Splunk Search

Discussions

Thread Info

How to create transition report for a field from a 5 minute sampled input over long periods of time?

I have a script that I wrote which goes out and samples data from a few thousand servers every 5 minutes and returns ...

by Contributor in

How to extract fields without regex?

I'm trying to extract fields from a message containing the following string.. 'database'=running 'management'=runn...

by New Member in

'AND' operator in Regular Expressions

I am trying to only select the data that has Directory Administrators OR Master Web Resource Admins AND I want that d...

by Contributor in

How to search and table count for multiple fields?

Can anyone help me making this table? I have the field Status, wich has events Status=1, Status=2, Status=3. I need t...

by Contributor in

Report only if exists in external lookup

I have a very basic lookup defined. Given a UserID in my indexed data, I lookup the name from an external csv file th...

by Communicator in

How to use two lookups in a search but exclude values from one of them?

hello splunkers, I need to exclude in my search, IP values in the second lookup file | inputlookup file1_lookup.csv |...

by Explorer in

Search using multiple earliest latest

Can someone tell me why this search returns data: index=cnr-dhcp ( ( earliest="1377036255" latest="1377082255" lea...

by Communicator in

How to convert a crosstable into a list format to use as a lookup file?

Hi, I would like to convert a crosstable into a list. Date | A | B 01.01.2014| 5 | 2 02.01.2014| 5 | 2 03...

by Motivator in

How to write a search to append multiple lookups?

Hi All, I am trying to write a search that appends multiple lookups. I have 4 lookups in a .CSV format that table ...

by SplunkTrust in

How to write regex for path in inputs.conf?

I need to configure inputs.conf for forwarding a file like below, G:\BlackBerry Enterprise Server\Logs\20140827\MC...

by Communicator in

How to search users who are logged in from 2 or more IP addresses within a span of 10 minutes?

I am looking to parse apache logs to locate all users who are logged in from two or more IP addresses within a 10 min...

by New Member in

Can I rename the Week value from strftime(_time," %W")?

Hi, I am charting counts by Week. I would like to have Wk-1 or something like that instead of a number like 34 whi...

by Contributor in

Why Sample Events returned from Interactive Field Extractor do not match my original events?

Hopefully I can explain this one effectively. I have a search that brings back 3 records. I then select the drop-...

by Path Finder in

How to search count by unique ID?

I have this string, which extracts and counts permit user per class index="mysite" sourcetype="Access" AND Pe...

by Communicator in

How to handle a session split up between multiple events without using transaction or subsearch?

One of my VPN log sources is indexed all in different events, correlated by a session_id. This is making things very ...

by Explorer in

Can inner join be used to join null fields?

Hi Someone may have required this case can support me. I have the following logs Aug 27 17:42:40 172.24.20.35 ty...

by Contributor in

lookup /join

hello splunkers, I have a csv file witch contain all client Ip(130 ligne of Ip area) for the company,I need on my sea...

by Explorer in

How can I use the results from search 1 in search 2?

Hi, We are using VSFTP and I have two logs: xferlog and vsftp.log. In my xferlog we have FTPUser & client and i...

by Explorer in

Regex for uri path

Hi, I'm having trouble extracting the uri_path of my log files. Here's an example of a line in my log file ...

by New Member in

Using transaction or stats to do event correlation like Vlookup?

Hi All, In my scenario, I have a batch of events that are for a particular Event Code, sorted by time. The field...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create transition report for a field from a 5 minute sampled input over long periods of time?

How to extract fields without regex?

'AND' operator in Regular Expressions

How to search and table count for multiple fields?

Report only if exists in external lookup

How to use two lookups in a search but exclude values from one of them?

Search using multiple earliest latest

How to convert a crosstable into a list format to use as a lookup file?

How to write a search to append multiple lookups?

How to write regex for path in inputs.conf?

How to search users who are logged in from 2 or more IP addresses within a span of 10 minutes?

Can I rename the Week value from strftime(_time," %W")?

Why Sample Events returned from Interactive Field Extractor do not match my original events?

How to search count by unique ID?

How to handle a session split up between multiple events without using transaction or subsearch?

Can inner join be used to join null fields?

lookup /join

How can I use the results from search 1 in search 2?

Regex for uri path

Using transaction or stats to do event correlation like Vlookup?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Search Query

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?