Splunk Search

Community Activity

Is it possible to have multiple break_only_before regex for one sourcetype I'm currently working through each of my companies Java apps and updating their sourcetypes using transforms and rege... by freern New Member in Splunk Search 02-10-2020 0 3	0	3
How to trim everything from a field after a comma I have a field that contains: CN=Joe Smith,OU=Support,OU=Users,OU=CCA,OU=DTC,OU=ENT,DC=ent,DC=abc,DC=store,DC=corp ... by sawyer2624 Engager in Splunk Search 02-10-2020 0 4	0	4
how to extract a string before the @ symbol from an email adress? I have the username filed extraction as follows in the props.conf which extracts the email address:- [sourcetype_X]... by pavanae Builder in Splunk Search 02-10-2020 0 2	0	2
Field extraction stanza help in props.conf? I have the username filed extraction as follows in the props.conf which extracts the username:- [sourcetype_X] EXTRA... by pavanae Builder in Splunk Search 02-10-2020 0 3	0	3
Can you please help me in creating a table with multiple rows of the same field using stats or some other code? I need to display multiple rows having the same PART_NUMBER value for each FLIT_COMPONENTS and AMOUNT sourcetype=fli... by dinu1701 Explorer in Splunk Search 02-10-2020 0 9	0	9
How to count top results in each column? Hi everyone, Trying to find out the top 10 values from different host long_message index functionality.. So tried l... by marisstella Explorer in Splunk Search 02-10-2020 0 5	0	5
change colon to dash in Search First, let me start by saying I am not a programmer, a Splunk expert, highly experienced with Regex or SED. I say thi... by bulu New Member in Splunk Search 02-10-2020 0 5	0	5
What's the best easter egg in Splunk 4.2? I think the title says it all. by amrit Splunk Employee in Splunk Search 02-10-2020 6 6	6	6
Removing values from a field how to remove values from fields highlighted in red index=main \| eval description=case(status == 200, "OK", status ... by gagareg Explorer in Splunk Search 02-10-2020 0 4	0	4
Outer Join not working I have data in a CSV called 25_million_Linie_Rule.csv (example below) host,source,count "INTERFACES_BUILD","/hp547s... by robertlynch2020 Influencer in Splunk Search 02-10-2020 0 5	0	5
Different element between two stats values() lists search made before ...\| stats values(user) as AllUsers, values(usr_mod) as ModifiedUsers And it returns two lists ... by rsaude Path Finder in Splunk Search 02-10-2020 0 17	0	17
How do I show full series name while mouse over on the legend? Hello, I have a line chart with multiple series in my dashboard. The series names are quite long, so they cut in the... by damucka Builder in Splunk Search 02-10-2020 0 0	0	0
Subtract One Field from Another Hi guys, I'm having trouble making a simple subtraction (well, I thought it would be simple!). Field1 is a number in... by driva Path Finder in Splunk Search 02-09-2020 0 2	0	2
What's the easiest way to return a multivalue result containing the values that are present in two multivalues? Hello, Working with Splunk 7.3.2. I have two multivalues that have a set of values in common: \| makeresults \| eval... by andrewtrobec Motivator in Splunk Search 02-09-2020 0 2	0	2
BREAK_ONLY_BEFORE_DATE=TRUE seems to not be working A custom web application produces logs in the tomcat format like this: 2020-01-31 18:19:02,091 DEBUG [com.vendor.mak... by mitag Contributor in Splunk Search 02-09-2020 0 7	0	7
Arithmetic on multi field values I am new to Splunk, and I need to perform arithmetic on some multi-field values. What is the best way to do this? H... by rtakatsuka Engager in Splunk Search 02-08-2020 0 1	0	1
How to sum the percentage of this two value in the table and rename it as X and show it in the table next to other values?! As you can see in the picture there is 2 value (ChargeInProgress & Charging) which I know they are same (but whit the... by aryamehr360 New Member in Splunk Search 02-08-2020 0 10	0	10
How to extract data I want to know how to take data from multiple data sources by ID. The following is an example of a data source. A Dat... by 1014502 New Member in Splunk Search 02-07-2020 0 4	0	4
can't use a field with special characters in search --> _@timestamp I have a field named '_@timestamp' in my data. When i search for this field, the result doesn't show up. May be becau... by pavan_injarapu Explorer in Splunk Search 02-07-2020 0 6	0	6
plot rate of change This seems like such an elementary use of splunk, I can't believe I've spent days researching this to no avail. I've... by jgc94131 Explorer in Splunk Search 02-07-2020 1 7	1	7
Search fieldsummary values for search keyword Hello, I have query below and want to search by filterstring from fieldsummary values and return all values which mat... by msrama5 Explorer in Splunk Search 02-07-2020 0 1	0	1
Logs aren't coming in, forward servers are listed as inactive I have very little experience with splunk, and am on a time crunch, so a bit of patience for my ignorance would be aw... by happycaptain Loves-to-Learn in Splunk Search 02-07-2020 0 2	0	2
How to find events that are not splitting correctly I'm trying to determine which of my companies application logs aren't being split correctly but I'm having a hard tim... by freern New Member in Splunk Search 02-07-2020 0 6	0	6
Scheduled Searches delayed by one hour Hi, I have lately seen an issue that some scheduled alerts that contain attachments seem to get emailed to me one ho... by omuelle1 Communicator in Splunk Search 02-07-2020 0 7	0	7
how to use the rex command to extract data when we have space Hi have a scenario, where I would like to extract the field OfferCode which has space after and before the code: Off... by s0m073r Engager in Splunk Search 02-07-2020 0 16	0	16