Splunk Search

Community Activity

REGEX expression Hi xperts, someone help me to write the regex expression. with some examples. by Paul_tcs Explorer in Splunk Search 07-05-2013 0 2	0	2
how to write Regex expression Hi xperts, Am new to splunk. I am uploading my data into the splunk. when i see the preview, it shows me all the eve... by Paul_tcs Explorer in Splunk Search 07-05-2013 0 5	0	5
Time Chart - Today - Yesterday - Last week - Not 24hr but by Day I have a time chart that looks back over the last 24hr and compares the data to Yesterday and 7 days ago. My live dat... by DanielFordWA Contributor in Splunk Search 07-05-2013 0 3	0	3
extracting the value from the match of the "regex" command Hi Guys I have an objective to trawl our data to ensure it is clean of sensitive data for compliance purposes. I st... by darrend Path Finder in Splunk Search 07-05-2013 0 3	0	3
Custom search text box Hi, I've created custom text box to search the events in splunk. my xml : < module name="HiddenSearch" layoutPanel... by prad18 Path Finder in Splunk Search 07-05-2013 0 3	0	3
Which ways are the best for missing custom extracted fields ? Hi Splunkers, I've encounter the same problems that i cannot get search results of my custom extracted fields. I pre... by sunrise Contributor in Splunk Search 07-04-2013 0 6	0	6
Combining similar log entries and counting as one I have multiple users making a request to a web server each time they type a character into a search box. User 1 is t... by robert2138 Engager in Splunk Search 07-04-2013 0 2	0	2
Time modifiers for Search and Time zones Hi All, The timezone in my splunk setup is IST (UTC + 5.30) From the examples at http://docs.splunk.com/Documentat... by spiketide Engager in Splunk Search 07-04-2013 0 1	0	1
eval an existing field which is used for a lookup... Hi Base, when I do an eval on an existing field which is also used for a lookup than the lookup ignores the eval resu... by ndcl Path Finder in Splunk Search 07-04-2013 0 10	0	10
Extracting Field using Regexes I have extracted the latitude using this (?i).Double">(?P[^<]+ , but i could not extract the longitude as both shares... by sbnoobbb Path Finder in Splunk Search 07-04-2013 1 2	1	2
displaying icons in search Is there any way to do a lookup on a value and display an icon for that value? I would like to do application ID look... by jalfrey Communicator in Splunk Search 07-03-2013 2 2	2	2
exclude IPs from results Hi, I want to exclude some IP addresses which are about over 100 in my search. Seems silly to type NOT NOT NOT.. 100+... by hylee Explorer in Splunk Search 07-03-2013 0 3	0	3
calculate duration of connection I have these two log messages Jul 2 10:21:50 10.197.1.254 id=firewall sn=0017C5C027C1 time="2013-07-02 17:21:50 UTC... by jalfrey Communicator in Splunk Search 07-03-2013 0 2	0	2
Repository for Available tags Where would one find the repository for all available definitions that follow the 'type' you indicate. Example: event... by LatinPupE New Member in Splunk Search 07-03-2013 0 1	0	1
Multiple searches on one chart Is it possible to have multiple search results represented on one chart? I have (2) searches defined that extract and... by ericrobinson Path Finder in Splunk Search 07-03-2013 0 4	0	4
Lookup with CIDR Greetings, I feel like this shouldn't be rocket science,but I just can't make it work. Our internal network is pre... by ccsfdave Builder in Splunk Search 07-03-2013 0 6	0	6
match_type = CIDR doesn't seem to work I have the following lookup: transforms.conf [ipam] filename = ipam.csv match_type = CIDR(src_ip) props.conf [cis... by ccsfdave Builder in Splunk Search 07-03-2013 0 4	0	4
How do you include index/sourcetype in table data? (e.g. \| table ..., ..., index) Hey guys, having a little trouble with this one. How does one include the index in a table. This doesn't work: (ind... by ktrumpol Path Finder in Splunk Search 07-03-2013 0 9	0	9
Counting the occurence of a string in log files Hi this is my sample log file [M2E-CSI]2013-06-11 01:19:40,924 PDT - Hydra is starting Control Channel [M2E-CSI]2013... by ncbshiva Communicator in Splunk Search 07-03-2013 1 4	1	4
regex help for timestamp extraction from event log Hi, PFB My Sample log event . Its has two timestamps in it , which are highlighted. i need to create two regexs to ... by rakesh_498115 Motivator in Splunk Search 07-03-2013 0 2	0	2
XML: Extract field and assign to multiple events I'm attempting to read in an XML file in the following format: <a> data </a> <q> other data </q> <b> item </b> ... by a1352019 Engager in Splunk Search 07-03-2013 1 2	1	2
ディレクトリ監視で圧縮ファイルを認識しない。「データ入力 » ファイルとディレクトリ」でディレクトを監視して圧縮ファイル（ZIP）をディレクトリに追加したがSplunkに取り込まれません。いろいろファイルを追加してみたところ、元ファイルがUTF-8のファイルの場合は認識するが、... by HiroshiSatoh Champion in Splunk Search 07-02-2013 0 5	0	5
Transaction Hi This is my search query source="-----.log" \| transaction startswith="DME2 Version" endswith="Published service e... by ncbshiva Communicator in Splunk Search 07-02-2013 0 7	0	7
calculate top talkers by application I would like to calculate the top talkers by application (name/ID) but I have run into a snag. The firewall returns "... by jalfrey Communicator in Splunk Search 07-02-2013 0 4	0	4
Remove numbers from splunk events I"m trying to create a search that will show me the count of certain types of events I get in a Windows Event Log. ... by richnavis Contributor in Splunk Search 07-02-2013 0 5	0	5