Splunk Search

Community Activity

Can someone help me with the regex for a field extraction? Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_level ... by Jarohnimo Builder in Splunk Search 04-07-2020 0 1	0	1
Invalid value "$week$" for time term 'earliest' ? I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, ... by pgadhari Builder in Splunk Search 04-07-2020 0 4	0	4
Unable to join two search with common field, however sub-search works HI All, Please help me to debug the issue to join two searches based on common field. I have two indexes which has ... by jagdeepgupta813 Explorer in Splunk Search 04-07-2020 0 3	0	3
rex vs. extraction field Hello! Which method is faster? It seemed to me that the rex method is very slow for a large number of events. by ryastrebov Communicator in Splunk Search 04-07-2020 1 7	1	7
Passing comparison operators in a variable Is there a way to dynamically pass a comparison operator as a variable without a macro? I am looking to achieve some... by ohbuckeyeio Communicator in Splunk Search 04-07-2020 0 4	0	4
Need help of rex? Dear Friends, Need you're help on writing a rex. As per my requirement. what ever value comes before a space need t... by Shan Builder in Splunk Search 04-07-2020 0 4	0	4
Reading same field from multiple log files I have 2 log files from different sources. Both log files have statements either indicating a "Transaction-Start" or... by hegdevageesh New Member in Splunk Search 04-07-2020 0 3	0	3
RegEx help Hi All, need help in getting a regex code for the below message. 2020-04-04T15:08:01+00:00 usdaldc <44> %WAAS-HTTPAO... by jerinvarghese Communicator in Splunk Search 04-07-2020 0 3	0	3
calculate difference between 2 dates and times with strftime I have the below search: index=cd source=jenkins pr_number=* \| stats count as Total , earliest(_time) as start, lat... by Sfry1981 Communicator in Splunk Search 04-07-2020 0 2	0	2
Subsearch produced 50000 results, truncating to 50000 - Need help! Hi, I am dealing with a situation here. Trying to join 2 queries to find out the peak hour volume in last 90 days on ... by Shashank_87 Explorer in Splunk Search 04-07-2020 0 9	0	9
Calculate total continuous duration when value is equal or above static threshold with resetting calculation when it goes below I have a log that contains numerical value which is logged irregularly: I would like to calculate (and show on time... by pawelzak New Member in Splunk Search 04-07-2020 0 4	0	4
How to get a percentage calculation ? I am writing a query which is going to a scheduled report. I have 3 servers/hosts (serv1, serv2, serv3) whose average... by zacksoft Contributor in Splunk Search 04-07-2020 0 1	0	1
average for a field value per n number of events How would i find the average value of a certain field per a certain amount of events Example: i have 1000 events and... by zubairaizatron Explorer in Splunk Search 04-07-2020 0 5	0	5
インデックス別データ取り込み量確認方法 Splunk7.3.3を利用しています。複数のインデックスを持っています。インデックス毎の1日あたりのデータ取込み量を確認する方法をご教授いただきたいです。 by nw0605 New Member in Splunk Search 04-07-2020 0 1	0	1
How to rex field to a field I have a rex as such: \| rex field=host "(?<sydney>10-92-3[2-4])" \| rex field=host "(?<melbourne>10-92-11[0-2])" wh... by racans New Member in Splunk Search 04-06-2020 0 1	0	1
how to loop through json array based on expression and create counter i'm hardcoding some data like names, where i will pass in a token in the future, to create a simple example of what i... by gpSplunk123 Engager in Splunk Search 04-06-2020 0 4	0	4
timechart limit: pick top 10 series with the highest peaks (of all time), not total sums I'm looking to investigate IP addresses with highest peak loads on our service. Here's my current query: application... by amomchilov Explorer in Splunk Search 04-06-2020 0 4	0	4
How can I change the field values to another value ? Hello Guys! I need to change the values that are present in the field "Item Codigo" . For example: 040500603S007C... by dbrancaglion Explorer in Splunk Search 04-06-2020 0 1	0	1
New index does not show I have created a second index called "nagios" exclusivly to collect data from my nagios install. Nagios has populated... by Mr_Robaloba Explorer in Splunk Search 04-06-2020 3 6	3	6
Timechart and Order of Operations I am struggling with the order of operations in my timechart query. I need to show the number of Users who accessed a... by mistydennis Communicator in Splunk Search 04-06-2020 0 3	0	3
can some one help me with SPL index= xxxxxx sourcetype=xxxxxx \| eval import_time=strftime(_time, "%Y-%m-%d:%H") \| eval import_timeday=strftime(_tim... by vikram1583 Explorer in Splunk Search 04-06-2020 0 1	0	1
I want to create an app which should show all the other apps in splunk ? Hello, I want to create an app which should show all the app as home page for admins. I have like 15 apps which shou... by arunsoni Explorer in Splunk Search 04-06-2020 0 2	0	2
Timechart peaks - replace sum with max Hi all, I'm looking to create a timechart from a very large dataset. I just want to count the occurrence of a custom... by rowancoleman Explorer in Splunk Search 04-06-2020 1 6	1	6
How to display the exact date from time modifiers? I would like to know how to display the exact date of the time modifiers which are specified in the earliest and late... by akarivaratharaj Communicator in Splunk Search 04-06-2020 0 4	0	4
Slow child dataset Hello, Currently, we are using multiple datamodels for same data (post filters are different). Now we are trying to... by AKG1_old1 Builder in Splunk Search 04-06-2020 0 0	0	0