Splunk Search

Community Activity

Event breaking help with props.conf I have a sourcetype that I'm working with and trying to break up the events by any line that says "Job start time: yy... by joesrepsolc Communicator in Splunk Search 11-27-2019 0 5	0	5
Any way to break this row into two columns? I am setting up a dashboard that monitors count of events on a daily basis and a previous 30 day average by customer.... by bhavlik Path Finder in Splunk Search 11-27-2019 0 5	0	5
iam receiving a message unbalanced quotes , i tried using back slash \| eval e="$time_token.earliest$", l=$time_token.latest$"\| eval e=case(match(e,"^\d+$"),e,e="" OR e="now" , "0" , true... by pavanraghav Explorer in Splunk Search 11-27-2019 0 4	0	4
Creating a custom SourceType with multiple delimiters (35 fields) Hi all, I've searched around a bit and I can't seem to find the answer after failing to figure it out myself. The d... by whitehaven Explorer in Splunk Search 11-27-2019 0 7	0	7
query running using KV store is taking logn time Hi , I have a scenario where i am using KV store to get the events generated. But my query is taking 5hr to run whi... by vikashperiwal Path Finder in Splunk Search 11-27-2019 0 4	0	4
Why is my search using "mcollect" command causing the following error: "Error in 'mcollect' command: Must specify a valid metric index"? In my query before, I was using the outputcsv search command, and then I had a monitoring input stanza to upload it t... by ben_leung Builder in Splunk Search 11-27-2019 0 7	0	7
Is it Possible to create the Scatter_Line Chart in Splunk? We have the Actual Generation Data from the Machine and also having the Set Points of the Particular Parameter. we n... by vengat4043 Path Finder in Splunk Search 11-27-2019 0 4	0	4
Splunk platform release notes I was going through the Release note which was updated into Splunk Docs recently. https://docs.splunk.com/Documentati... by akarivaratharaj Communicator in Splunk Search 11-27-2019 0 1	0	1
how to extract all values separately suing rex command hi, i have a string like: AAA TEST BBB 1000 CCC DDD EEE FFF GG 11111 i need to extract all the values separa... by Puvi New Member in Splunk Search 11-27-2019 0 1	0	1
Problem to indexer a multivalue field too longer Hi everybody Trying to index a multivalue field with more than 6000 characters approx. With the same sourcetype we ha... by adolfus1982 New Member in Splunk Search 11-26-2019 0 2	0	2
crud in lookup Hi all, I am trying to do crud of a lookup. I ahve been following this link:- https://www.hurricanelabs.com/splunk-t... by test4u Path Finder in Splunk Search 11-26-2019 0 5	0	5
Why is multiline regex blacklisting all events for specifically 4656 only? Hi All, I cant seem to get this right. I am trying to use regex to blacklist 4656 events where: The account name en... by geraldcontreras Path Finder in Splunk Search 11-26-2019 0 2	0	2
Regex by ID removing duplicates Hello everyone. I have a code below where each event is determined by the line break. I am wanting to take the value... by leandromatperei Path Finder in Splunk Search 11-26-2019 0 3	0	3
How to search syntax to exclude dhost or URL New to Splunk here. Trying to run a search for user BLAHBLAH that does NOT contain dhost of api.drift.com Would someo... by trojan_81 Path Finder in Splunk Search 11-26-2019 0 1	0	1
How to adjust search to include names that are also hyphenated We ingest patient records into Splunk and some compliance users need to search to see if an employee accessed records... by dougsummersett New Member in Splunk Search 11-26-2019 0 5	0	5
How to find a follow-up event after certain interval Say, when a user connects his VPN, it will do policy checking (event--> policy_checking) and within 5 minutes will be... by cyber_castle Path Finder in Splunk Search 11-26-2019 1 8	1	8
Searching in multiple indexes I am trying to create a search to do the following: 1) Look in a table where information is tagged in a certain way ... by willadams Contributor in Splunk Search 11-26-2019 1 2	1	2
How to combine duplicate Latitude and longitude values in the stats tale of a cluster map I just want to clean up my search of 'noise'as my stats table gets populated by duplicate values from the save latitu... by schalkrust Engager in Splunk Search 11-26-2019 0 2	0	2
Generate percentage and filter based on it from events with count in them (so I cannot use "top")? Hi Experts, I need to create a alert , if HTTPCode_Target_5XX_Count is greater than 5% of Total count then i need t... by arun_kant_sharm Path Finder in Splunk Search 11-26-2019 0 4	0	4
[tpl10082inf63] Field 'total' does not exist in data Hi, I am using below query. I am getting data but in chart i am getting warning '[tpl10082inf63] Field 'total' does... by sachinbansal New Member in Splunk Search 11-26-2019 0 2	0	2
How come a specific macro ends up in generic searches and breaks some of them? We use the TA-Varonis-DatAlert and it creates the varonis_index macro defined as index=*, which is global. When runn... by danielbb Motivator in Splunk Search 11-26-2019 0 5	0	5
Reporting on VM capacity over time Date, VM1, VM2, VM3, VM4 5/1/2019 100, 100, n/a, 450 6/1/2019 100, 140, n/a, 450 7/1/2019 105, 200... by clintla Contributor in Splunk Search 11-26-2019 0 3	0	3
Can I fill a null value with another field's value in the event? I have seen two other related questions but neither of the answers have worked for me. Data: Events with a control... by donk23 New Member in Splunk Search 11-26-2019 0 3	0	3
Count of distinct values for emails I have events coming in from an email spam appliance and would like to have an alert on spam campaigns with a unique ... by hattrells Engager in Splunk Search 11-26-2019 0 3	0	3
Why is this regex pattern breaking after adding a few more characters to expression I have the following sample text that's embedded inside a log: (Response=200) {"log":{"properties":"rob"}} I am ... by hinhrt Explorer in Splunk Search 11-26-2019 0 9	0	9