Splunk Search

Community Activity

Help with regex for field extraction Hi, I have a field value as below. These are all fixed positions all across. /COMPANY LOCATIONS/PA/PHILADELPHIA/AB... by mbasharat Builder in Splunk Search 11-22-2019 0 4	0	4
Escape a period in transforms regex to drop log? I'm collecting DNS logs and I'm trying to drop all logs with sub.domain.com as the query. In my transforms.conf I ha... by reswob4 Builder in Splunk Search 11-22-2019 0 3	0	3
How to disable location clustering of results on a map generated by the geostats command in Splunk 6.1? I have a geostats map in version 6.1 and I want to force it to NOT use clustering. I want to see an indicator for eac... by jasongori Explorer in Splunk Search 11-22-2019 4 12	4	12
Splunk rex help: regex for windows and unix path Hi, I am a newbie to SPL. I am trying to write a regex that will extract the unix/windows path from the full_log fiel... by hbustam8063 New Member in Splunk Search 11-22-2019 0 5	0	5
How to create a timechart that makes same search run for a different date range in a single chart I have a search string that runs a SQL search and returns two columns (items and count) from DB. I run this search o... by nkumar6 Explorer in Splunk Search 11-22-2019 0 4	0	4
How to convert Day Mon Date HH:mm:ss UTC Year to YYYY-MM-DD HH:MM:SS:Q Hi, I have a Timestamp field as Fri Nov 22 03:37:15 UTC 2019 and I want to convert into YYYY-MM-DD HH:MM:SS:6Q form... by gravi Explorer in Splunk Search 11-22-2019 0 3	0	3
IT Audit in full network, servers ?? Need to perform the full audit of all the network and servers. by raja8220 New Member in Splunk Search 11-22-2019 0 2	0	2
How to make search efficient with spath and regex How can I make this search efficient? earliest=-1m source="/var/log/aws/opsworks/opsworks-agent.statistics.log" hos... by vjzone Path Finder in Splunk Search 11-22-2019 0 8	0	8
How to search for a specific field Here is the output of my log message: {"line":"2019-11-21T22:09:29.982Z LCS LCE [abc-75] INFO i.r.queue.poller.S... by balash1979 Path Finder in Splunk Search 11-22-2019 0 4	0	4
How to add up the number of IPs in a row and output the count into a field within the same table Good morning to all, I want to add up the IPs in each row under the Affected_IPs field and output the count into the... by majek81 New Member in Splunk Search 11-22-2019 0 8	0	8
How to search against multiple elements I'm trying to capture occurrences when multiple criteria are true in an event where elements can exist multiple times... by 47024 New Member in Splunk Search 11-22-2019 0 4	0	4
Inconsistent Count result Original Search sourcetype=xxx \| dedup user \| timechart span=1d count(user) I found that the results are different ... by kcchu01 Explorer in Splunk Search 11-22-2019 0 3	0	3
Help with rex for part of a file path Here is my path: C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log I would like to grab just the "sample.domain.c... by rileyken2 Path Finder in Splunk Search 11-22-2019 0 6	0	6
iplocation returning erronius results Hello, we are seeing some strange results when trying to map RAS connections to our organisation.. The search i am r... by lavster Path Finder in Splunk Search 11-22-2019 0 1	0	1
How to ingest .doc format file into splunk with correct format I am trying to ingest a doc format file into Splunk but getting it in 00\x00c\x00\x00\x00 format. Can someone help pl... by splunkitsipoc Explorer in Splunk Search 11-22-2019 0 1	0	1
include date in request - stats count Hello, I have a problem. This is my request, it works well. index=wineventlog EventID=4624 host=wipr625a OR h... by numeroinconnu12 Path Finder in Splunk Search 11-22-2019 0 3	0	3
Multi Field values into Single field value I need help in getting multiple field values into single field to compare it and get the match if any. For example, ... by kamaleshwar Explorer in Splunk Search 11-22-2019 0 5	0	5
SPLUNK BOOT The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command ... by dani9 Explorer in Splunk Search 11-21-2019 0 1	0	1
Bug? Custom drilldown cannot handle question mark Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio... by yuanliu SplunkTrust in Splunk Search 11-21-2019 0 2	0	2
How to extract words and digits from a particular field Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA... by majek81 New Member in Splunk Search 11-21-2019 0 3	0	3
How to get a numeric field extracted I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 The... by Regleston New Member in Splunk Search 11-21-2019 0 3	0	3
Splunk querying nested log I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? Me... by shwetamis Explorer in Splunk Search 11-21-2019 0 21	0	21
How to remove a duplicate from a lookup or only return one of the results? I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning... by bmkaiser Explorer in Splunk Search 11-21-2019 2 5	2	5
Unable to extract value and receiving error message What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" \| rex field=_... by shwetamis Explorer in Splunk Search 11-21-2019 0 3	0	3
extract valued of a field Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ... by mmengu416 New Member in Splunk Search 11-21-2019 0 2	0	2