Splunk Search

Community Activity

１レコード内の複数の連続したデータを取り出して結合する方法ご教授ください。１つのレコードのパラメータで連続したデータA[],B[],C[]があります。これらのデータの中身の個数は同数であり、順番も連携しています。それぞれを取り出して意味のあるデータData(A[1],B[1],C[1... by tonakano Engager in Splunk Search 10-23-2019 0 6	0	6
How to rename field with * inside like: Service* Hi I need to rename a field name (from lookup csv) with special character inside, like: Service* Status+ the probl... by buzek Explorer in Splunk Search 10-23-2019 0 8	0	8
Compare values from log and lookup I have a lookup table that contains the data similar to the: Service_name, IP, Port HTTPS, 10.10.10.10, 443 DNS, 10.1... by ialahdal Path Finder in Splunk Search 10-23-2019 0 3	0	3
Search Count is different in direct search vs in table I am seeing an odd behavior where my search event count is different when the exact query is run separately vs when u... by asubramanian Explorer in Splunk Search 10-23-2019 0 1	0	1
What is the moving window for in finding outliers? Hi Splunkers, I referenced Splunk documentation on finding outliers below. Why is there a need for moving a windo... by sssignals Path Finder in Splunk Search 10-23-2019 0 1	0	1
Stats Max issue I have a query that I am running using dbxquery for specific reasons. Anyway I have run into an interesting issue th... by willadams Contributor in Splunk Search 10-22-2019 0 2	0	2
How to search more than 1 year data Hello, I want to search more than one year data for particular machine. How to check is possible to get more than ... by brpsingara Explorer in Splunk Search 10-22-2019 0 6	0	6
How to ignore case and remove characters? I occasionally use Splunk as part of my job to research issues, but am very much a novice. The query below charts the... by rmhughes Explorer in Splunk Search 10-22-2019 0 4	0	4
Word Count in a Url Newbie Here ! How can I get a word count in a url? I am trying to count the number of occurrence of a word "organizat... by tomlimbu New Member in Splunk Search 10-22-2019 0 2	0	2
Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘. Hi, So I'm inheriting some splunk code that I'm going through and cleaning up. It contains: rex field=source "/data... by tristanmatthews Path Finder in Splunk Search 10-22-2019 8 28	8	28
Need Particular Host "DNS-DC-01" data from metadata I want to search "August 2018 activity on machine DNS-DC-01" Could you please help me, how to use metadata for part... by brpsingara Explorer in Splunk Search 10-22-2019 0 4	0	4
Need help in field extraction In the below log, I need to extract genres from the log. In a single log there are multiple genres. Such as for the b... by vikcee Path Finder in Splunk Search 10-22-2019 1 6	1	6
Why doesn't my base search query work? I wrote this base search query: host=NETWEBA* sourcetype="WinEventLog:Application" AND ApplicationSource="/jpw*" AND... by lsy9891 Engager in Splunk Search 10-22-2019 0 1	0	1
How to build daily average (response time) with data containing hourly average and number of events per hour? Hello Everyone, I construct a csv (output)lookup file containing the hourly average response time, the hourly number... by tomgc Engager in Splunk Search 10-22-2019 1 2	1	2
Need to filter search to match src_user and time from one eventcode below is what I have so far. What I need to do is match the src_user from event code 4724 and the time to events in 4... by lgrachek Explorer in Splunk Search 10-22-2019 0 8	0	8
How to get transaction to ignore endswith if startswith doesn't exist I have an issue where my transaction search finds endswith events with no startswith events. Not to go into too much ... by mikecal Explorer in Splunk Search 10-22-2019 0 3	0	3
how to transform from row to rows ? i have data like this : used_memory free_memory total_memory used_swap free_swap total_swap 665268 ... by cuongnguyen112 Engager in Splunk Search 10-22-2019 0 5	0	5
Multi search / correlate conundrum Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puz... by jeremywebb Explorer in Splunk Search 10-22-2019 1 4	1	4
URGENT REQUEST: how to pull specific values from given query? sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" \| rex field=_raw "\... by iqbalintouch Path Finder in Splunk Search 10-21-2019 0 2	0	2
How to extract a word from raw data in Splunk using rex SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ... by kavyamohan Explorer in Splunk Search 10-21-2019 0 4	0	4
How to format a website/service downtime duration calculation results Hi all, I have the below dataset for a website. Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10... by venky1544 Builder in Splunk Search 10-21-2019 0 4	0	4
How to send a single email to multiple email id mentioned in different rows of the table Hi All I have following table as outcome of my query :- Name lastname Emailid A D ab... by rahulbhatia Path Finder in Splunk Search 10-21-2019 0 1	0	1
Compare two lookup tables Hello all... I have to compare two lookup table files in splunk. One is a list of hosts that should Be logging, and t... by brent_weaver Builder in Splunk Search 10-21-2019 0 1	0	1
Return value based on another field using a muilti-value field Here is my data in the table: Index Field1 Field2 1 0 A,B,C 1 -5 D,E,F 1 -10 G,H,I I have... by pyroman26 New Member in Splunk Search 10-21-2019 0 1	0	1
How to compare fields value with old fields value I am trying to make a search that will compare the fields value with the old fields value to determine if there is an... by kulwindersandhu New Member in Splunk Search 10-21-2019 0 10	0	10