Splunk Search

Community Activity

How to get 2 values out of a string using rex command I have the following sample data returned that I'd like to extract 2 fields out of it: 1) The value after the "T " a... by rilee Explorer in Splunk Search 06-30-2021 0 3	0	3
Error in 'eval' command: The expression is malformed. Expected ). <query>"$ps_fn$" \|rex field=message "(?<Http>HttpStatus): (?<status>\\d+)" \| eval status=(status, "4%")... by cmarrott Explorer in Splunk Search 06-30-2021 0 5	0	5
How to determine which deployment server a forwarder is phoning home to? I have multiple deployment servers.The global deployment server is to distribute basic configurations and also config... by keithyap Path Finder in Splunk Search 06-30-2021 0 5	0	5
Show all events for individual users during a timeframe Creating a dashboard to track when users badge into and out of different areas.Problem: If I do a basic search for a ... by ervinsmith Explorer in Splunk Search 06-30-2021 0 2	0	2
what is the reason for getting events with source=unknown As I am indexing the data, I notice that apart from the 'sources' that are appearing correctly (/var/log/filename.gz ... by hemantbhatta Explorer in Splunk Search 06-30-2021 0 5	0	5
I am getting the Error in 'eval' command: Type checking failed. '-' only takes numbers, while calculating difference Hi ,My wish to get the difference between yesterday and todays Pass % and fail % for different sourcetypes .I have tr... by dtccsundar Path Finder in Splunk Search 06-30-2021 0 4	0	4
Find results that appears in a % of the cases and list the outliers Hi there,First of all, thank you for any comment.I am looking for a way to identify if I have any index missing acros... by felipesodre Path Finder in Splunk Search 06-30-2021 0 1	0	1
index=_metrics is not a floating point value Hi Team,We noticed that every time a Indexer is restarted, the search head and the Indexer itself pops up with a mess... by neeravmathur Path Finder in Splunk Search 06-30-2021 0 0	0	0
How to use the sendemail command to send an email to different recipients from a lookup per event? Hi. I have a lookup object named user_email which contains a notified email list. If there is at least an event foun... by splunkrocks2014 Communicator in Splunk Search 06-30-2021 0 5	0	5
How to send individual emails that appear in the search results Hi team, I have search results with CUID is the email(I will append my company domain to CUID, so that mail will go... by pavaninpdl New Member in Splunk Search 06-30-2021 0 4	0	4
sending emails to users that appear in search results Hi, The question was asked before but I couldn't find a good answer anywhere. Here goes... I have a search result wi... by AssafLowenstein Explorer in Splunk Search 06-30-2021 0 5	0	5
How to use the sendemail command to send results to different emails created with eval? Hi splunkers !!! Need help. I used eval to create a field with the email address for some users: search myquery....... by kalianov Path Finder in Splunk Search 06-30-2021 0 6	0	6
How do i get the url without params I am trying to make a report based on the url, and avg response that certain url is taking. I am able to get the logs... by mikeyty07 Communicator in Splunk Search 06-29-2021 0 8	0	8
Eval for Performance based on Category and if below MaxResponseTime Hi,I want to look at each response_time value for each Tier, and count the amount of response times that are above an... by ebs Communicator in Splunk Search 06-29-2021 0 6	0	6
Splunk 8.0.1 and 8.2.0 stats latest behaving differently Following produces values for a and b in Splunk 8.2.0, but in 8.0.1, values of a is emptyIs there any changes in beha... by mrrijo New Member in Splunk Search 06-29-2021 0 2	0	2
SPL \| REST command does not work when non-Admin User with these capabilities fails, but ADMIN user works. This SPL works fine when logged in as ADMIN, but does not ... by simpkins1958 Contributor in Splunk Search 06-29-2021 0 4	0	4
Splunk SPL to detect anomaly over usages from indexes Hello ,I would really appreciate your help in creating a splunk search query to find out the anomaly over size from ... by bhilim Loves-to-Learn Lots in Splunk Search 06-29-2021 0 2	0	2
Use the result from the subsearch to a main search In one of the search strings, I have an event from which i extract the correlation ids and in turn want to search thr... by thenormalone Path Finder in Splunk Search 06-29-2021 0 3	0	3
earliest and latest HH:MM across multiple days I want to set dynamic SLA's for File Processing. In order to do this I need to:1. get the earliest HH:MM:SS the job ... by middlemiddle Explorer in Splunk Search 06-29-2021 0 4	0	4
How do i search for IPv6 addresses from my src_ip field. I'm trying to do a search that finds IPv6 addresses. Currently our field src_ip has both IPv4 and IPv6 in it. How can... by cesaccenturefed Path Finder in Splunk Search 06-29-2021 2 5	2	5
How to use stats instead of transaction command ? log1 : user_id , status=interrupt,log2 : user_id, status = successHi All,I want to find user_ids that failed due to a... by appu Explorer in Splunk Search 06-29-2021 0 1	0	1
Combine two searches Hi, I have 2 sample logs and I need to combine them into 1 query to grab the "Accesses" values,Due to the log format ... by qysplunk Loves-to-Learn Lots in Splunk Search 06-29-2021 0 0	0	0
Help with Boolean query Below is an example of what I want to accomplish: If x="example" and y="success", return true for this segment. If x=... by TheBravoSierra Path Finder in Splunk Search 06-29-2021 0 1	0	1
Searching data that is not indexed We have data which is not being indexed that needs to be searched. I've been told by our Splunk admin team that the d... by RedHonda03 Explorer in Splunk Search 06-29-2021 0 3	0	3
Exclude Source IP and Destination IP from results if they belong to same private ip range Hi There,How do i Exclude Source IP and Destination IP from results if they belong to same private ip range? For e.g.... by sarwshai Communicator in Splunk Search 06-29-2021 0 6	0	6