Splunk Search

Community Activity

How to create an eval on random data string ? Hi,My issue is : I want to create a field from random data string (always the same) which is not present in all logs.... by mah Builder in Splunk Search 07-09-2020 0 3	0	3
How to remove spaces from the beginning and end of a field value? I want to remove spaces from starting and ending of field I was trying to achieve this using ... \| rex mode=sed fie... by mkhan_splunk New Member in Splunk Search 07-09-2020 0 8	0	8
Use Regex to extract data from _raw and rename the extracted field Hello Splunkers,Please advise how to use regex to extract the below specific fields from _raw data and also add/rena... by promukh Path Finder in Splunk Search 07-09-2020 0 4	0	4
Table creation with desired fields I have the query below, but i i dont want the services to like this.. how can i get the names of the services to be ... by sphiwee Contributor in Splunk Search 07-09-2020 0 2	0	2
Combine a field from a previous row based on other fields and create another field Here's an example data in splunk (bookstore logs):time(ms)idstagepayload1020984aaaa-bbbb-cccccheckoutLord Of The Ring... by datatan Engager in Splunk Search 07-09-2020 0 3	0	3
Saved Search vs. Open Search Server Error in Query Good day Splunkers,Today doing an audit of my Alerts, I opened one in "Open Search" and immediately got "Server Error... by gearmstrong Path Finder in Splunk Search 07-09-2020 0 3	0	3
Clarification needed on eval split() function For the following search command, what is the expected output? \| makeresults \| eval text_string = "I:red_heart:Splunk... by malvidin Communicator in Splunk Search 07-09-2020 1 6	1	6
Using lookup table & Append I have two queries. First one has multiple fields: source, IP, comment & cIP and this is exported CSV as a output loo... by srizan Path Finder in Splunk Search 07-09-2020 0 0	0	0
Match on 2 csv and index and return stats Hello, GOAL: determine if application server has logged based on a list of application ID codesI have 2 csv lookups A... by splunkster1 Observer in Splunk Search 07-09-2020 0 0	0	0
Why am I getting error "Configuration initialization for {Path} took longer than expected when dispatching a search"? The following error is displayed can't figure any solution need help. Configuration initialization for {Path} took l... by himapate Explorer in Splunk Search 07-09-2020 1 4	1	4
Cannot add fields from lookup file to events Good Day,I am working with the following:Through an indexer I have Three fields of interest, Field A, Field B, and Fi... by ewv1973 Engager in Splunk Search 07-09-2020 0 2	0	2
How to sort dynamic column names after timechart and transpose Hi,I'm creating a report with the following search that runs each month covering the past 3 months of data.It works a... by gnoriega Explorer in Splunk Search 07-09-2020 0 2	0	2
Regex/Rex - Non Capture Groups Hi all. New here. So I have been working with some data strings that contain varied asset numbers for computers and s... by Curlyshrew Observer in Splunk Search 07-09-2020 0 5	0	5
Create a dashboard that displays a user name accounts that have received a password reset email. I'm trying to create a dashboard that displays a user name accounts that have received a password reset email. by ephrem3232 Explorer in Splunk Search 07-09-2020 0 1	0	1
What I did wrong here with makeresults command Hello experts,I am trying to create a custom macro, from that it will returns a result depends on the argument I pass... by thinhdinh Path Finder in Splunk Search 07-09-2020 0 3	0	3
Checking mvexpand Memory Usage Hi All,We are trying to get the memory usage of mvexpand command so that we can set the max_mem_usage_mb in the limit... by alvin_sulendra New Member in Splunk Search 07-09-2020 0 0	0	0
Local Documentation: Is it possible to have a local copy of what is at docsCheckerBaseURL? Is it possible to have a local copy of what is at docsCheckerBaseURL by NocSystems Engager in Splunk Search 07-08-2020 2 7	2	7
How to use iplocation to search for instances of a specific city or region? Hello, I am trying to use iplocation to search for instances of a specific city or region for example: * iplocation... by mgp173455 Loves-to-Learn in Splunk Search 07-08-2020 0 3	0	3
How to add DATE to a timestamp without a date We have some log files with name like this: logs_2020-06-30.logs. A sample events looks like this: 2020-07-01 12:01:5... by season88481 Contributor in Splunk Search 07-08-2020 0 1	0	1
transforms.conf INGEST_EVAL cannot get current time Hi everyone, I am trying to add a field for the current OS time. Here is my props.conf and transforms.conf #props.co... by season88481 Contributor in Splunk Search 07-08-2020 0 2	0	2
How to create custom command in python to write result SPL to CSV file? Hi splunker, I would like to create a python custom commands to write results of SPL commands in a CSV file. this is ... by raindad85 New Member in Splunk Search 07-08-2020 0 1	0	1
Statistical analysis of failed logins I have been trying to look at statistical figures for failed login attempts over a 30 day period for each user by the... by maxywalker1 Explorer in Splunk Search 07-08-2020 0 4	0	4
Co-relation Search between two data sources Mighty Splunk people... I'm having a problem creating an alert for following scenario: Data source 1: index=mail sou... by swaguzari Engager in Splunk Search 07-08-2020 0 5	0	5
Finding ip's not in a inputlookup Hi All,I appreciate that there are tons of answers on this but I am having issues getting it to work!I have a csv nam... by realtimetechnol Explorer in Splunk Search 07-08-2020 0 1	0	1
'Empty' a csv on a daily basis Hi all,I have a dashboard where users can add comments to a .csv lookup file. The comments are only related to the d... by timrich66 Communicator in Splunk Search 07-08-2020 0 2	0	2