Splunk Search

Community Activity

How to find the average count of a field per hour per day? Trying to find the average PlanSize per hour per day. source="\\myfile." Action="OpenPlan" \| transaction Guid star... by RVDowning Contributor in Splunk Search 08-19-2015 0 6	0	6
Eval difference between two fields for each entry So I'm trying to display what the timespan is from start to finish of a bucket and add it as a new field to the table... by ltrand Contributor in Splunk Search 08-19-2015 0 2	0	2
How to chang the color of iframe chart ? Hi Splunkers! Is there a way to chang the color of iframe chart ? i only find it can work on dashboard ty:) by cysplunk978 New Member in Splunk Search 08-19-2015 0 1	0	1
How to find 10 most active folders by their action of uploading documents Hey guys, So I am trying to create a search that fetches the top 10 most active OOIDs (Organization ID Folder) by th... by splunkman341 Communicator in Splunk Search 08-19-2015 0 8	0	8
How to get complex transactions over two fields My transactions consist of two fields named JOBID and SUBJOBID. A typical search result contains events like JOBID=9... by lwolter Explorer in Splunk Search 08-19-2015 1 12	1	12
How to get the duration in seconds from a multiline event? I am trying to find the best way to get the duration (in seconds) on a multiline event, possibly having it captured d... by icyfeverr Path Finder in Splunk Search 08-19-2015 0 6	0	6
Parsing XML data from fields Hello, after researching a lot of information I still can not recorgnise how to solve this problem. I have an xml fil... by Kabobgub Explorer in Splunk Search 08-19-2015 1 13	1	13
How do I write the regex to properly extract all attack names from my sample Fortigate logs? Hi, I need to extract attack names from Fortigate logs. All attack logs are the same, but only a few are correctly e... by pmloikju Explorer in Splunk Search 08-19-2015 0 4	0	4
How can I search for logs from the last 24 hours in Splunk? Hi, I am trying to display logs for last 24 hrs on Splunk. My search is: index=peppol sourcetype=peppol-outbound \| ... by sunnyparmar Communicator in Splunk Search 08-19-2015 0 1	0	1
How to refer to a lookup CSV file I just uploaded in a search? Hi Everyone, I have uploaded a CSV file to the lookup table. Only one column of data is in the list. for e.g. I put ... by jackywsy Explorer in Splunk Search 08-19-2015 0 2	0	2
How to use the bin command? Hi Team, I have a field which takes values from 1 to 100. So I want use the bin command in such a way so the output ... by amarish_vlabs New Member in Splunk Search 08-19-2015 0 3	0	3
Why do the earliest and latest timechart functions produce unexpected results? In the process of trying to verify some summary index data I've noticed that timechart does not seem to return expect... by curtisb1024 Path Finder in Splunk Search 08-19-2015 2 4	2	4
How to calculate age of a file in Splunk in a search? Hi, Could somebody tell me a simple way to calculate age of a file in Splunk via search? Thanks Sunny by sunnyparmar Communicator in Splunk Search 08-19-2015 0 5	0	5
Virustotal Checker Add-on: What search syntax would I use to provide VirusTotal information about my example malware hash? I am a Splunk newbie so I am not great on all the syntax you can use for searches. Your add-on was pointed out to me... by tzack New Member in Splunk Search 08-18-2015 0 3	0	3
Rex Question rex "(?i)(?P<testERROR>(\:[^\:]*){2})$" output :test string 123:test test test123 I have to keep the the 2nd : ma... by subtrakt Contributor in Splunk Search 08-18-2015 0 6	0	6
How to extract mail logs (clearswift) and link across multiple lines Hi, I have searched and haven't really found anything to parse Clearswift mail logs. The issue is that one email ma... by lmaclean Path Finder in Splunk Search 08-18-2015 1 3	1	3
Extract value from JSON array of objects I have a JSON object that has an array inside of it. The array is a list of objects, not just a list of values. See... by AlexMcDuffMille Communicator in Splunk Search 08-18-2015 2 1	2	1
Why am I getting zero results using CIDR matching and a CSV lookup of IP subnets to scan through firewall logs for hits? I'm attempting to use a CSV list of IP subnets to scan through firewall logs for hits, but it's not working out well.... by ltrand Contributor in Splunk Search 08-18-2015 0 2	0	2
How do I run a Splunk search using R in the Splunk search bar and view the results on a dashboard? I am very new to splunk . Step 1: I want to run a splunk search on my local machine data and import the results into... by m_vivek Path Finder in Splunk Search 08-18-2015 0 1	0	1
How do I get a count from multiple sources after mvexpand on multiple fields? Hi, I'm redoing a search to avoid using join as it was truncating results. I'm trying to get a count after searching ... by jlosee Path Finder in Splunk Search 08-18-2015 0 13	0	13
Why is strptime not returning results for a date field in my data? I have a time in the following format: 2015-08-11 16:31:25.973 in a field called "Last Modified On". The data comes ... by ErikaE Communicator in Splunk Search 08-18-2015 0 2	0	2
How to limit streamstats sum to a range of values? We are running a CUSUM function where we do not want the value to run away either too high or too low (negative). Ide... by nmaiorana Explorer in Splunk Search 08-18-2015 0 13	0	13
How do I get rid of double quotes for dashboard table I have a log message that contains white space so it is logged with double quotes: reason="enter reason here" The pr... by mcgeeaw Engager in Splunk Search 08-18-2015 0 1	0	1
How to search the percentage of occurrences of certain values in a field? Hi, I have a table like this: userID is_successful version userA true ... by ppaveld Engager in Splunk Search 08-18-2015 1 4	1	4
How do I convert the time in my table to a human readable date format? Hi everyone, I want to make a table that gives me the quantity of purchases for each product for the last 3 days. I... by otman01 Communicator in Splunk Search 08-18-2015 0 3	0	3