Splunk Search

Community Activity

Timezone Query I have a Deploy server application that I use to control my "SYSLOG" server that receives logs from various other sou... by willadams Contributor in Splunk Search 04-01-2020 0 6	0	6
StartsWith breaks the transaction Hello everyone, I am trying to extract some data from the logs. I have created a little search that works well: cus... by gmasy New Member in Splunk Search 04-01-2020 0 10	0	10
Getting count of data by days Hi guys! I am looking to get the number of tickets that are completed in under 14 days, 30 days, 45 days and 45+ days... by tmanuel1 New Member in Splunk Search 04-01-2020 0 3	0	3
VPN count Hi - We want to get users connected in 1 hour. When a user connects we get event_id="globalprotectgateway-auth-succ" ... by dmenon Explorer in Splunk Search 04-01-2020 0 2	0	2
How to group by date range from JSON Values? I'm newer of splunk. On my log I've a JSON with two fields of interested: "initialCreationDate":"2020-03-02T00:00:00"... by augustocadini New Member in Splunk Search 04-01-2020 0 1	0	1
How can i correlate 2 fields with different sourcetype in one table? I have 2 searches for systems & folders. Both searches return a table. The fields systemID & folderID have the same v... by i17065 Engager in Splunk Search 04-01-2020 0 8	0	8
What is role of transforms.conf vs. props.conf for field extraction? What is the role of props.conf vs. transforms.conf in field extraction? How do they relate to each other in order to ... by Justin_Grant Contributor in Splunk Search 04-01-2020 4 4	4	4
Regex for digits before .zip Hi, How do I write a regex to capture whenever I see any combination of 10 digits followed by .zip within a _raw eve... by jacqu3sy Path Finder in Splunk Search 04-01-2020 0 9	0	9
How to create a bucket of number of events instead of time? Hello!  I'm tryng to get statistics of groups of 200 events. For instance, I have the following stats: \|stats su... by msyparker Explorer in Splunk Search 04-01-2020 0 1	0	1
How to achieve request PerSecond using metrics I have a query like this: \| mstats rate(request_total) as request_rate prestats=true WHERE index="index-metrics" AN... by prasadmissesu New Member in Splunk Search 04-01-2020 0 1	0	1
Time Conversion Issue with now(), 0, last 24 hours, since, etc. Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code ... by genesiusj Builder in Splunk Search 04-01-2020 0 9	0	9
Regex help I am at a loss as to why the following is not working. log: 2020-03-31 20:31:19,621 fail2ban.actions [709]... by vlape_SCWX New Member in Splunk Search 04-01-2020 0 6	0	6
Need help joining multisearch results Need help with bringing together results in a multisearch. Need to match department data from AD to an email address ... by joeybroesky Path Finder in Splunk Search 04-01-2020 0 22	0	22
Need help to write a query using Streamstats. Hi Team, i have onboarded the Linux CPU logs using Splunk add on for linux. the requirement is , we need send an al... by sridharlakshman New Member in Splunk Search 04-01-2020 0 3	0	3
problem with rounding bytes to gb HelloI have use this command to convert from bytes to GB:\| eval b = b /1024/1024/1024and this is an example value as ... by net1993 Path Finder in Splunk Search 04-01-2020 0 4	0	4
RegEx How to find two strings from splunk log I have below log: Service ABCD(blabla_blabla): 365.45.1.87.3.60354 -> remote.234.5 Failure Service DERF(blabla_blabl... by dabroma5 Explorer in Splunk Search 04-01-2020 0 4	0	4
If column is missing then eval if a field is missing in output, what is the query to eval another field to create this missing field. below query ca... by jiaqya Builder in Splunk Search 04-01-2020 0 5	0	5
Sourcetype count per host Hello, I would like to Check for each host, its sourcetype and count by Sourcetype.I tried host=* \| stats count by ho... by warmup031 Explorer in Splunk Search 04-01-2020 0 6	0	6
Distinct count returns less results than expected Hello Im running this query: index="prod" \| rex field=source "(?<crate>.*?)/" \| stats dc(crate)H But the number o... by sarit_s Communicator in Splunk Search 04-01-2020 0 1	0	1
CEF Field Parsing I am not seeing extracted field against below query. index=fireeye \| eval {flexString2Label} = flexString2 below are ... by riqbal47010 Path Finder in Splunk Search 04-01-2020 0 1	0	1
How to count the number of issues (from Jira) that were created, only once? I have data from Jira in Splunk, and issues (stories in particular) are counted multiple times because of modificatio... by YuliyaVassilyev Explorer in Splunk Search 04-01-2020 0 3	0	3
Cumulative hourly Average Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative... by Rukmani_Splunk Path Finder in Splunk Search 04-01-2020 0 0	0	0
Query help lookup Hi, I am using below query to get a match by SUBNET from B.csv and get the IP filed. And show all fields from A.cs... by surekhasplunk Communicator in Splunk Search 04-01-2020 0 2	0	2
Dynamic dashboard event handling Hello I am new to Splunk. Would be great if you can help me with this. Once I open the dash board , it has couple of ... by 812456 New Member in Splunk Search 03-31-2020 0 0	0	0
Move _time to the last column in the attached mail How I can move _time column to be the last on the an attached csv file in the email send by scheduled report the que... by rayar Contributor in Splunk Search 03-31-2020 0 1	0	1