Splunk Search

Community Activity

Issue with field extraction regex Hello plp, I have this problem, i need to extract 2 fields of this event. [14/04/2020 16:17:49][INFO][http-8080-36][a... by tinpelayee Engager in Splunk Search 04-15-2020 0 1	0	1
Count repeated failured logons following a successful logon Here's what I got so far: index="myindex" (host="192.168.0.100" OR host="192.168.0.101") (msg="login OK" OR msg="log... by tmontney Builder in Splunk Search 04-15-2020 0 5	0	5
Extract the fields from below mentioned log in json response Hi, Need help in extracting the values from the below mentioned tags divisionID - Value:... by vijaysubramania Path Finder in Splunk Search 04-15-2020 0 6	0	6
Lookup command not functioning properly Hi all, I have the following command:- \| savedsearch issue_with_lookup team="$token$" team_from_roster="$token$" te... by ayushmaan_22 Explorer in Splunk Search 04-15-2020 0 4	0	4
Calculating Splunk data Compression Size Hi , I looked the daily ingestion for an index i am seeing total data ingested in last 7 days to an index is 800 GB.... by ram254481493 Explorer in Splunk Search 04-15-2020 0 0	0	0
Are there limits for lookups in regards to extracting fields from them? I have a lookup that recently stopped auto extracting fields. What I've noticed is that if I do a join, I can join i... by briancronrath Contributor in Splunk Search 04-14-2020 0 1	0	1
Extract multiple fields without knowing their order in TRANSFORMS Hi, I need to extract multiple fields (from events that are coming via HEC) and assign an index based on the concaten... by ilya_resh Engager in Splunk Search 04-14-2020 0 4	0	4
LOG4J CIM? A number of applications and services in our environment use LOG4J for logging. Is there a CIM (Common Information Mo... by mitag Contributor in Splunk Search 04-14-2020 0 8	0	8
Timechart: p99 requests/min by client I have a dataset of Nginx (a web server) request logs. Each entry contains a client_ip. I want to impose some rate li... by amomchilov Explorer in Splunk Search 04-14-2020 0 5	0	5
How to learn Search processing language? Please i want to learn search processing language, is there some of video tutorial in? by saotaigiri Path Finder in Splunk Search 04-14-2020 0 2	0	2
How can I split values based on two possible delimiters? \| eval field2=mvindex(split(word, " "),2) How can I split based on either space " " or comma "," Beforehand, I do ... by smhsplunk Communicator in Splunk Search 04-14-2020 1 7	1	7
question about complicated condition search I am facing a difficult problem about search, the condition is: I want to filter the user who change his/her logon so... by lllidan New Member in Splunk Search 04-14-2020 0 6	0	6
How to get count by unique value? Hi, I am new to Splunk. I have below log which is capturing product id, Header product-id, 12345678900 Header produ... by vel4ever New Member in Splunk Search 04-14-2020 0 5	0	5
Static Fields Hi everyone, I'm going through the course Splunk Fundamentals 2 and I'm sorry if the question is too easy: what does... by tepus Explorer in Splunk Search 04-14-2020 0 4	0	4
Get % values out of a query I have the following query. The key TEST_DECISION has 4x possible outcomes. CALL_FAILED, VALID, INVALID, NOT_CALLED. ... by angersleek Path Finder in Splunk Search 04-14-2020 1 1	1	1
What is the best way to get list of index in my splunk Currently i'm running this command for 2 days, it takes quite a lot of time index=* \| stats count by index Is there... by ma_anand1984 Contributor in Splunk Search 04-14-2020 2 8	2	8
Help optimising a query Hi All I'm fairly new to Splunk, and still very much learning (its a small hobby), and I recently found Elastic Beat... by kwestlake Engager in Splunk Search 04-14-2020 0 2	0	2
Multiple Blocked Queues on Multiple Hosts I run the query below every so often to see if there are any blocked queues and most of the time I see results when I... by wwhite12 Path Finder in Splunk Search 04-14-2020 0 1	0	1
regex to extract field Hello, This is my character string user=YHYIFLP@intra.bcg.local i want to display just YHYIFLP, i use \| eval use... by numeroinconnu12 Path Finder in Splunk Search 04-14-2020 0 4	0	4
How to force the sequence of search-time operations to perform calculated fields AFTER lookups ? Hello, I try to figure out how to perform fields calculation based on rules coming from a lookup table. This is my ... by dhtran Loves-to-Learn Lots in Splunk Search 04-14-2020 0 2	0	2
Is base search will ignore events I'm using base search in my dashboard, In dashboard panels , one created using base search query and other one is us... by kirrusk Communicator in Splunk Search 04-14-2020 0 6	0	6
How do you create the below chart in Splunk? I am working on Sentiment Analysis for twitter logs. The client requirement is to produce the graph/chart as mentione... by aravindpadmin Explorer in Splunk Search 04-13-2020 0 6	0	6
View interesting fields - maximum When I click on an interesting field I have 100 values but it only displays the top 10. How can I view all values? by allenhau Engager in Splunk Search 04-13-2020 0 5	0	5
Speed Search Review Hello Everyone. I m new to splunk and I have one search which is taking a bit longer than others. Is there any sugge... by rafazurc New Member in Splunk Search 04-13-2020 0 10	0	10
How to list fields, values and also index and source names using fieldsummary Hi All, I need to look for specific fields in all my indexes. Using fieldsummary, I am able to get a listing of my sp... by chanmic New Member in Splunk Search 04-13-2020 0 4	0	4