Splunk Search

Community Activity

What does (?m) mean at the beginning of a regex I saw this in \etc\system\README\transforms.conf.example: REGEX = (?m)^(.)SessionId=\w+(\w{4}[&"].)$ What does t... by Justin_Grant Contributor in Splunk Search 07-17-2015 5 4	5	4
Can't get rex to work I have been searching Splunk answers and read the documentation and not sure it is something simple I am missing. but... by ride76 Explorer in Splunk Search 07-17-2015 0 8	0	8
Hunk - transactions support & other time ordered commands Hi. http://docs.splunk.com/Documentation/Hunk/latest/Hunk/Searchavirtualindex Explicitly states " The following c... by splunk_zen Builder in Splunk Search 07-17-2015 0 1	0	1
What are the best way to merge a set of values that refer to the same thing in a field? For example in a field "customer", I have the following events and values: Event 1: abc Event 2 :abc pte ltd I want ... by Stevelim Communicator in Splunk Search 07-17-2015 0 4	0	4
Timecharting multiple lines..! Hello, I have a question regarding timecharting multiple lines on one chart by Datacenter, but x-axis being Metric ti... by minkyuk Explorer in Splunk Search 07-17-2015 0 6	0	6
External lookup script not functioning in search app I have an external lookup using a python script. It is in its own app, but is shared to all apps with R/W access. The... by kelambert Explorer in Splunk Search 07-17-2015 0 2	0	2
Extract field with multi-values, is using an "OR" operator with two queries possible? the errors messages in my logs have different formatting so I'm wondering if there is a way to combine the below two ... by kmccowen Path Finder in Splunk Search 07-17-2015 0 1	0	1
Showing all fields in search (including empty) Hi, I would like to know how to show all fields in the search even when results are all empty for some of the field... by djfang Explorer in Splunk Search 07-17-2015 0 3	0	3
How To List A Column Value Once in a Table? I'm doing a project to detect click fraud. I created several extractions to take out the IP address, Web Request from... by skoelpin SplunkTrust in Splunk Search 07-17-2015 0 3	0	3
Good setting for max_searches_per_cpu? Hi, I'm getting this warning every hour, on top of the hour, when apparently quite a few scheduled searches are trig... by echalex Builder in Splunk Search 07-17-2015 0 6	0	6
Average transaction duration by unique transaction id index=ko_autosys sourcetype=autosys_applog_scheduler_events host="usatlb98" OR host="usatlb91" System="*" \| transacti... by zd00191 Communicator in Splunk Search 07-17-2015 0 10	0	10
Sourcetype volume increase search I want to have an alert being raised when any of our top sourcetypes hourly indexing rises above a given monthly aver... by splunk_zen Builder in Splunk Search 07-17-2015 0 3	0	3
New users per month Is it possible to find the earliest time for all users over all time. Then do a distinct count of users by month usin... by DanielFordWA Contributor in Splunk Search 07-17-2015 0 2	0	2
Is it possible to use join with the output of a lookup in a search query? Hi, I have a search query like the one below index=beacon BeaconType=userevent type=addonselected \| join INID TE... by ewanbrown Path Finder in Splunk Search 07-17-2015 0 7	0	7
Searching from a data model using tstats, why am I getting "Error in 'TsidxStats': Invalid root event object for datamodel"? I created a data model "Aggregate". I added an object which is a root search object named "usage". There is a search ... by sushmitha_mj Communicator in Splunk Search 07-17-2015 0 6	0	6
How to write the regex to extract semicolon delimited fields? I have the following log statement, which uses semicolon delimiter and where i want to extract columns as specific fi... by ismarslomic Path Finder in Splunk Search 07-17-2015 0 13	0	13
How to detect and fill default value to empty-value field ? Hello, When i did a search on my SQL data, there are a lot of empty-value fields, which don't contain anything, i wa... by sieutruc Contributor in Splunk Search 07-17-2015 1 4	1	4
Regex field extraction Splunk Version 6.2.0 Splunk Build 237341 (MacOSX Yosemite) This is the line I'm looking to extract fields using rege... by gonzalogasca New Member in Splunk Search 07-17-2015 0 3	0	3
REGEX match on multiple conditions help I need help with a REGEX that needs to match multiple conditions in a log event. The event looks like this: 02:02:0... by roguepacket Engager in Splunk Search 07-17-2015 2 4	2	4
Search multiple column in logs and give count of respective column Hi, My question is divided into 2 parts - 1.) I have a log file in which there are about 20-22 columns but i want t... by sunnyparmar Communicator in Splunk Search 07-17-2015 0 7	0	7
timestamp in the beginning Why splunk adds the date and time to the beginning of a log. How to clean it? Jul 15 09:27:20 172.16.19.1 Jul 15 201... by vinchakov_a Path Finder in Splunk Search 07-16-2015 0 5	0	5
Why is my lookup search query not returning expected results? I've got a KeywordList.csv lookup table with 3 columns (URI, URI_Keyword, URI_KeywordType). URI is a pre-existing fi... by mistergreen28 New Member in Splunk Search 07-16-2015 0 3	0	3
Not getting field automatically from lookup table I have a file: racf_username.csv located in /opt/splunk/etc/system/lookups which looks like; racf,username A123456,A ... by RVDowning Contributor in Splunk Search 07-16-2015 0 4	0	4
How to do multiple searches at once? Hi guys, I need to have multiple searches running that pull up a word from the same field and replace it with anothe... by BITSIntern Path Finder in Splunk Search 07-16-2015 0 10	0	10
RStudio integration with Splunk Is there any way to run Splunk queries from the RStudio IDE rather than from within the search bar? by mgianola Explorer in Splunk Search 07-16-2015 0 1	0	1