Splunk Search

Community Activity

How to correct my regex to extract text from two or more lines? Hi, Please let me know the regex to extract text from 2 or 3 more lines. For below log text : ClientIp=06516217500... by Bhuavana Explorer in Splunk Search 11-11-2014 0 2	0	2
Regex to extract exceptionmessage Hi, I have five different types of exceptions and for that messages are logged as shown below : ClientIp=0651621750... by Bhuavana Explorer in Splunk Search 11-10-2014 0 4	0	4
Regex for two similar statements to put in transforms.conf ? Hello, thanks for everyones assistance on MV_ADD=True response on my last question regarding multivalued pairs.. Now ... by dmacgillivray Communicator in Splunk Search 11-10-2014 0 4	0	4
Can I disable clicking on items in table view when sharing search results? When sharing a search result I would like to disable clicking on the individual table cells. I would still like to be... by caffein Path Finder in Splunk Search 11-10-2014 1 4	1	4
How to get only first 3 events as a result for each event/Field? I am attempting to get first 3 events for each user field for which user count>3. Basically what I am looking for... by thezero Path Finder in Splunk Search 11-10-2014 1 7	1	7
"\| delete" after lookup command Hi, is it possible to use the delete command after a lookup? sourcetype=sourceA \| lookup delete_lookup.csv key OU... by HeinzWaescher Motivator in Splunk Search 11-10-2014 0 2	0	2
データサマリーから不要なデータを削除する方法データサマリーで表示されるホスト、ソース、ソースタイプにおいて、不要なデータを削除しようと思います。現在V6.1.4（Windows 7)ですが、昔(V5)は、"\| delete"を指定した場合、論理削除だけで物理削除は行われず表示... by ohuchi Explorer in Splunk Search 11-09-2014 0 2	0	2
How can I replace only the field value if found using Automatic lookups? I have a problem with my checkpoint logs and automatic lookup tables (although the problem is not specific to checkpo... by horst_poehlmann Explorer in Splunk Search 11-09-2014 0 3	0	3
Extract xml Hi Splunkers, I would like to extract the following xml while indexing.. fields: host=0.0.0.1 source=mysource sour... by vasanthmss Motivator in Splunk Search 11-09-2014 1 3	1	3
Selected fields in fields side bar In order to be a selected field , doest that field must exist in every events ? Now host, source, sourcetype are the... by splunker12er Motivator in Splunk Search 11-09-2014 0 2	0	2
How to combine a search for all events with a stats subsearch for a certain event that exceeds a threshold within an hour? I need to combine a normal search for 24 hr period with all events and a subsearch on threshold based event where it ... by shellnight Explorer in Splunk Search 11-09-2014 0 10	0	10
multi pattern string calculation on fields I have log coming in this format. this value is dynamic and keep changing in terms of Form and numbers Counts=[100A=0... by sumitnagal Path Finder in Splunk Search 11-08-2014 0 1	0	1
Why the function "strftime" not working in my search query? alt textIf I use this, no event return sourcetype=abc source=""+strftime(now(),"%Y%m%d")+"" But when I modify th... by chrismok Path Finder in Splunk Search 11-07-2014 0 23	0	23
help span would result in too many rows we are getting this error more frequently, can you please tell us the optimized settings to avoid this error, The sp... by dhavamanis Builder in Splunk Search 11-07-2014 0 5	0	5
How to find the earliest date in a multivalue field I have a multivalue field which contains date strings. I would like to find the earliest one of the field and set a n... by nfieglein Path Finder in Splunk Search 11-07-2014 0 5	0	5
Create key value pairs from existing fields In _raw: string1=key1\|key2\|key3\|key4\|key5\|key6 string2=value1\|value2\|value3\|value4\|value5\|value6 I want to manipula... by ben_leung Builder in Splunk Search 11-07-2014 1 8	1	8
Difference in Queries Hi, Though I'm receiving the same output for both my queries, curious to know the difference (executions, time taken... by koushiknandan New Member in Splunk Search 11-07-2014 0 1	0	1
Changing the time format form a log file using eval. I am running a report that outputs a date and time format form one of my logs, and sending it in email to a customer.... by pete_charlton Explorer in Splunk Search 11-07-2014 0 6	0	6
Can't find the timestamp AUTOLOGIN..10100000000001..Polaris/5.0 (pc, Windows 7/6.1, ja-JP) PolarisOfficeLink/1.8.14..1415285996..192.168.0... by jetzt82 Explorer in Splunk Search 11-06-2014 1 2	1	2
help to write the stats query we have three column for the below query _time, response_time and count, index="idxweblog" source="/opt/apache2/logs... by dhavamanis Builder in Splunk Search 11-06-2014 0 2	0	2
Only return results with field appearing in a lookup Hello, I'm looking to only return results for "ad_x" log entries which have an "event_code" listed in the "ad_event_... by pjb2160 Path Finder in Splunk Search 11-06-2014 0 2	0	2
How to search on a particular column 2014-11-04 13:23:33 - bigtime.com:443 HEAD /index.html - - - 521.218.22.87 - - - 200 - - m... by mgoblue Explorer in Splunk Search 11-06-2014 0 7	0	7
Need to display 0 if the count is 0 i have 5 columns in my report. i am using appendcols to append columns (to get data of different time range). My repo... by harish_ka Communicator in Splunk Search 11-06-2014 0 5	0	5
Splunk average for particular count I am attempting to find half–hourly average of elapsed time for the GETXML message has exceeded 2,000ms for an half- ... by allladin101 Explorer in Splunk Search 11-06-2014 0 4	0	4
How to set up an alert to send an email with the output of another search? I have an alert that sends emails when process count goes above a certain level. When these conditions are met, I wou... by kmasood Explorer in Splunk Search 11-06-2014 0 2	0	2