Splunk Search

Community Activity

Regex for digits before .zip Hi, How do I write a regex to capture whenever I see any combination of 10 digits followed by .zip within a _raw eve... by jacqu3sy Path Finder in Splunk Search 04-01-2020 0 9	0	9
How to create a bucket of number of events instead of time? Hello!  I'm tryng to get statistics of groups of 200 events. For instance, I have the following stats: \|stats su... by msyparker Explorer in Splunk Search 04-01-2020 0 1	0	1
How to achieve request PerSecond using metrics I have a query like this: \| mstats rate(request_total) as request_rate prestats=true WHERE index="index-metrics" AN... by prasadmissesu New Member in Splunk Search 04-01-2020 0 1	0	1
Time Conversion Issue with now(), 0, last 24 hours, since, etc. Hello, I'm having a time conversion issue with any earliest or latest time that is not in epoch. Here is my XML code ... by genesiusj Builder in Splunk Search 04-01-2020 0 9	0	9
Regex help I am at a loss as to why the following is not working. log: 2020-03-31 20:31:19,621 fail2ban.actions [709]... by vlape_SCWX New Member in Splunk Search 04-01-2020 0 6	0	6
Need help joining multisearch results Need help with bringing together results in a multisearch. Need to match department data from AD to an email address ... by joeybroesky Path Finder in Splunk Search 04-01-2020 0 22	0	22
Need help to write a query using Streamstats. Hi Team, i have onboarded the Linux CPU logs using Splunk add on for linux. the requirement is , we need send an al... by sridharlakshman New Member in Splunk Search 04-01-2020 0 3	0	3
problem with rounding bytes to gb HelloI have use this command to convert from bytes to GB:\| eval b = b /1024/1024/1024and this is an example value as ... by net1993 Path Finder in Splunk Search 04-01-2020 0 4	0	4
RegEx How to find two strings from splunk log I have below log: Service ABCD(blabla_blabla): 365.45.1.87.3.60354 -> remote.234.5 Failure Service DERF(blabla_blabl... by dabroma5 Explorer in Splunk Search 04-01-2020 0 4	0	4
If column is missing then eval if a field is missing in output, what is the query to eval another field to create this missing field. below query ca... by jiaqya Builder in Splunk Search 04-01-2020 0 5	0	5
Sourcetype count per host Hello, I would like to Check for each host, its sourcetype and count by Sourcetype.I tried host=* \| stats count by ho... by warmup031 Explorer in Splunk Search 04-01-2020 0 6	0	6
Distinct count returns less results than expected Hello Im running this query: index="prod" \| rex field=source "(?<crate>.*?)/" \| stats dc(crate)H But the number o... by sarit_s Communicator in Splunk Search 04-01-2020 0 1	0	1
CEF Field Parsing I am not seeing extracted field against below query. index=fireeye \| eval {flexString2Label} = flexString2 below are ... by riqbal47010 Path Finder in Splunk Search 04-01-2020 0 1	0	1
How to count the number of issues (from Jira) that were created, only once? I have data from Jira in Splunk, and issues (stories in particular) are counted multiple times because of modificatio... by YuliyaVassilyev Explorer in Splunk Search 04-01-2020 0 3	0	3
Cumulative hourly Average Hi All, I have counts of some offers for every hour eg 9-10 30 and then 10-11 - it is 40 it should be cumulative... by Rukmani_Splunk Path Finder in Splunk Search 04-01-2020 0 0	0	0
Query help lookup Hi, I am using below query to get a match by SUBNET from B.csv and get the IP filed. And show all fields from A.cs... by surekhasplunk Communicator in Splunk Search 04-01-2020 0 2	0	2
Dynamic dashboard event handling Hello I am new to Splunk. Would be great if you can help me with this. Once I open the dash board , it has couple of ... by 812456 New Member in Splunk Search 03-31-2020 0 0	0	0
Move _time to the last column in the attached mail How I can move _time column to be the last on the an attached csv file in the email send by scheduled report the que... by rayar Contributor in Splunk Search 03-31-2020 0 1	0	1
Transaction starts with ends with Hi does anyone know is there is a way for transaction starts with ends with take the middle result Example, i have tr... by chookp Explorer in Splunk Search 03-31-2020 1 11	1	11
Join 2 fields with the same value in the same search. Hi. I need help to be able to unify 2 fields that have the same value, however, in separate searches. Here is an exam... by LeandroKopke Explorer in Splunk Search 03-31-2020 0 6	0	6
Raw data only parsing the first instance Hello All, I have a data like this X1=[A(status=X, reason=Y), A(status=Z, reason=Y), A(status=xyz, reason=abc)] No... by praddasg Path Finder in Splunk Search 03-31-2020 0 9	0	9
Fetch the data from the fields which has 2 words in the field name using regular expression? I have an event as below: Mar 30 16:59:08 vg1 : %ASA-4-113019: Group = EMPLOYEE, Username = roys86, IP = ...**, Sess... by khojas02 Engager in Splunk Search 03-31-2020 0 3	0	3
is it possible to know which is the index that has less use? good afternoon I would like to know which is the index that has had less access at the data query level. regards by efaundez Path Finder in Splunk Search 03-31-2020 0 2	0	2
How to remove tags in a string? Hello, I have a string field like: View How can I remove tag and to only display View in the search? Thanks, by vnguyen46 Contributor in Splunk Search 03-31-2020 0 9	0	9
Symantec TA field Extractions not working Hello All, I am troubleshooting an issue with the Symantec TA. Fields are not being extracted correctly and I am stum... by rwardwell Explorer in Splunk Search 03-31-2020 2 1	2	1