Splunk Search

Community Activity

How to search and table count for multiple fields? Can anyone help me making this table? I have the field Status, wich has events Status=1, Status=2, Status=3. I need t... by vtsguerrero Contributor in Splunk Search 08-29-2014 1 3	1	3
Report only if exists in external lookup I have a very basic lookup defined. Given a UserID in my indexed data, I lookup the name from an external csv file t... by timmy13 Communicator in Splunk Search 08-29-2014 2 2	2	2
How to use two lookups in a search but exclude values from one of them? hello splunkers, I need to exclude in my search, IP values in the second lookup file \| inputlookup file1_lookup.csv \|... by hyahmadi Explorer in Splunk Search 08-29-2014 0 2	0	2
Search using multiple earliest latest Can someone tell me why this search returns data: index=cnr-dhcp ( ( earliest="1377036255" latest="1377082255" lease... by rdownie Communicator in Splunk Search 08-29-2014 0 2	0	2
How to convert a crosstable into a list format to use as a lookup file? Hi, I would like to convert a crosstable into a list. Date \| A \| B 01.01.2014\| 5 \| 2 02.01.2014\| 5 \| 2 03.01.... by HeinzWaescher Motivator in Splunk Search 08-29-2014 0 7	0	7
How to write a search to append multiple lookups? Hi All, I am trying to write a search that appends multiple lookups. I have 4 lookups in a .CSV format that table a... by _gkollias Builder in Splunk Search 08-29-2014 0 4	0	4
How to write regex for path in inputs.conf? I need to configure inputs.conf for forwarding a file like below, G:\BlackBerry Enterprise Server\Logs\20140827\MCLC... by anoopambli Communicator in Splunk Search 08-29-2014 1 5	1	5
How to search users who are logged in from 2 or more IP addresses within a span of 10 minutes? I am looking to parse apache logs to locate all users who are logged in from two or more IP addresses within a 10 min... by joec90 New Member in Splunk Search 08-29-2014 0 1	0	1
Can I rename the Week value from strftime(_time," %W")? Hi, I am charting counts by Week. I would like to have Wk-1 or something like that instead of a number like 34 which... by xvxt006 Contributor in Splunk Search 08-28-2014 1 3	1	3
Why Sample Events returned from Interactive Field Extractor do not match my original events? Hopefully I can explain this one effectively. I have a search that brings back 3 records. I then select the drop-... by mark_chuman Path Finder in Splunk Search 08-28-2014 0 3	0	3
How to search count by unique ID? I have this string, which extracts and counts permit user per class index="mysite" sourcetype="Access" AND Permit \|... by raindrop18 Communicator in Splunk Search 08-28-2014 0 2	0	2
How to handle a session split up between multiple events without using transaction or subsearch? One of my VPN log sources is indexed all in different events, correlated by a session_id. This is making things very... by smwilli1 Explorer in Splunk Search 08-28-2014 1 3	1	3
Can inner join be used to join null fields? Hi Someone may have required this case can support me. I have the following logs Aug 27 17:42:40 172.24.20.35 type... by jrodriguezap Contributor in Splunk Search 08-28-2014 1 8	1	8
lookup /join hello splunkers, I have a csv file witch contain all client Ip(130 ligne of Ip area) for the company,I need on my sea... by ibra75 Explorer in Splunk Search 08-28-2014 0 3	0	3
How can I use the results from search 1 in search 2? Hi, We are using VSFTP and I have two logs: xferlog and vsftp.log. In my xferlog we have FTPUser & client and in vs... by brandonpal Explorer in Splunk Search 08-28-2014 1 2	1	2
Regex for uri path Hi, I'm having trouble extracting the uri_path of my log files. Here's an example of a line in my log file 115.25... by loadtest New Member in Splunk Search 08-28-2014 0 4	0	4
Using transaction or stats to do event correlation like Vlookup? Hi All, In my scenario, I have a batch of events that are for a particular Event Code, sorted by time. The fields ... by sadkha Path Finder in Splunk Search 08-28-2014 0 6	0	6
How to edit search so delta command does not return negative results? Hi Everyone, I have a need to create a delta between the count of id today to the count of id yesterday search: searc... by NaorPenso Explorer in Splunk Search 08-27-2014 1 3	1	3
Match multiple items in If with Top index="test" host="P" "Type=Error" \|eval Code = if(EventCode="10034","Access Denied",if(EventCode="5749","Port Tim... by jkat54 SplunkTrust in Splunk Search 08-27-2014 0 2	0	2
How to write a search to report hosts, counts of sources and sourcetypes with beginning and end dates? I would like to be able to create/run a report that would show me the hosts, sourcetypes for each host, and the sourc... by Ronvgraham Engager in Splunk Search 08-27-2014 0 2	0	2
negate a backslash in regex without negating other characters Hi, I want to create a new field, from a string, showing the domain user, where the only constant is "\" which I don... by jdbtee Path Finder in Splunk Search 08-27-2014 0 5	0	5
How to write regex to extract date related subfields from req_time? We have created new sourcetype (acquia_access_combined) by coping the existing sourcetype (access_combined) and added... by dhavamanis Builder in Splunk Search 08-27-2014 1 4	1	4
Add multiple device types to search string I want to add cer device type to the following string to search for both. Boolean expression? index=cisco cdnt* part... by fschiavo New Member in Splunk Search 08-27-2014 0 2	0	2
Is it possible to use a lookup for a field that has OR condition? How do I lookup for a field which has Or condition. example Source Destination File name act bank indexes_... by xbbj3nj Path Finder in Splunk Search 08-27-2014 0 1	0	1
What is the best way to remove leading 0's from a field? I have a field which has leading 0's before the actual value. How can I get rid of them. Possible Values 0000000040... by pradeepkumarg Influencer in Splunk Search 08-27-2014 0 1	0	1