searches in a dashboard (or clos... by aaronkorn Splunk Employee in Splunk Search 01-14-2016 0 2	0	2