Splunk Search

Community Activity

How to get the duration in seconds from a multiline event? I am trying to find the best way to get the duration (in seconds) on a multiline event, possibly having it captured d... by icyfeverr Path Finder in Splunk Search 08-19-2015 0 6	0	6
Parsing XML data from fields Hello, after researching a lot of information I still can not recorgnise how to solve this problem. I have an xml fil... by Kabobgub Explorer in Splunk Search 08-19-2015 1 13	1	13
How do I write the regex to properly extract all attack names from my sample Fortigate logs? Hi, I need to extract attack names from Fortigate logs. All attack logs are the same, but only a few are correctly e... by pmloikju Explorer in Splunk Search 08-19-2015 0 4	0	4
How can I search for logs from the last 24 hours in Splunk? Hi, I am trying to display logs for last 24 hrs on Splunk. My search is: index=peppol sourcetype=peppol-outbound \| ... by sunnyparmar Communicator in Splunk Search 08-19-2015 0 1	0	1
How to refer to a lookup CSV file I just uploaded in a search? Hi Everyone, I have uploaded a CSV file to the lookup table. Only one column of data is in the list. for e.g. I put ... by jackywsy Explorer in Splunk Search 08-19-2015 0 2	0	2
How to use the bin command? Hi Team, I have a field which takes values from 1 to 100. So I want use the bin command in such a way so the output ... by amarish_vlabs New Member in Splunk Search 08-19-2015 0 3	0	3
Why do the earliest and latest timechart functions produce unexpected results? In the process of trying to verify some summary index data I've noticed that timechart does not seem to return expect... by curtisb1024 Path Finder in Splunk Search 08-19-2015 2 4	2	4
How to calculate age of a file in Splunk in a search? Hi, Could somebody tell me a simple way to calculate age of a file in Splunk via search? Thanks Sunny by sunnyparmar Communicator in Splunk Search 08-19-2015 0 5	0	5
Virustotal Checker Add-on: What search syntax would I use to provide VirusTotal information about my example malware hash? I am a Splunk newbie so I am not great on all the syntax you can use for searches. Your add-on was pointed out to me... by tzack New Member in Splunk Search 08-18-2015 0 3	0	3
Rex Question rex "(?i)(?P<testERROR>(\:[^\:]*){2})$" output :test string 123:test test test123 I have to keep the the 2nd : ma... by subtrakt Contributor in Splunk Search 08-18-2015 0 6	0	6
How to extract mail logs (clearswift) and link across multiple lines Hi, I have searched and haven't really found anything to parse Clearswift mail logs. The issue is that one email ma... by lmaclean Path Finder in Splunk Search 08-18-2015 1 3	1	3
Extract value from JSON array of objects I have a JSON object that has an array inside of it. The array is a list of objects, not just a list of values. See... by AlexMcDuffMille Communicator in Splunk Search 08-18-2015 2 1	2	1
Why am I getting zero results using CIDR matching and a CSV lookup of IP subnets to scan through firewall logs for hits? I'm attempting to use a CSV list of IP subnets to scan through firewall logs for hits, but it's not working out well.... by ltrand Contributor in Splunk Search 08-18-2015 0 2	0	2
How do I run a Splunk search using R in the Splunk search bar and view the results on a dashboard? I am very new to splunk . Step 1: I want to run a splunk search on my local machine data and import the results into... by m_vivek Path Finder in Splunk Search 08-18-2015 0 1	0	1
How do I get a count from multiple sources after mvexpand on multiple fields? Hi, I'm redoing a search to avoid using join as it was truncating results. I'm trying to get a count after searching ... by jlosee Path Finder in Splunk Search 08-18-2015 0 13	0	13
Why is strptime not returning results for a date field in my data? I have a time in the following format: 2015-08-11 16:31:25.973 in a field called "Last Modified On". The data comes ... by ErikaE Communicator in Splunk Search 08-18-2015 0 2	0	2
How to limit streamstats sum to a range of values? We are running a CUSUM function where we do not want the value to run away either too high or too low (negative). Ide... by nmaiorana Explorer in Splunk Search 08-18-2015 0 13	0	13
How do I get rid of double quotes for dashboard table I have a log message that contains white space so it is logged with double quotes: reason="enter reason here" The pr... by mcgeeaw Engager in Splunk Search 08-18-2015 0 1	0	1
How to search the percentage of occurrences of certain values in a field? Hi, I have a table like this: userID is_successful version userA true ... by ppaveld Engager in Splunk Search 08-18-2015 1 4	1	4
How do I convert the time in my table to a human readable date format? Hi everyone, I want to make a table that gives me the quantity of purchases for each product for the last 3 days. I... by otman01 Communicator in Splunk Search 08-18-2015 0 3	0	3
How to define chart end time? Missing data is displayed as blank space. I have events that are delayed by some time that I want to plot in a chart. Let's say there is a 1 hour delay. How... by the_wolverine Champion in Splunk Search 08-18-2015 0 1	0	1
X axis label Rotation in JSchart Hi EveryOne, Newbie here, I just wanted to know how to change the orientation of x-axis labels in splunk 5? I tried ... by ZaugustZ Explorer in Splunk Search 08-18-2015 1 1	1	1
Search Logs Hi, I wonder whether someone may be able to help me please. From the answer I found here I'm using the query below t... by IRHM73 Motivator in Splunk Search 08-17-2015 0 6	0	6
Unable to search for regex extracted fields in fixed length file format Hi, I'm seeing some very unusual behavior when extracting fields in Splunk 6.2. Basically I can see the fields are e... by ashleyherbert Communicator in Splunk Search 08-17-2015 0 7	0	7
How to align values in a column with values from another column? I basically have 2 searches that I am combining using appendcols. 1 search is for each element. It looks something li... by HattrickNZ Motivator in Splunk Search 08-17-2015 0 8	0	8