Splunk Search

Community Activity

Macro with tsats query returns no results. I've created several macros with a tstat query. when running the macro through the UI, no results are displayed. When... by jscraig2006 Communicator in Splunk Search 10-31-2019 0 1	0	1
Help removing strings after a certain string with Rex I'm trying to remove characters after a certain string in my search string. I am still getting the strings after "3"... by harshparikhxlrd Path Finder in Splunk Search 10-31-2019 0 2	0	2
Exclude a specific date/time of data from an overall average I am calculating monthly averages and have an issue where on a single day in October there was an error in the data. ... by DanielleM Explorer in Splunk Search 10-31-2019 0 2	0	2
Does fields break streamstats? I have a query using streamstats that is on the intensive side because I'm not dealing with nicely-formatted data. (... by rmmiller Contributor in Splunk Search 10-31-2019 0 9	0	9
How to remove stats list limits that result to 100 despite count=0? In a search executed via Python SDK, the stat list truncates results to 100 results, despite the fact that count=0. ... by alancalvitti Path Finder in Splunk Search 10-31-2019 0 9	0	9
How to creat named field with regular expression Hi Team, I would like to create a named field to filter Ethernet port numbers. My expression: \beth\d(?:-\d+)(?:/\... by dabroma5 Explorer in Splunk Search 10-31-2019 0 5	0	5
How to create named fields with regular expression Hi Team I need to filter logs to catch switches port numbers. I use Splunk Cloud, my expression: \beth\d*(?:-\d+)... by dabroma5 Explorer in Splunk Search 10-31-2019 0 7	0	7
Need to remove particular character from a field value Hi Ninjas, I have the following values for host name field . appra94a0350 appra92a0350 appra84a0201 appra25a0201 ap... by pench2k19 Explorer in Splunk Search 10-31-2019 0 2	0	2
Eval, Replace and Regular Expression Hi Guys! i've got the next situation Trying to replace some characters in this events: \device\harddiskvolume4\wind... by jnahuelperez35 Path Finder in Splunk Search 10-31-2019 2 3	2	3
Field extraction of similiar field across multiple line from Powershell logs Hi, i was hoping to extract all the fields after "CommandInvocation" that appears in the PS log but i wasnt able to e... by totaro Explorer in Splunk Search 10-31-2019 0 2	0	2
How do I only index events within a log that start with a specific series of characters? Hello all, I am trying to index a subset of a very painful log which has header and footer noise and whose events st... by andrewtrobec Motivator in Splunk Search 10-31-2019 0 2	0	2
SOLVED - How to combine related fields I have this search to display sourcetypes by index. \| metasearch index=* sourcetype=* \| stats values(sourcetype) as ... by bleung93 Path Finder in Splunk Search 10-31-2019 0 2	0	2
How to mask credit card data in splunk using SEDCMD in props.conf on a HF... I'm using this regex to mask cc data in props.cof on a Heavy Forwarder....need help in validating.... log format ... by prakash007 Builder in Splunk Search 10-30-2019 0 5	0	5
How do I filter string values from a greater-than-or-equal-to numerical comparison? I have a field in my query called Attempt that is either a non-negative integer or a special value "null". I use the ... by entpnerd Explorer in Splunk Search 10-30-2019 0 1	0	1
max of two column Hi , my search output is like mysearch \| table col1 col2 col3 I want col4 as max(col1,col2) Thanks by vb1612 New Member in Splunk Search 10-30-2019 0 1	0	1
Blocked Field Values Trying to find the definition of the various values of the Blocked field. Yes and No are self explanatory, but I have... by stasiakm New Member in Splunk Search 10-30-2019 0 1	0	1
Help extracting from L15= so Please help me extract NGN4000000 from L15= so I can have a field of TotalCash_In_ATM=NGN4000000. 2019-10-29 12:... by rhugo Observer in Splunk Search 10-30-2019 0 5	0	5
Forcing a zero count in Time Chart I'm producing a report for some service owners. It is designed to give them a breakdown of successes and failures spl... by watsm10 Communicator in Splunk Search 10-30-2019 1 10	1	10
Search query result from two log statements. Hi, I wanted to search result as count from two log statements. one log statement has value "...Out of stock ..." a... by mahenderj New Member in Splunk Search 10-30-2019 0 3	0	3
Is it possible to use if else condition based on the search to create stats? index=concourse sourcetype="deployments: csv" if project = * and team=$team$ \| stats count by project, team elif team... by nukarajusundeep New Member in Splunk Search 10-30-2019 0 4	0	4
Help with some basic REGEX please? In this string: Version=\x221.7.53a\x22 I want to capture everything in between \x22 and \x22 so the result... by pir8radio Path Finder in Splunk Search 10-30-2019 0 6	0	6
inverse join in Splunk I have a search between two data sets using join, let's say sourcetype A and B. My search looks like this: sourcetyp... by jonthanze Explorer in Splunk Search 10-30-2019 0 2	0	2
How to determine if forwarder weight distribution is good from search? I need help figuring something out. Got this search during .conf19 to be used to do a Forwarder weight distribution s... by mhouse New Member in Splunk Search 10-30-2019 0 3	0	3
How can we find out whether a string has three open parentheses characters? We would like to find out whether a certain string has three open parentheses characters in any order. Can we do it w... by danielbb Motivator in Splunk Search 10-30-2019 0 5	0	5
Help with Regex - Removing Text from Field I have a field where results are 'some letter & number combination of 3 or 4 characters' that includes txt on the end... by chrisschum Path Finder in Splunk Search 10-30-2019 0 6	0	6