Splunk Search

Community Activity

How to assign field name area_code to first 3 digits in voip logs and geolocate based on field? My voip logs have a format of xxxxxxxxxx 10 digit number. Two questions: How do I assign a field name of "area_code... by hartfoml Motivator in Splunk Search 08-05-2014 1 1	1	1
Conditional count in stats function I need to do the following: Get a distinct count of serial numbers where a selected date falls within a particular r... by willial Communicator in Splunk Search 08-05-2014 1 2	1	2
Maintaining _time with tscollect and tstats I've tried a number of ways, and I don't seem to be able to use tscollect effectively while maintaining a _time compo... by David Splunk Employee in Splunk Search 08-05-2014 0 5	0	5
Transaction with two fields have that have the same value in my logs the "connectionid" on one _raw log and the fcid I tried this sourcetype=foo \| rename connectionid AS tr... by hartfoml Motivator in Splunk Search 08-05-2014 1 2	1	2
How can I extract fields from a list of field names and values in xml data? My xml data looks like this: <name>A</name> <name>B</name> <name>C</name> <filler>someStuff</filler> <value>1</value... by jeromma Explorer in Splunk Search 08-05-2014 2 4	2	4
Can I fill null results of a field with results from another field? Hi, I'm currently looking at partially complete logs, where some contain an article_id, but some don't. Is it possib... by anthony_copus Explorer in Splunk Search 08-05-2014 2 1	2	1
rex for capturing up to 2 levels Hi, we have uris in the below format. i want to capture only up to 2 levels (if it does not have 2 levels it should... by xvxt006 Contributor in Splunk Search 08-05-2014 0 2	0	2
How do I query for an event and all surrounding events I'm trying to write a query that 1. will find the first instance of a particular problem 2. show "all" events 15 minu... by Alan_Bradley Path Finder in Splunk Search 08-05-2014 1 4	1	4
Windows Event Field Extraction I am having a problem with field extraction of some Windows event logs. I have an example log below. 08/05/2014 09:5... by conor_splunk Path Finder in Splunk Search 08-05-2014 0 2	0	2
How to check a certain (not _raw) field value matches a value returned by a subsearch? By default, when we append a subsearch to a search, it looks for events which _raw field value matches one of the val... by manus Communicator in Splunk Search 08-04-2014 0 6	0	6
How to fill a field with an ip address extracted from another field? I have a need for the field "dest" to be filled with an ip address that I am extracting from another field, the extra... by aelliott Motivator in Splunk Search 08-04-2014 1 2	1	2
Comma separated number in sum function going negative in the following situation: ... \| stats sum(SumofCoreSecs) as total \| eval Total = tostring(total, "commas") \| table ... by mjones414 Contributor in Splunk Search 08-04-2014 0 3	0	3
How to match start and end dates with search? I have the following result from as search and would like help matching the start and end dates. These are two separa... by sndegwa Explorer in Splunk Search 08-04-2014 0 8	0	8
MS SQL Server Perfmon multiple Install instances I am trying to create generic MSSQL for data collection. While installing SQL you are able to use the DEFAULT_INSTAN... by bmacias84 Champion in Splunk Search 08-04-2014 0 2	0	2
Using 2 lookup tables in one search? Hi, trying to use two lookup tables in one search. Is this possible? Basically I have a list of email domains in one... by bcusick Communicator in Splunk Search 08-04-2014 0 3	0	3
How to show the alert results in a perl script Hello I have an alert scheduled to run every 5 mins with custom conditions. What I need to do is to use these search... by theouhuios Motivator in Splunk Search 08-04-2014 1 7	1	7
How to group data by time from csv? Hi, I have a csv with two columns, where 1st column is of datetime format : "%d-%b-%Y %H:%M:%S" i.e. 01-Jan-2014 ... by harshal_chakran Builder in Splunk Search 08-04-2014 0 6	0	6
manual inputs.conf issues I am having trouble with manual inputs.conf. I have been able to successfully setup a windows universal forwarder, ... by ulikabbq Path Finder in Splunk Search 08-04-2014 0 6	0	6
Search filter shortcut for "NOT" I know, that I can double click on pretty much anything in the log lines to transfer this term to the search box. But... by paterler Explorer in Splunk Search 08-04-2014 2 5	2	5
How to view percentages in column chart instead of total values without calculating percentages in search? Hi, I'm using a column visualization and the stack mode "100%". It would be nice to have the percentages in the char... by HeinzWaescher Motivator in Splunk Search 08-04-2014 2 3	2	3
How to change time interval on x-axis of a graph to 10 minutes instead of 1 hour using dbquery? Hi All, Is there any way we can change the time interval on x-axis to be 10 mins instead of 1 hour using dbquery. My... by usha_nittala New Member in Splunk Search 08-03-2014 0 3	0	3
How to search for the most common word used? Hi, I've a file which contains a chunk of words. What I wanted to do is to find the top 10 most common word used fro... by NoisyClip Engager in Splunk Search 08-03-2014 0 2	0	2
set of last events for several tags Hello, I am trying to find a way to analyze the last occurrence of different events. The data I work with is structu... by wsw70 Communicator in Splunk Search 08-03-2014 0 9	0	9
How to replace characters in string from field extraction? I have a field extraction as below which extracts a date into a field called my_date EXTRACT-my_date = (?i)StopDate... by pradeepkumarg Influencer in Splunk Search 08-02-2014 0 6	0	6
Regex Error - Regex: PCRE does not support \L, \l, \N{name}, \U, or \u A little help needed. Regex below is throwing the error in title of question... rex field=source "N:\\logs\\(?P<UID>... by snoobzilla Builder in Splunk Search 08-02-2014 0 5	0	5