Splunk Search

Community Activity

Going crazy with simple Regex Hello, I wasted way too much time on my not working regex : Here's what my _raw data looks like : < Instrument=... by Zakary_n Path Finder in Splunk Search 10-29-2019 0 8	0	8
STRPTIME date question - Conf19 The below SPL works. The lastLoginDate is a range of dates from 2018 through 9/30/2019. I would like to find the las... by macattck Engager in Splunk Search 10-29-2019 0 8	0	8
From epoch to _time for make a timechart based search. Hello! i hope you can help me with this. I´m trying to set as _time an epoch field located at "rt" field. But if ... by cpm003 Path Finder in Splunk Search 10-29-2019 0 1	0	1
Splitting a column into two "even column index" and "odd column index" Hello, I have a column looking like this: Value 1.234 2.456 7.223 0.765 ... Preliminary I know that each first row ... by akashtanova Engager in Splunk Search 10-29-2019 0 3	0	3
help on appendcols subsearch hi I use the search below in order to calculate a percentage but I have a wrong result I am explaining When I execut... by jip31 Motivator in Splunk Search 10-29-2019 0 3	0	3
Deploy model from mltk toolkit experiment to predict next 5 values Hello Colleagues, I created an experiment to predict the numerical values and have a model generated / published. So... by damucka Builder in Splunk Search 10-28-2019 0 1	0	1
Splunk calculate sequential sum for every timestamp Hello, I would like to create fields (or a field with multiple values) which represents the sum for each timestamp. ... by ruhtraeel Path Finder in Splunk Search 10-28-2019 0 7	0	7
How to preventy hyphens in fieldnames with KV_MODE JSON? Hi everybody, I am extracting nested JSON with KV_MODE = JSON, which seems to work correctly. My problem is, I am ge... by jbrocks Communicator in Splunk Search 10-28-2019 0 2	0	2
ERROR SearchParser ERROR SearchParser - The search specifies a macro 'bcoat_request' that cannot be found. Reasons include: the macro na... by erlindemberg Explorer in Splunk Search 10-28-2019 0 2	0	2
How to use a value without including it in search results I am running a map command off of an initial search. The map ends with a sendemail command which sends a table of res... by w564432 Explorer in Splunk Search 10-28-2019 0 1	0	1
Why isn't this regex working on /var/log? Hi, I'm using a Single Instance of Splunk 6.6.2 and I've tried filtering some events of my log using the code below,... by rafamss Contributor in Splunk Search 10-28-2019 0 18	0	18
Good unix way check if splunkd and splunkweb are running What's a good Unix-y way to check whether splunkd and splunkweb are running? (I know the bin/splunk command does thi... by jeffoptimizely Explorer in Splunk Search 10-28-2019 3 9	3	9
How to apply color to a field with multiple values appended together? JobExecutionTime 2652.180000 3462.840000 823.780000 I have a field named JobExecutionTime and i have it as a list o... by kavyamohan Explorer in Splunk Search 10-28-2019 0 1	0	1
where in splunk do I find the CLI for Rest API I have logged in and "installed" the Rest APi App I cant seem to find where to go to use it? by peter_pergament New Member in Splunk Search 10-28-2019 0 8	0	8
How to calculate the difference between two fields on two paired events matched via the contents of a third field? Trying to calculate out a "TransactionTime" time by pairing two events by one matching field (ECID) and then working ... by jamesofthedead8 Explorer in Splunk Search 10-28-2019 0 4	0	4
How to run stats for just user and return values for other fields? I have the following search looking for > three login attempts with > 0 successes and two or > failures by user, src,... by jwalzerpitt Influencer in Splunk Search 10-28-2019 0 6	0	6
Could not construct lookup Hi, I'm having an issue with a splunk lookup and I can't work out what the issue is. I have a lookup file, that amon... by gopenshaw Explorer in Splunk Search 10-28-2019 0 1	0	1
Why only one condition works for where clause in a tstats search Hi Splunkers, when I set 2 conditions for the same field to where stanza - I get 0 results. Example: \| tstats summa... by evelenke Contributor in Splunk Search 10-28-2019 1 6	1	6
How to create a search to alert me when a user is part of one or more groups in a specific OU? I'm having trouble writing a query in splunk to notify me when a user has been added to one or more groups in a speci... by loza176 New Member in Splunk Search 10-27-2019 0 4	0	4
How do I subtract values from different events and fields based on a common field? Please help, I'm stuck on this problem for a while. Basically, lets say I have different events with fields like this... by thomaszheng New Member in Splunk Search 10-26-2019 0 1	0	1
Sorting Question for joins I have been trying to sort this and I can not seem to be able to get it. index=uberagent* sourcetype=uberAgent:Syst... by jgillman Explorer in Splunk Search 10-26-2019 0 5	0	5
how to exclude sending logs to heavy forwarder which ends with a specific string using transforms.conf in cluster master? The following are my transforms.conf and props.conf in my cluster master transforms.conf [send_to_heavyforwarder]... by pavanae Builder in Splunk Search 10-26-2019 0 3	0	3
After configuring LDAP authentication with AD groups. Few users are unable to login although they belong to same AD group. We have newly setup the Splunk Environment in AWS platform where we have used LDAP authentication method and created ... by shashwatsandeep New Member in Splunk Search 10-25-2019 0 1	0	1
Can you help me extract the following field using regular expression? I want to extract the Autosys_Job from the below log snippet and so used the below rex. Log Snippet : Query : rex ... by Deepz2612 Explorer in Splunk Search 10-25-2019 0 2	0	2
Is it possible to define multiple evals as default for each search? Hi, I would like to know whether it is possible to perform something like this per default for each and every search... by HeinzWaescher Motivator in Splunk Search 10-25-2019 0 4	0	4