Splunk Search

Community Activity

	Help with some basic REGEX please? In this string: Version=\x221.7.53a\x22 I want to capture everything in between \x22 and \x22 so the result... by pir8radio Path Finder in Splunk Search 10-30-2019 0 6	0	6
	inverse join in Splunk I have a search between two data sets using join, let's say sourcetype A and B. My search looks like this: sourcetyp... by jonthanze Explorer in Splunk Search 10-30-2019 0 2	0	2
	How to determine if forwarder weight distribution is good from search? I need help figuring something out. Got this search during .conf19 to be used to do a Forwarder weight distribution s... by mhouse New Member in Splunk Search 10-30-2019 0 3	0	3
	How can we find out whether a string has three open parentheses characters? We would like to find out whether a certain string has three open parentheses characters in any order. Can we do it w... by danielbb Motivator in Splunk Search 10-30-2019 0 5	0	5
	Help with Regex - Removing Text from Field I have a field where results are 'some letter & number combination of 3 or 4 characters' that includes txt on the end... by chrisschum Path Finder in Splunk Search 10-30-2019 0 6	0	6
	How to regex match on back slash in character class? I am trying to use a regex to extract a PowerShell script that is being executed in a way that also includes the dire... by frbuser Path Finder in Splunk Search 10-30-2019 0 1	0	1
	Why is a long-running scheduled search running multiple times over a short time period? Splunk Enterprise, v7.0.3 I ran the search in https://answers.splunk.com/answers/750097/search-performance-impact-ho... by esalesapns2 Communicator in Splunk Search 10-30-2019 0 0	0	0
	help on issue with join subsearch hi I use the search below in order to display a pie chart When I execute the first part of the search (before join),... by jip31 Motivator in Splunk Search 10-30-2019 0 4	0	4
	dedup events with same timestamp ? I am facing issues wherein the events with same timestamp are not showing in results, when I dedup based on time, but... by pgadhari Builder in Splunk Search 10-30-2019 0 10	0	10
	UC_tor_traffic Hey guys, Is there any way how splunk get this lookup update itself or do we need to manually feed it? if yes what i... by pavanbmishra Path Finder in Splunk Search 10-30-2019 0 2	0	2
	Need help getting grandparent/parent/child relationships to table Hi, I have data in the following format from Microsoft Windows OS process executions: FileName,ProcessID,ParentProc... by ngperf Explorer in Splunk Search 10-30-2019 0 5	0	5
	Help searching with not Hi all, For some reason, my search doesn't work properly. The search is as the one below: ....\| search NOT (x=3 AN... by astatrial Contributor in Splunk Search 10-30-2019 0 8	0	8
	Why is the same search producing different results on same dashboard? I have created a dashboard with two separate graphs one which counts the total number of calls made to the hosts and ... by jbassi1 New Member in Splunk Search 10-30-2019 0 3	0	3
	Why does adding a comment change the number of rows returned by a search? Using Splunk Enterprise 7.3.2 on a MacBook. Two searches on the same static (loaded-once) search index, same date ra... by bretlowery1 New Member in Splunk Search 10-29-2019 0 2	0	2
	How to get a multiselect form input to pass two types of values? When creating a search using pivot/data model, I can add a filter that looks something like: FILTER Brand in (brand... by spammenot66 Contributor in Splunk Search 10-29-2019 0 7	0	7
	Use a lookup file to tag IP blocks So what I want to do is tag all IPs that belong to certain AWS regions and filter out those IPs. I want to try and ta... by arseniof New Member in Splunk Search 10-29-2019 0 1	0	1
	How to make a string date UI sortable like _time? I have a string date field and would like to sort it in a table by clicking the field. No, I do not want it displaye... by nick405060 Motivator in Splunk Search 10-29-2019 0 1	0	1
	Issue :- Searching hexadecimal Data from Windows host I have recently deployed Splunk UF on windows machined, installation and setup is successful. But while searching the... by dvohra Explorer in Splunk Search 10-29-2019 0 4	0	4
	How to display the difference of results by source as a single value ,along with trending arrow of difference Hi Team, I have multiple sources in sourcetype. Want to see difference of result from last two sources. Latest source... by avni26 Explorer in Splunk Search 10-29-2019 0 7	0	7
	Splunk multiply many fields in one search and compare against another field Hello, I have data that comes in via JSON format that looks like this: name: Item1 pricePerOne:10 name: Item2 pric... by Tylerdygert Path Finder in Splunk Search 10-29-2019 0 4	0	4
	The fields are NOT showing up in an large multi-line event I have log data for a web service call. We log the web service call response status (success OR failure) as well as t... by khalilam1 New Member in Splunk Search 10-29-2019 0 4	0	4
	エラーの初回発生日をカウントしたいご教授ください。複数端末のログ情報を集計しています。その中で、ある特定のエラーが発生した日がいつで、それが端末の稼働時間のどのタイミングかを一定のレンジでまとめたいと考えています。現在の総エラー数であれば、eval rang=... by tonakano Engager in Splunk Search 10-29-2019 0 5	0	5
	calculate sum of duration between events I have events like below 2019-10-21 04:17:54.968, rev=true 2019-10-21 04:17:55.968, rev=true 2019-10-21 04:17:56.968... by ips_mandar Builder in Splunk Search 10-29-2019 0 4	0	4
	Going crazy with simple Regex Hello, I wasted way too much time on my not working regex : Here's what my _raw data looks like : < Instrument=... by Zakary_n Path Finder in Splunk Search 10-29-2019 0 8	0	8
	STRPTIME date question - Conf19 The below SPL works. The lastLoginDate is a range of dates from 2018 through 9/30/2019. I would like to find the las... by macattck Engager in Splunk Search 10-29-2019 0 8	0	8