Splunk Search

Community Activity

Regular Expressions Tutorial I am looking for a complete tutorial on regular expressions in splunk. A tutorial that will be able to teach from the... by Joannelr Explorer in Splunk Search 04-08-2020 2 17	2	17
サーチが遅れている旨のエラーが表示される。サーチが遅れている旨のエラーが表示されるようになりました。どのサーチがどのくらい遅れているのか、状況を確認したいのですが、どのように確認するのが適切でしょうか。【エラー内容】 The percentage of non hig... by mcdp_matsumoto New Member in Splunk Search 04-08-2020 0 1	0	1
Is there a "zip_longest" like function in Splunk? I have this search/report: host=app-dev-001 terminating OR rehire \| convert timeformat="%Y-%m-%d" ctime(_time) AS dat... by iiooiiooiioo Explorer in Splunk Search 04-08-2020 0 2	0	2
Run the condition on multiple fields of each events I have set of events as below: EmployeeID Company C123 ABC C456 ... by khojas02 Engager in Splunk Search 04-08-2020 0 2	0	2
How can you rewrite log data to overwrite sensitive information? If there were a field that one wanted to overwrite, say it was an API token for example, and it had already been logg... by jonzatlmi Explorer in Splunk Search 04-08-2020 0 6	0	6
Applying conditional to a subset of results? See the dataset below. Ultimately (this is part of an inner join with another search) I'd like to return the the late... by jamesklassen Path Finder in Splunk Search 04-08-2020 0 3	0	3
How to capture the hits per day on LiveSite/OT servers?? Hey All, Back again with another interesting question. How do we get the number of hits per day for linux/livesite... by mike000 New Member in Splunk Search 04-08-2020 0 9	0	9
Accelerated data model returning partial results when using summariesonly=true Hello everybody, I see a strange behaviour with data model acceleration. I have a data model accelerated over 3 mont... by mas Path Finder in Splunk Search 04-08-2020 0 1	0	1
Splunk cannot index and search Charset UTF-8 without BOM I have files encoded with UTF-8 without BOM(found out in notepad++), but splunk cannot index or search the events of ... by kambiu New Member in Splunk Search 04-08-2020 0 3	0	3
Compare two searches Hi guys, I am having some issues extraction a comparaison between two different search, Let's assume the following... by habrhi Explorer in Splunk Search 04-08-2020 0 2	0	2
How to visualize more than 100 rows in a table in the dashboard? Hi, I'm using the following option for a table in a dashboard: <option name="count">xx</option> and it successful... by jojocalman Engager in Splunk Search 04-08-2020 1 7	1	7
Lookup match_type WILDCARD not working Greetings experts, I have an alert configured to output the search results to a lookup file. And I need to be able t... by atownson Explorer in Splunk Search 04-08-2020 0 0	0	0
Splunk Query for user accessing assets Hi All, I need to create a query where user access a same destination from 5 or more sources, also in that query opp... by sarwshai Communicator in Splunk Search 04-08-2020 0 5	0	5
regex question I am trying to get exactly 10 digits which might be between white spaces or symbols etc: 1234567890 ,234567890 , 12... by nathanluke86 Communicator in Splunk Search 04-08-2020 0 6	0	6
Need to understand Regular Expression Team, Can anyone please help me to understand the below regular expression used in field extraction? (?i)CPU_COUNT\... by abilann New Member in Splunk Search 04-08-2020 0 6	0	6
sort descending avg time field in results i have a field "avg_time" which i want to display in descending order. tried sort -avg_time but didn't worked eval n... by MOHITJOSHI Engager in Splunk Search 04-07-2020 0 1	0	1
How to arrange the common values of different fields in the same row and uncommon values after the common values Hello, I have a data from two different sourcetypes. In that data, I have two specific columns where in I have to ch... by mnarmada Path Finder in Splunk Search 04-07-2020 0 6	0	6
How to deal with repeating fields in a single event We noticed that Microsoft OWA logs produce a repeating field. How can we make them into individual ones instead of ju... by uhaba Explorer in Splunk Search 04-07-2020 0 3	0	3
Hi, I have a scenario to filter the logs events before they get index using HTTP events collector. I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA lo... by rashi83 Path Finder in Splunk Search 04-07-2020 0 1	0	1
KV_MODE=xml not working but xmlkv is I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I... by willcwhite Explorer in Splunk Search 04-07-2020 0 1	0	1
Extract data from a txt file Hello everyone, I have the attached file that is generated every night through my client's internal system and I nee... by leandromatperei Path Finder in Splunk Search 04-07-2020 0 6	0	6
Subsearch return multiple fields Hi and thank you in advance. I've simplified the problem for brevity sake. I'm trying to return multiple fields by ... by antb Path Finder in Splunk Search 04-07-2020 0 2	0	2
use the heat map option and highlight the max and min per each column. hi there THis is my sample data. I want to use the heat map option and highlight the max and min per each column. S... by HattrickNZ Motivator in Splunk Search 04-07-2020 0 1	0	1
Math function on stats count I would like to do some math operation of retrieved count of each values. Eg: 3185.5 + 4182.5 + 545 + 832 and g... by anz999 Loves-to-Learn Lots in Splunk Search 04-07-2020 0 3	0	3
Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+. I have this splunk search: host=app-dev-001 terminating \| convert timeformat="%Y-%m-%d" ctime(_time) AS date \| sort ... by iiooiiooiioo Explorer in Splunk Search 04-07-2020 0 1	0	1