Splunk Search

Community Activity

How do I write the regular expression to extract the domain name from email addresses in SMTP logs? Hi, I am really new to Splunk and Regular Expression stuff. I was planning to extract just the domain names of all e... by jspvkey Explorer in Splunk Search 09-30-2019 0 7	0	7
please help on how to achieve the below kind of lookup/rename for 100+ fields of my events My event log has comma separated field values of 100+ fields. Each field can have about 2-15 different values. Exampl... by smiththebest New Member in Splunk Search 09-30-2019 0 3	0	3
how to add same values totals in the field Status Count Failed 2 Passed 16 Skipped 22 Failed 66 Passed 7 Skipped 8 Please help me out on how to add the va... by haripriyasarve1 Explorer in Splunk Search 09-30-2019 0 1	0	1
Dedup command not working after using the stats list command When I am running the following search: index=main sourcetype="access_combined_wcookie"\| stats list(useragent) as Br... by kmrkunal New Member in Splunk Search 09-29-2019 0 2	0	2
2つのIndexerのデータを連携する方法をご教授ください２つのデータを別のindex名でインポートしました。２つのデータは、共通の端末IDにてリンクを取ることが可能です。・データA：各端末のバージョンを持ったデータ・データB：各端末のエラー情報を持ったデータやりたいこととしては、... by tonakano Engager in Splunk Search 09-29-2019 0 2	0	2
How to extract an IP address across different pattern of events? I'm trying to extract IP (v4) addresses from different events. For instance, for an event such as: [...] sent ping ... by luca1 New Member in Splunk Search 09-29-2019 0 3	0	3
Discarding source type data from _raw event after per-event source type override? Disclaimer: This is a "self-answering" question: I'm already doing what the question asks. I'm "asking" this question... by Graham_Hanningt Builder in Splunk Search 09-29-2019 0 2	0	2
How to break out eventstats by day? I have an eventstats search that is working well. What I am having a difficult time with is that I am unable to retur... by fmatera Explorer in Splunk Search 09-28-2019 0 2	0	2
results are being truncated in join query Problem: i have 200000 splunk events from which i only want 15000 events ( like vlookup in excel) Splunk events c... by manishyadav91 New Member in Splunk Search 09-28-2019 0 10	0	10
Finding events immediately following/preceding another event tldr: I have an event of interest, and I want to find the next qualified event after it, but without specifically usi... by automayt Explorer in Splunk Search 09-27-2019 0 1	0	1
How to rename extracted values I have the following data: Code Area 1234.1234 ABC 9933.9933 DEF 6611.6611 GHI 8910.8910 ABC 8910.111... by sb01splunk Explorer in Splunk Search 09-27-2019 1 3	1	3
Lookup Table Question Hello, This probably a stu*** question, but I am not able to find a clear answer. My code to generate the lookup tab... by genesiusj Builder in Splunk Search 09-27-2019 0 3	0	3
Timechart of two stats with split by same field, one as overlay, then color code columns based on uncharted value I've been doing ugly hacks around this need for months and now I need to dig in and figure out an eloquent solution e... by cblanton Communicator in Splunk Search 09-27-2019 0 0	0	0
What would intermittently cause less events to return the raw data versus the total number of events it says it matched on? This has been happening every now and then on our instance where we will have users run a search, it says it will ret... by briancronrath Contributor in Splunk Search 09-27-2019 1 2	1	2
Log extrapolation problem Good evening We have installed Splunk Enterprise Version 6.6.0.0. If we look for logs, the extrapolation is ok. If w... by omicron New Member in Splunk Search 09-27-2019 0 1	0	1
How to format event in search Hi, I am running a search and the event structure is displaying as: { [-] line: 2019-09-27 11:47:29,696 [server]... by gentcore New Member in Splunk Search 09-27-2019 0 1	0	1
Interpreting execution costs on the Job Inspector page: Query update Could see an old question in 2010 , but just getting confused on the timings/duration vs execution cost I've a sear... by koshyk Super Champion in Splunk Search 09-27-2019 1 1	1	1
How to format multi-value table I need help formatting a mulitvalue field, the desired output below, followed by data in the field. For the data in ... by paulholguin New Member in Splunk Search 09-27-2019 0 3	0	3
Count the number of api occurrence in 10 second I have the following API's, for which I need to count the occurrence of each in every 10 seconds for 1 hour time inte... by JyotiP Path Finder in Splunk Search 09-27-2019 0 3	0	3
Difference bewteen two variable date reports, considering the direction Hello, I'm trying to create a search that shows what results are missing today - a, compared to yesterday - b. a and... by ABurk New Member in Splunk Search 09-27-2019 0 3	0	3
how to execute a search everyday and every 8 hours I have three teams in industrial company, the first starts work at 6am, the second at 2pm, and the third at 10pm, the... by amani28 New Member in Splunk Search 09-27-2019 0 6	0	6
Update indexed data after a monitored file has been changed Dear friends, with my company besides investigating log-data we are getting ready to roll-out splunk for the Busines... by mkohl New Member in Splunk Search 09-27-2019 0 2	0	2
How to print a change in value Hi all, Please help me to set an alert when a value change occurred. Also, I need to print old and new values. by tech_soul New Member in Splunk Search 09-27-2019 0 1	0	1
SNMP polling get data of same oid (modular input app) Hello Splunker's, I use the SNMP modular input application, to collect SNMP polling data. I want to recover only a... by TISKAR Builder in Splunk Search 09-27-2019 0 1	0	1
Is it possible to exclude search results with two lookup files? Hi,all I'm sorry but I use lookup for the first time. Is it possible to exclude search results with two lookup file... by subachu New Member in Splunk Search 09-26-2019 0 3	0	3