Splunk Search

Community Activity

Help with rex for part of a file path Here is my path: C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log I would like to grab just the "sample.domain.c... by rileyken2 Path Finder in Splunk Search 11-22-2019 0 6	0	6
iplocation returning erronius results Hello, we are seeing some strange results when trying to map RAS connections to our organisation.. The search i am r... by lavster Path Finder in Splunk Search 11-22-2019 0 1	0	1
How to ingest .doc format file into splunk with correct format I am trying to ingest a doc format file into Splunk but getting it in 00\x00c\x00\x00\x00 format. Can someone help pl... by splunkitsipoc Explorer in Splunk Search 11-22-2019 0 1	0	1
include date in request - stats count Hello, I have a problem. This is my request, it works well. index=wineventlog EventID=4624 host=wipr625a OR h... by numeroinconnu12 Path Finder in Splunk Search 11-22-2019 0 3	0	3
Multi Field values into Single field value I need help in getting multiple field values into single field to compare it and get the match if any. For example, ... by kamaleshwar Explorer in Splunk Search 11-22-2019 0 5	0	5
SPLUNK BOOT The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command ... by dani9 Explorer in Splunk Search 11-21-2019 0 1	0	1
Bug? Custom drilldown cannot handle question mark Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio... by yuanliu SplunkTrust in Splunk Search 11-21-2019 0 2	0	2
How to extract words and digits from a particular field Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA... by majek81 New Member in Splunk Search 11-21-2019 0 3	0	3
How to get a numeric field extracted I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 The... by Regleston New Member in Splunk Search 11-21-2019 0 3	0	3
Splunk querying nested log I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? Me... by shwetamis Explorer in Splunk Search 11-21-2019 0 21	0	21
How to remove a duplicate from a lookup or only return one of the results? I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning... by bmkaiser Explorer in Splunk Search 11-21-2019 2 5	2	5
Unable to extract value and receiving error message What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" \| rex field=_... by shwetamis Explorer in Splunk Search 11-21-2019 0 3	0	3
extract valued of a field Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ... by mmengu416 New Member in Splunk Search 11-21-2019 0 2	0	2
Dynamic multiple field and value extraction Hello together, i use splunk the version 7.2.4.2 and had the following issue by creating a dynamic field exctration.... by ronpestler1 Explorer in Splunk Search 11-21-2019 0 2	0	2
How to combine information to a list Hello, I have a query to get the following lines: element ID value temp (wanted) ABC 1 fal... by jenniferhao Explorer in Splunk Search 11-21-2019 0 1	0	1
Seeking help running excessive DNS queries report Hi Splunkers. I'm not very good with writing more complicated searches so I am seeking your help. I wrote a search to... by dharveynswccd Path Finder in Splunk Search 11-21-2019 0 6	0	6
How to join two events based on one common value? Hi, I have two different events of data : Event 1 = mail : id_mail : 1 title_mail : test mail_srv : host1 Event 2 ... by Naaba New Member in Splunk Search 11-21-2019 0 9	0	9
How do I get a unique count with my query? Below is a query that I am able to get a list of accounts, and the total times they each have been received. How can... by lyonsbm New Member in Splunk Search 11-21-2019 0 4	0	4
Table Different from Return Hello, I don't understand why the values in my \| table are different from the values in my \| return.... \| format comm... by genesiusj Builder in Splunk Search 11-21-2019 0 6	0	6
How do we clean our multi-site replication and search factor settings? On our cluster master I see the following - [clustering] .... mode = master multisite = true available_sites = site... by danielbb Motivator in Splunk Search 11-21-2019 0 1	0	1
Alert - Throttling is not working for search query Hi, I have a requirement. Please suggest how to proceed further. In the Alert need to run the search query for every ... by prsubramanian New Member in Splunk Search 11-21-2019 0 0	0	0
How to combine two fields with eval ? paymenttype RefunpaymentType DEBIT DEBIT GIFTCARD ... by monipinni Explorer in Splunk Search 11-21-2019 0 5	0	5
Restoring old data to Splunk Indexer Cluster Hi All, We have 7 indexers and they are in a cluster. Our hot and warm buckets are stored inside the local storage o... by shiv1593 Communicator in Splunk Search 11-21-2019 0 2	0	2
Convert epochtime to minutes Hi I need to Convert an #epoch time to #minutes any ideas please guys would be really grateful - Thanks by nwoolley Engager in Splunk Search 11-21-2019 0 2	0	2
Table keep last event by criteria Hi I've a question regarding stat or eventstat option last. I would like to keep the last "event" in a table with se... by erwanlebaron Engager in Splunk Search 11-21-2019 0 2	0	2