Splunk Search

Community Activity

Help with rex to search logs for deleting user context I know I am missing something simple here, but I cannot seem to figure this out. I am trying to search my logs for t... by gtidd Explorer in Splunk Search 12-11-2019 0 5	0	5
field extraction between brackets I have log file like this: A[1020/09/09] B[1013/09/09] C[05-07-00000000-000-A-B-C] want to extract field of A, B, ... by indeed_2000 Motivator in Splunk Search 12-11-2019 0 5	0	5
eval / rex a field and change its output hello all, I have a lookup with two fields sourcetype and interval ( like below) ..some of the intervals are in seco... by spluzer Communicator in Splunk Search 12-11-2019 0 4	0	4
What are THE most important SPL commands? I get asked some form of this question often and I know what my answer is but I am curious about others. What is you... by woodcock Esteemed Legend in Splunk Search 12-11-2019 1 8	1	8
Filtering WinHostMon with transforms/props so it doesn't index the status of a particular service. Hello, I am trying to use transforms/props to filter a service from being indexed This is what I have: /etc/system... by jospina2 Explorer in Splunk Search 12-11-2019 1 2	1	2
How to download existing lookup file? and how to add new row and modify existing lookup file table? How to download existing lookup file? and how to add new row and modify existing lookup file table? by pacifikn Communicator in Splunk Search 12-11-2019 1 2	1	2
Why is search not returning result when using map? Hello, My following search results records for Account: index="X" AND (sourcetype="A:Proxy" OR sourcetype="A:orderpu... by sheikhazad New Member in Splunk Search 12-11-2019 0 13	0	13
Add additional events to transaction by field Hi, I need to group events where the first event begins with "Receive message" and grouped by thread id. But then nee... by idzjuba Engager in Splunk Search 12-11-2019 0 4	0	4
How to dynamically remove a field from search & how to dynamically use threshold from lookup file and change color based on it? Hi All, Hope you all are doing good. I am stuck with 2 questions may be due to my Splunk query knowledge, hope you ... by niks987 Explorer in Splunk Search 12-11-2019 0 0	0	0
How to find license usage based on the all the indexes When I run the below search I can see 94 indexes available. \| eventcount summarize=false index=* index=_*\| dedup ind... by whitewolf332512 New Member in Splunk Search 12-10-2019 0 3	0	3
Field extraction /data/scripts/esx/output_crc/dc1-ch1-esxi05.dca.com-vmnic0-20191211-10:40:40.txt I need to extract the field "dc1-ch... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 1	0	1
field extraction /data/scripts/esx/outfile/dc1-ch1-esxi05.dca.com-vmnic0.txt I need to extract the dc1-ch1-esxi05.dca.com-vmnic0 fro... by Nadhiya_Dubai Explorer in Splunk Search 12-10-2019 0 3	0	3
How to change bar chart color and the legend label How do I change a bar chart color base on the syslog severity level. Example: Informational to blue color, warning to... by matoulas Path Finder in Splunk Search 12-10-2019 0 4	0	4
How to rename timechart legend static names with variable names Hello, I have a timechart search (search code snippet below), everything works great. The chart shows up and the le... by wti Engager in Splunk Search 12-10-2019 0 1	0	1
Field Extraction And Evaluation From the screenshot, i would like to achieve the below; LCU04 = 500 x 00000 LCU03 = 500 x 01985 LCU02 = 500 x 01985 ... by rhugo Observer in Splunk Search 12-10-2019 0 3	0	3
Track growth on new items within a time range using a timechart I've tried various attempts at this with no joy. I'm simply trying to create a chart where I can specify w/ the time ... by clintla Contributor in Splunk Search 12-10-2019 0 8	0	8
How to show all the field values (including duplicates) in table Hi I have Splunk messages that gives the information on course and student enrolled. My sample message as follows ... by gravi Explorer in Splunk Search 12-10-2019 0 2	0	2
Lookups missing and receiving error message Getting the following error on many of my previously working searches, any ideas on how to fix it? 3 errors occurre... by bullbo Engager in Splunk Search 12-10-2019 0 1	0	1
Number of fields occurrence in json data I have below data ` { [-] context: { [+] } level: INFO logger: x.x.x.xxx.service.xxxService msg: Fi... by govindparashar1 New Member in Splunk Search 12-10-2019 0 2	0	2
Help with regular expression extract and match I have log file like this: 11:00:00 jon nginx: A[1234]B[56789] [0.1222] 11:00:00 dan service cloud: C[0078]D[12] F[... by indeed_2000 Motivator in Splunk Search 12-10-2019 0 10	0	10
Time difference during mid night is showing as more than a day Hi, I have two datetime stamps, both in same format ( %m-%d-%Y %H:%M:%S %p UTC ) and i am trying to get the differ... by gravi Explorer in Splunk Search 12-10-2019 0 8	0	8
Interesting fields count and percentage incorrect I have encountered a strange issue when clicking on an "interesting field" in the left side bar under the events tab,... by benwebsternucle Engager in Splunk Search 12-10-2019 1 1	1	1
How can I pass a list of parameters to a custom Generating command to iterate over and generate events? I have written my own custom generating command in Splunk which connects to our API and fetches threat details of a d... by umairahmad3985 Path Finder in Splunk Search 12-10-2019 0 0	0	0
Problem with Geospatial lookup and geom command Hi All, Posting this question, as I am new to Geospatial lookup and trying to configure it as per Michael Porath's b... by badrinath_itrs Communicator in Splunk Search 12-10-2019 1 2	1	2
Clarification about appendcols needed Hello, My alert looks as follows: \|inputcsv anomalies_ls5923.txt \| where like(ANOMALY_ID, "iA%")\| tail 1 \|rename co... by damucka Builder in Splunk Search 12-10-2019 0 1	0	1