Splunk Search

Community Activity

How to extract all values for a single field using rex? Hi, I have a log file from which I am trying to extract a value of the specific term "Security ID". My data is divid... by harshal_chakran Builder in Splunk Search 02-09-2015 1 5	1	5
How to search multiple indexes and display results in a single table? Hello, I am looking for a way to play in a single table the results of two different indexes. The two searches are: ... by carlpier Explorer in Splunk Search 02-09-2015 0 2	0	2
Replace '&' with ',' I want to replace the character '&' with the character ',' in the below field. field = {call DB2GIPS.GIP_IP_SMRY_BRO... by Jananee_iNautix Path Finder in Splunk Search 02-09-2015 0 3	0	3
Web service requests by user I am trying to understand what method to be used to map a web userid="*"" to the specific service they are using at t... by bcarnot Path Finder in Splunk Search 02-08-2015 0 2	0	2
Eval for known and unknown field values I am using a search command to rename ip address output to device names something like below: sourcetype=syslog \| ev... by ashabc Contributor in Splunk Search 02-07-2015 0 4	0	4
My automatic lookup field is not searchable unless I pipe search for it. I am trying to run the following search in Splunk: index=index1 sourcetype=sourcetype1 bldg=XI The bldg field is an... by katelynengel Explorer in Splunk Search 02-07-2015 0 3	0	3
Possible to place a graphic on a map in real-time every time an event occurs? I would like to use a map to pop a graphic up on a map for each time an event occurs in real-time. I have use iplook... by djconroy Path Finder in Splunk Search 02-07-2015 0 4	0	4
Uptime Graph for Multiple Objects I've searchs Splunk Answers and I have gotten two search strings, where if combined, would give me the results I woul... by TaylorWhitt Path Finder in Splunk Search 02-07-2015 1 2	1	2
PIE CHART mouseover is displaying 100% value from nowhere? My search: \| chart max(REPORTING) as REPORTING max(MISSING) as MISSING The table looks fine, 2 columns, REPORTING a... by the_wolverine Champion in Splunk Search 02-06-2015 0 1	0	1
Why are we getting "invalid syntax" errors using and referencing generated field extractions in our alert searches? When creating alerts in Splunk, we are trying to use generated field extractions and referencing them within our aler... by pricea Engager in Splunk Search 02-06-2015 1 1	1	1
Sideview-Utils: How to create a line chart I've been using splunk for a few months and am just now beginning to use sideview utils. I've found how to make a tab... by Splunkster45 Communicator in Splunk Search 02-06-2015 1 5	1	5
Subsearch input Greetings, I am working with IronPort logs and oddly the mailto and mailfrom fields are not in the same records. So... by ccsfdave Builder in Splunk Search 02-06-2015 0 2	0	2
Search values in the field of list type Hello! I have such events: 1: name="Alex" groups="['staff', 'manager', 'top']" 2: name="Paul" groups="['sta... by IVV Path Finder in Splunk Search 02-06-2015 0 5	0	5
Is there a limit to the number of rows returned by a search using the Java SDK ? I'm new to splunk and am facing an issue when doing a search using Java SDK. I have a search that should return arou... by ssubbiah001 Explorer in Splunk Search 02-06-2015 0 2	0	2
How to edit my search to only show top 5 IPs by Office? Hello, We have this search below: stats count(eval(State="OPEN")) as "Open", count(eval(State="CLOSED")) as "Close... by rus7am Explorer in Splunk Search 02-06-2015 0 2	0	2
Can I extract the values using 'rex mode=sed' ? Hi Splunker! I have some trouble extracting values. for example, fruits apple (blah blah blah) apple (blah2 blah2 b... by hhlee Engager in Splunk Search 02-05-2015 0 4	0	4
How to write regex for rex command to extract value after a colon? Hi, Can any one help me how to display the below value which is in double quotation using rex command API : IO ET ... by valameti Explorer in Splunk Search 02-05-2015 0 2	0	2
how to extract data after a colon example [dto=forename: "abcforename" surname: "abcsurname" ..................] I want to extract the forename and s... by joyce1018 New Member in Splunk Search 02-05-2015 0 2	0	2
Is there a way to return just the table view of the data for embedded reports? For embedded reports, is there a way to return just the table view of the data? I've embedded a search, it has run on... by Runals Motivator in Splunk Search 02-05-2015 0 1	0	1
How to calculate the availability of an application using the number of errors per minute? I want to calculate availability of an application. The logic i am using is number of errors per minute. So I am sear... by nravichandran Communicator in Splunk Search 02-05-2015 0 3	0	3
extracting country codes that has no fix length Hi, I would just like to ask, as to how I could extract country codes within series of numerical values with no fix l... by adomila Explorer in Splunk Search 02-05-2015 1 9	1	9
Has anyone pulled Incident Logs from SCSM? Has anyone else pulled Incident Logs from SCSM (System Center 2012 Service Manager) into Splunk and what method(s) di... by aelliott Motivator in Splunk Search 02-05-2015 0 2	0	2
How to dynamically extract fields from Events(without internal fields like source,sourcetype,host etc..) and pipe it as fieldlist to table command. I need to create table with fields present in Events result,excluding internal fields. Example: Indexed Data: A=xxx... by jackson1990 Path Finder in Splunk Search 02-05-2015 0 2	0	2
recommendations for pruning away emptystring-valued fields? In a funny way Im looking for the opposite of fillnull. I have some fields which are sometimes coming through with ... by sideview SplunkTrust in Splunk Search 02-05-2015 0 5	0	5
how can i reuse my extraction I expect this is easy and I missed something obvious. I am new to this tool. I created a field extraction from the s... by jonnycundall Engager in Splunk Search 02-05-2015 0 3	0	3