Splunk Search

Community Activity

How do i extract field usinng regex . Hi all,I'm new to splunk and i had hard time extracting fields using regex for the following example :Class (six, se... by bpot Engager in Splunk Search 09-11-2020 0 2	0	2
What is the most efficent way to do partial matches on a field? I want to check if a field contains a specific value and the field is multivalue. What is the most efficient way to ... by frbuser Path Finder in Splunk Search 09-11-2020 0 6	0	6
TIme Conversion Hi ,how to change the below raw time field to yyyy-mm-dd hh:mm:ss2020-09-09T18:21:12.2685607Zam using the below query... by krvamsireddy Explorer in Splunk Search 09-11-2020 0 6	0	6
Get Log size I want to get the log size in MB and GB. I have used this command index=index1 \|eval raw_len=(len(_raw)/1028) \| stat... by jw44250 New Member in Splunk Search 09-11-2020 0 6	0	6
DBX Query Hi,I am having issues with dbx queriesI created a dashboard with dbx queries, I can run the queries, dashboard displa... by JacketPotato New Member in Splunk Search 09-11-2020 0 2	0	2
Timechart Table with "No results found" Hi all, I have a request from a tenant in our environment that requires us to create a dashboard where each column is... by kaeleyt Path Finder in Splunk Search 09-10-2020 0 9	0	9
How to run a search that compares errors in results from two different indexes? I have two searches below: index=dev 'error' index=prod 'error' I want to run the above searches together for the... by raj11 Explorer in Splunk Search 09-10-2020 0 10	0	10
Can I add two table values in a single table Hi team, How can I add the below two queries into one single query and present in a single table.query 1 : index="dev... by rkishoreqa Communicator in Splunk Search 09-10-2020 0 3	0	3
cisco asa add-on - default regex not working in UI with regex/rex command HelloI download cisco asa add-on from splunk base and in default folder/transforms.conf some regexes cannot be used i... by net1993 Path Finder in Splunk Search 09-10-2020 0 1	0	1
Time matching w/ a +/- 5 min window Greetings Splunkers,I have a lookup file that has a list of set jobs with a frequency timestamp (e.g. Mon-Fri @ 3:30)... by cquinney Communicator in Splunk Search 09-10-2020 0 4	0	4
Seeing no results when broadening streamstats search - Concurrent Failed Logins Hi All,I've been working on a search that will give me the Account_Name of someone who has failed to login 6-10 times... by rquish94 Explorer in Splunk Search 09-10-2020 0 4	0	4
When there is no result filed is displays as "No logon found". I want to color that value " the below displays first login in the system. If user has no logon information, it should display "No logon found" in... by Flyhigh1010 Loves-to-Learn Lots in Splunk Search 09-10-2020 0 0	0	0
How do you make fields into individual rows with each field value? I have a search that does the following: \| inputlookup system_scores.csv \| search "big search goes here" \| fields ser... by UMDTERPS Communicator in Splunk Search 09-10-2020 0 4	0	4
SPLUNK ITSI (Cloud) I have an urgent requirement to build a datasets where I have to create multiple fields based on a flag field.eg. but... by alekur Loves-to-Learn Lots in Splunk Search 09-10-2020 0 0	0	0
Need help in writing query in Splunk Query required :If a count of certain condition in the last rolling 12 hours exceeds 10% more than the avg daily numb... by vn_g Path Finder in Splunk Search 09-10-2020 0 3	0	3
Splunk tracking user with timebased lookup I want to tracking login and logout users on computers with timebased lookup.I have logon and logoff time for example... by burakatabay Path Finder in Splunk Search 09-10-2020 0 1	0	1
Calculating Kill / Death ratio in a game at iPhone 11 I'd like to calculate K/D ratio for the game Insurgency.it game battery iphone it hotI have two searches that can cal... by muhammadblibla Observer in Splunk Search 09-10-2020 0 1	0	1
How can find all the possible fields from our raw logs for a index, excluding internal fields generated by Splunk Hi,I want to generate a new dashboard from the splunk logs .I want all the fields that are present in the raw data . ... by aditsss Motivator in Splunk Search 09-10-2020 0 6	0	6
Omit "NULL" and "OTHER" from area chart How do I omit "NULL" and "OTHER" from the results of an area chart? by srussellnpr Explorer in Splunk Search 09-10-2020 7 5	7	5
searching fields that have multiple lines by using \n or \r\n doesn't work but using does I'm trying to do some windows event blacklisting due to a high volume on a particular server. However, I'm having tro... by smartalik Engager in Splunk Search 09-10-2020 0 4	0	4
Extract 'table structured' data from log file using Perl. I have a log file in a table structured form like this,Code send_id dest_idAW 96 45BX 65 78Now here I have to change ... by A3gupta New Member in Splunk Search 09-09-2020 0 1	0	1
Dashboard on email at scheduled time Can a html dashboard be sent on email??I have created an html dashboard with modified css and html code and I want th... by priya0709 Path Finder in Splunk Search 09-09-2020 0 1	0	1
How to combine a csv and savedsearch and retrieve matching and unmatching results ? I have a savedsearch which is a result of json data. Similarly I have a master csv. I have Assettag field common in b... by kavyamohan Explorer in Splunk Search 09-09-2020 0 1	0	1
get rows in lookup that does not have entry in search result I have a Lookup "Consumer_Lookup.csv" (30 rows approx)Consumer RestrictedA YB ... by dchoubey Engager in Splunk Search 09-09-2020 0 2	0	2
How to transpose a table? (without using Transpose command) My Table looks like this VF_Price Huyndai_Price Jaguar_Price345 412 542I wan... by zacksoft Contributor in Splunk Search 09-09-2020 0 6	0	6