Splunk Search

Community Activity

How to capture the hits per day on LiveSite/OT servers?? Hey All, Back again with another interesting question. How do we get the number of hits per day for linux/livesite... by mike000 New Member in Splunk Search 04-08-2020 0 9	0	9
Accelerated data model returning partial results when using summariesonly=true Hello everybody, I see a strange behaviour with data model acceleration. I have a data model accelerated over 3 mont... by mas Path Finder in Splunk Search 04-08-2020 0 1	0	1
Splunk cannot index and search Charset UTF-8 without BOM I have files encoded with UTF-8 without BOM(found out in notepad++), but splunk cannot index or search the events of ... by kambiu New Member in Splunk Search 04-08-2020 0 3	0	3
Compare two searches Hi guys, I am having some issues extraction a comparaison between two different search, Let's assume the following... by habrhi Explorer in Splunk Search 04-08-2020 0 2	0	2
How to visualize more than 100 rows in a table in the dashboard? Hi, I'm using the following option for a table in a dashboard: <option name="count">xx</option> and it successful... by jojocalman Engager in Splunk Search 04-08-2020 1 7	1	7
Lookup match_type WILDCARD not working Greetings experts, I have an alert configured to output the search results to a lookup file. And I need to be able t... by atownson Explorer in Splunk Search 04-08-2020 0 0	0	0
Splunk Query for user accessing assets Hi All, I need to create a query where user access a same destination from 5 or more sources, also in that query opp... by sarwshai Communicator in Splunk Search 04-08-2020 0 5	0	5
regex question I am trying to get exactly 10 digits which might be between white spaces or symbols etc: 1234567890 ,234567890 , 12... by nathanluke86 Communicator in Splunk Search 04-08-2020 0 6	0	6
Need to understand Regular Expression Team, Can anyone please help me to understand the below regular expression used in field extraction? (?i)CPU_COUNT\... by abilann New Member in Splunk Search 04-08-2020 0 6	0	6
sort descending avg time field in results i have a field "avg_time" which i want to display in descending order. tried sort -avg_time but didn't worked eval n... by MOHITJOSHI Engager in Splunk Search 04-07-2020 0 1	0	1
How to arrange the common values of different fields in the same row and uncommon values after the common values Hello, I have a data from two different sourcetypes. In that data, I have two specific columns where in I have to ch... by mnarmada Path Finder in Splunk Search 04-07-2020 0 6	0	6
How to deal with repeating fields in a single event We noticed that Microsoft OWA logs produce a repeating field. How can we make them into individual ones instead of ju... by uhaba Explorer in Splunk Search 04-07-2020 0 3	0	3
Hi, I have a scenario to filter the logs events before they get index using HTTP events collector. I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA lo... by rashi83 Path Finder in Splunk Search 04-07-2020 0 1	0	1
KV_MODE=xml not working but xmlkv is I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I... by willcwhite Explorer in Splunk Search 04-07-2020 0 1	0	1
Extract data from a txt file Hello everyone, I have the attached file that is generated every night through my client's internal system and I nee... by leandromatperei Path Finder in Splunk Search 04-07-2020 0 6	0	6
Subsearch return multiple fields Hi and thank you in advance. I've simplified the problem for brevity sake. I'm trying to return multiple fields by ... by antb Path Finder in Splunk Search 04-07-2020 0 2	0	2
use the heat map option and highlight the max and min per each column. hi there THis is my sample data. I want to use the heat map option and highlight the max and min per each column. S... by HattrickNZ Motivator in Splunk Search 04-07-2020 0 1	0	1
Math function on stats count I would like to do some math operation of retrieved count of each values. Eg: 3185.5 + 4182.5 + 545 + 832 and g... by anz999 Loves-to-Learn Lots in Splunk Search 04-07-2020 0 3	0	3
Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+. I have this splunk search: host=app-dev-001 terminating \| convert timeformat="%Y-%m-%d" ctime(_time) AS date \| sort ... by iiooiiooiioo Explorer in Splunk Search 04-07-2020 0 1	0	1
Can someone help me with the regex for a field extraction? Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_level ... by Jarohnimo Builder in Splunk Search 04-07-2020 0 1	0	1
Invalid value "$week$" for time term 'earliest' ? I am getting below error when the page first loads, after that when I manually select "Last 1 week" in the dropdown, ... by pgadhari Builder in Splunk Search 04-07-2020 0 4	0	4
Unable to join two search with common field, however sub-search works HI All, Please help me to debug the issue to join two searches based on common field. I have two indexes which has ... by jagdeepgupta813 Explorer in Splunk Search 04-07-2020 0 3	0	3
rex vs. extraction field Hello! Which method is faster? It seemed to me that the rex method is very slow for a large number of events. by ryastrebov Communicator in Splunk Search 04-07-2020 1 7	1	7
Passing comparison operators in a variable Is there a way to dynamically pass a comparison operator as a variable without a macro? I am looking to achieve some... by ohbuckeyeio Communicator in Splunk Search 04-07-2020 0 4	0	4
Need help of rex? Dear Friends, Need you're help on writing a rex. As per my requirement. what ever value comes before a space need t... by Shan Builder in Splunk Search 04-07-2020 0 4	0	4