Splunk Search

Ask a Question

Discussions

Thread Info

multiline match for same pattern

<Product> <ProductName>(\w+)</ProductName> <ProductName>(\w+)</ProductName> <ProductName>(\w+)</ProductName> </Pro...

by Explorer in

tostring turning integers into decimals

I have a rex that returns a series of 5-8 digit IDs: SEARCH "rex field=_raw "2012-\d\d-\d\d,\d,(? \d{1,8})...

by Path Finder in

Search pages based on their response time

I need to know the pages, along with the count of how many times their response time exceeded 100. I need the top 10 ...

by Explorer in

search for unique userid in one hour window

I am trying to report the number of unique logged in users (field=USERNAME) in a timespan=1h and since i only want un...

by SplunkTrust in

connect/concatenate two searches into one and visualize it as a single value

Hello I have two searches: Search A: BGP_NEIGHBOR_STATE_CHANGED source="udp:514" AND ("Established to Idle" OR "E...

by Path Finder in

How to add a field from a previous line to every logged event/line?

I would like to associate the "ip" field with every log line, i.e. Current source log format: 1227.125106.091263 ip...

by Path Finder in

Regex "(?<!\d)"

What does the regex in my question's title above mean? Source: Search Language Quick Reference Card (on top of pag...

by Path Finder in

return a result from fields based on 2 queries

I'm trying to return a field based upon a search and within that search extract a variable to search for in another s...

by Path Finder in

How to get a count and percentage for denied connections in cisco web appliance

I am trying to get the number of denied connections from squid proxy logs from a Cisco Ironport web security applianc...

by Engager in

regex TEXT

Hopufully a quick one but I'm looking to search and extract anything between two these fields anyone know how?

by Explorer in

Search Progress Indicator

Is there a way to show the status of search jobs while the search is in progress. I have a dashboard with multiple se...

by Communicator in

Alert from 2 searched values that calculate a percentage

First time posting! --using splunk 4.2.4-- I noticed similar questions on here that were either unanswered or didn...

by Explorer in

Adding search-server / CLI

I'm trying to add search servers to my search head. I'm using the following command: ./splunk add search-server -h...

by Explorer in

Monitoring Splunk with Nagios

Hey everyone. Is anyone using Nagios to monitor their splunk instance? I've seen that there was a check_splunk plugin...

by Builder in

how to perform lookups on summary index data

I have a lookup on sourcetype=vipservices csv file has values like so jurhash, jurhasfriendlyname somehashvalue, s...

by Contributor in

After transaction: "Field '_raw' does not exist in the data"

I'm using a transaction to group events within 30 minutes of one another. What I want to do after that is "undo" one ...

by Communicator in

How to split a transaction?

I'm using transaction ... | search duration>x to eliminate some noise, but then I want to break the events bac...

by Contributor in

How to use field values as column headers?

It is best to demonstrate with an example: Example of data: And expected tesult table:

by Explorer in

Some RegEx help with date formatting

I am extracting a date/time stamp out of some XML; however, I need to strip out the time from the string. i.e. - 3...

by Communicator in

Seperation by Type

All of the Event's in Splunk have MAL,WM,W32,Troj,CXmal,JS,or Vir in their name. Is there a way to separate all of th...

by Path Finder in

Issue with strptime

I am trying to reformat a date field in Splunk. I have a field called "last_updated_date" and its value is 2012-04-03...

by Communicator in

All fields from a lookup.csv file appear except the date field?

All fields from a lookup.csv file appear as available search fields except the date field. Here is how I defined t...

by Path Finder in

Problem Creating new search time field extraction Thru the REST API and Java Splunk SDK

I have a problem creating new search time field extractions using the Splunk's REST API and the Java SDK. This is ...

by Communicator in

Create new Field Extraction regex expression via REST API Java SDK

I have created a new field extraction on props.conf via Splunk REST API I have a raw message that looks like this....

by Communicator in

Rename same field different things

I have a search using transaction and the startswith/endswith but I don't know how to call the Task_time field in the...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

multiline match for same pattern

tostring turning integers into decimals

Search pages based on their response time

search for unique userid in one hour window

connect/concatenate two searches into one and visualize it as a single value

How to add a field from a previous line to every logged event/line?

Regex "(?<!\d)"

return a result from fields based on 2 queries

How to get a count and percentage for denied connections in cisco web appliance

regex TEXT

Search Progress Indicator

Alert from 2 searched values that calculate a percentage

Adding search-server / CLI

Monitoring Splunk with Nagios

how to perform lookups on summary index data

After transaction: "Field '_raw' does not exist in the data"

How to split a transaction?

How to use field values as column headers?

Some RegEx help with date formatting

Seperation by Type

Issue with strptime

All fields from a lookup.csv file appear except the date field?

Problem Creating new search time field extraction Thru the REST API and Java Splunk SDK

Create new Field Extraction regex expression via REST API Java SDK

Rename same field different things

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions