Splunk Search

Community Activity

Regex expression to extract IP from a raw log file Hi all,I am trying to extract an IP and the word "HOST_NAME" from a raw log file using the following regex expression... by ssaini5 Explorer in Splunk Search 08-12-2020 0 5	0	5
I need to bring back a zero value if my search does not bring anything back. index=xxxx source="/esbplogsdir/prod/Enable/LOG_Maximo_LSI_Work/Maximo/LSI_IN_msg_prod.log" OR source="/esbplogsdir/p... by nls7010 Path Finder in Splunk Search 08-12-2020 0 1	0	1
How to extract fields from regex and put in a table My current search is: index=rtm* source=/prod/msp/logs/private-auto-loan-credit* \| regex "The rule (?<field1>[a-zA-Z0... by splunkuser2127 Loves-to-Learn in Splunk Search 08-12-2020 0 1	0	1
How can I hide the real-time search options from the users? We would like to disallow our users to use real-time searches. Where do we block the feature from the users? by danielbb Motivator in Splunk Search 08-12-2020 0 2	0	2
Regex help Required Hi All,We are planning to ingest the SQL login success and failure logs into Splunk. So in the logs there are lot of... by anandhalagaras1 Contributor in Splunk Search 08-12-2020 0 5	0	5
Getting the error ImportError: splunklib.modularinput I'm running Cisco AMP events input on Splunk 8 on python 2.7.17 and received the following error after configuring th... by uhaq Explorer in Splunk Search 08-12-2020 0 0	0	0
Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs Cisco eStreamer eNcore Add-on for Splunk v3.6.8 has two EXTRACTs with errors in them. EXTRACT-extract_src and EXTR... by chris_barrett SplunkTrust in Splunk Search 08-12-2020 2 1	2	1
case: defaulting to "value" rather than NULL Hi, I'm using an "eval myvar=case(...)" like the one in the splunk documentation: ... \| eval description=case(error ... by zza2009 Engager in Splunk Search 08-12-2020 3 4	3	4
Search for text in log containing say, "non contact" but not just "contact" I have logs that say both contact and non contact. I would like to distinguish them in a search with the complete "no... by here2infinity Explorer in Splunk Search 08-12-2020 0 1	0	1
How to get index of a particular letter in string How can i find index of last occurrence of letter in value of a field string splunk_user microsoft_good_task god_pa... by ma_anand1984 Contributor in Splunk Search 08-12-2020 0 6	0	6
What should be my condition that will trigger the alert action, for a search string below Hello,I have a search string like below, where it is fetching data from stage and giving out aggregates of Trades for... by Snehaan Explorer in Splunk Search 08-12-2020 0 16	0	16
How to calculate average for the data which will get changed based on time interval ? I have below kind of data.App Name StatusApp1 0App2 0App3 0App4 ... by georgear7 Communicator in Splunk Search 08-12-2020 0 4	0	4
Using lookup to filter out fields from current searches against lookup fields Hello Splunk members!I currently have a search that produces "Users" connecting to certain "hosts" whereas the status... by MJA411 Explorer in Splunk Search 08-12-2020 0 0	0	0
How to convert the output of tostring or convert a duration field? I have a search that returns the diff of two times, but the user wants it in "1 day 5 hours and 23 minutes" format no... by jameswatts Explorer in Splunk Search 08-12-2020 0 3	0	3
Search That Looks Back in Time and Checks Fields I need assistance building a search that looks back in time 5 minutes to check and see if fields are present. If so ... by jodros Builder in Splunk Search 08-11-2020 0 6	0	6
How to use the existence of a preceding event in timechart? I have an index where each event has unique EventID and Status fields.Each event is progressing through multiple inte... by pm771 Communicator in Splunk Search 08-11-2020 0 2	0	2
How can my dashboards switch over to the next day at 12AM ETC rather than 12AM UTC? All of our Splunk users, including members of our Leadership Team are currently in the US/Eastern time zone. All of t... by adnankhan5133 Communicator in Splunk Search 08-11-2020 0 3	0	3
Getting authentication error when session login fails in Azure Databricks. Hi All, I am trying to access Splunk from inside the Azure Databricks instances. I have requirements to run queries f... by sbuxplat Observer in Splunk Search 08-11-2020 0 0	0	0
wanted to populate mutiseect token with if else condition in panel HiI have a dashboard, my requirement is like when a user will select a value Splunk in a multi-select, my pannel quey... by bapun18 Communicator in Splunk Search 08-11-2020 0 6	0	6
Removing Object from Json Array Currently I have splunk injecting AWS logs showing NACL's. Each event has an array that is called network_acl_entries... by stoneyhrm Observer in Splunk Search 08-11-2020 0 1	0	1
Regular expression only one value Dear, I need to identify some duplicate events that are right after the "Call-ID:", however in Splunk I am not getti... by leandromatperei Path Finder in Splunk Search 08-11-2020 0 1	0	1
REGEX HELPING PLEASE struggling to extract underlined items as RUN NAME by trevorkubheka New Member in Splunk Search 08-11-2020 0 4	0	4
How to force today's date column to display if no data generated for today's date? I currently have the following SPL query that generates a table, and appears as follows:Service IDResource NameTransa... by adnankhan5133 Communicator in Splunk Search 08-11-2020 0 1	0	1
Need Help to pull the logs in the below format Hi Community,I was trying to pull the logs in the following format _time, src, dest, src_port, dest_port by using st... by mputtam Path Finder in Splunk Search 08-11-2020 0 1	0	1
Set "latest" search time to 7 days after "earliest" Hi all,I'm trying to set the search period such that "earliest" is a specific day, and "latest" is 7 days after that.... by wu_weidong Path Finder in Splunk Search 08-11-2020 0 1	0	1