Splunk Search

Community Activity

Calculate Bucket Thaw Time Hey All,Was just curious if there is a way to calculate how long it should take to thaw\rebuild frozen buckets for se... by adalbor Builder in Splunk Search 12-15-2020 0 0	0	0
how to split string in splunk Hi @all, i have following string which i want to break into there fields: service_name, host and port_idmetics-ha-592... by Khushboo Explorer in Splunk Search 12-15-2020 0 3	0	3
Searching for Hash Values on the Network Hello All! I have a .csv file that contains a list of about 100 or so hash values that I'd like to create an aler... by itsmevic Communicator in Splunk Search 12-15-2020 1 2	1	2
Replace a character with a linebreak in table results I would like to replace all characters "___" in a certain field with a linebreak in my Table module. I am currently ... by cmak Contributor in Splunk Search 12-15-2020 0 7	0	7
How to extract a field that has value more than 10 sec? I have a splunk query that gives me all the logs of slow queries(AQL) but I need to know which ones have taken more t... by splunknoob2020 Engager in Splunk Search 12-15-2020 0 3	0	3
Time-based lookup for KV Store I'm trying to get the time-based functionality to work on a kvstore, but I'm not getting anywhere. I have taken a loo... by BernardEAI Communicator in Splunk Search 12-15-2020 0 0	0	0
Remove spaces in result of format function I would like to make use of the format function to modify the results of a sub-search. I'm getting spaces in the outp... by BernardEAI Communicator in Splunk Search 12-15-2020 0 1	0	1
File Extraction with empty field on Space delimited events My events are as below: Mon Nov 23 09:21:57 2020 6 10.0.0.3 3783 /root/A/P2/source1/POL.IDM b s i r kumar ssh 0 * Mo... by rangarbus Path Finder in Splunk Search 12-15-2020 0 1	0	1
How do I extract data from this aide output All, I had originally handles this with HUGE pile if SED commands and loops in a BASH script. But I am thinking the... by daniel333 Builder in Splunk Search 12-14-2020 0 4	0	4
Alternative method to using Join command Hello,I am a big fan of using Join for combining results of different sourcetypes and indexes (especially with a type... by zekiramhi Path Finder in Splunk Search 12-14-2020 0 7	0	7
Inefficient Query - Same Base Query, Multiple Time Ranges earliest -24h, -30d, -60d I need some suggestions on how to make this query more efficient. We would like distinct count of workstation by sit... by splunkyj Path Finder in Splunk Search 12-14-2020 0 2	0	2
Consolidating multiple REX commands into one single REX search Hello! It's me again!I'm looking for a way to consolidate multiple different REX commands into a single command. The ... by TorbinIT Path Finder in Splunk Search 12-14-2020 0 2	0	2
Fill missing values from stats command I am using a bin of 10 minutes with stats for the past hour. What I am running into is that when doing so not all ite... by aohls Contributor in Splunk Search 12-14-2020 0 1	0	1
How add stats table to each row in a stats table I built a dashboard to view the stats count of applications with the below query.Query : index="bw6_stg" ErrorReport\|... by rkishoreqa Communicator in Splunk Search 12-14-2020 0 5	0	5
regex from logs 2020-11-30T23:59:46.101621+00:00 fdb2.fdb-us-south-002 2020-11-30T23:59:45Z { "Severity": "10", "Time": "1606780785.5... by rajneeshdba Explorer in Splunk Search 12-14-2020 0 1	0	1
How do I write a regex that extracts a field behind a specific string? My application has multiple plugins and the Splunk event contains the number of plugins that have failed to load. Som... by zacksoft Contributor in Splunk Search 12-14-2020 0 4	0	4
The Action field shows no result while running a search using Datamodel (tsats) Hello,I recently tuned my Authentication Datamodel and I cannot see any result in the action field while running a se... by ralam Explorer in Splunk Search 12-14-2020 0 4	0	4
Field Extraction with Multiline and Single line mixed Hi Team:Here on the Extraction for Event 2, the MESSAGE field is extracted as empty as its not multiline.How should i... by rangarbus Path Finder in Splunk Search 12-13-2020 0 1	0	1
How to combine result of two query where there is common field after renaming . Hi All, I have two query as below. index is same, where as sourcetype and source is different on both query.There i... by shyambiswal New Member in Splunk Search 12-13-2020 0 2	0	2
What's Wrong With This Query? Hi, Any thought off-hand as to what I'm not accounting for?Looking to extract values from a field in unstructured log... by ahcarpenter Engager in Splunk Search 12-12-2020 0 2	0	2
How to extract a particular field and value from JSON data in Splunk? We have the below data, out of which I wanted to extract a particular field and value from the json format. PLATFORMI... by khandelwaly Explorer in Splunk Search 12-12-2020 0 1	0	1
define timestamp for json Hi,I have a simple json like below , {"env":"p1","label":"1788_kapi_fed","App":"admin-ipo-sel","lastUpdate":"2020-10-... by kirrusk Communicator in Splunk Search 12-11-2020 0 3	0	3
MAP with REGEX not working hi,i wanted to fetch some information from my logs. here is the scenario:index=xyz host=xxx.com source="/as/df/gh/*.l... by berserkersyco New Member in Splunk Search 12-11-2020 0 1	0	1
Performing a lookup using a string literal instead of a field name I'm performing a lookup against a csv and need to use two columns (description and function) to return the correct va... by AlexBryant Path Finder in Splunk Search 12-11-2020 0 2	0	2
Repeating fields Hi guys, I'm looking to add a new column to my inputlookup. The idea is to mark the values that repeat e.g.: Email Th... by klaudiac Path Finder in Splunk Search 12-11-2020 0 1	0	1