Splunk Search

Community Activity

How to extract from multiline events using regular expressions with variables? Hi, I have a rather large multiline event which I am trying to extract data from. The problem is that the format is ... by arisat Engager in Splunk Search 09-25-2019 0 3	0	3
Warning in email notification in splunk Dear Team, We have configured the email notification in splunk but we are getting the below warning message. How can... by santosh11 New Member in Splunk Search 09-24-2019 0 2	0	2
custom time range to sub search Hi, I want to run a search for a selected time range, and also want to do a sub search for the same duration in the p... by amerineni Loves-to-Learn in Splunk Search 09-24-2019 0 3	0	3
Unable to search for logs from console Somehow i have not got logs from universal forwarder servers since Sep 11, How to find out the reason ? by andydong New Member in Splunk Search 09-24-2019 0 2	0	2
一定数値の範囲の数をカウントしたいご教授ください。今日の日付とデータの日付を比較し、差分（何日間）をdurationという名前で抽出ししました。このdurationを一定の範囲の数をカウントしてビジュアライズしたいと考えたのですが、この範囲カウントが出来ませんで... by tonakano Engager in Splunk Search 09-24-2019 0 2	0	2
tonumber() not working on scientific notation Hi All, I am indexing a file with JSON and epoch values on the JSON are written in scientific notation An example o... by 999chris New Member in Splunk Search 09-24-2019 0 3	0	3
How to search with "IN" to produce same results as "OR"? I have a search with a bunch of OR's and I wanted to replace it with "IN" however I do not get the same results. My ... by balcv Contributor in Splunk Search 09-24-2019 0 2	0	2
Convert a dashboard into an APP Is it possible to convert a dashboard into an APP? I am trying to make it easier for managment to access it. If it ... by lamelendrez Loves-to-Learn Lots in Splunk Search 09-24-2019 0 1	0	1
How to 'join' two data sets but neither left join or inner join are suitable? Hi everyone, I've tried to answer this myself but no luck. I fear it might be so simple i'm overlooking it. I'm comf... by lewisgrantevans Explorer in Splunk Search 09-24-2019 0 3	0	3
Display Dates that Expire in 90 days Hello, We have a field called "Certificate Expiration Date" and trying to only show items that expire 90 days or le... by jordanking1992 Path Finder in Splunk Search 09-24-2019 0 1	0	1
How to group by a field and display multiple fields I have trace, level, and message fields in my events. I want to group by trace, and I also want to display all other ... by andytangjpmc New Member in Splunk Search 09-24-2019 0 1	0	1
Odd escape handling with regex and rex? How do I cross-check an inputs.conf blacklist? Hello, I'm attempting to verify a blacklist parameter for a wineventlog stanza by using regex and rex in search and ... by mbrownoutside Path Finder in Splunk Search 09-24-2019 0 1	0	1
Is it possible to reuse a field regex in multiple alerts? We have a large number of alerts which extract data from nginx logs and ping under certain conditions. In each of the... by tescowill New Member in Splunk Search 09-24-2019 0 1	0	1
Select only some fields from csv to index Hi all, I'm in enviroment so configured: 1 uf, 1 hf, 4 indexers, 1 search head, 1 master cluster. I've to index a l... by fabrizioalleva Path Finder in Splunk Search 09-24-2019 0 1	0	1
View percentage with count Hi all, I'm pretty new to Splunk and I'm trying out different things to challange myself. I completed the fundementa... by jonydupre Path Finder in Splunk Search 09-24-2019 0 4	0	4
How to show Trending compared to last month value Hello , I want to show trending compared to last score calculated. I have multiple single panels calculating one fiel... by avni26 Explorer in Splunk Search 09-24-2019 0 6	0	6
Audit splunk It is unclear for me why there isn't any easy and comfortable way to search all the objects that have been changed on... by astatrial Contributor in Splunk Search 09-23-2019 0 2	0	2
eventtype which contains macro is not working Hi Splunkers, I have distributed environment. when I tried searching for eventtype which contains macro is not worki... by thambisetty SplunkTrust in Splunk Search 09-23-2019 1 8	1	8
How to add multiple fields count values Hello, I have 6 fields that I would like to count and then add all the count values together. For example I have S... by cooperjaram Engager in Splunk Search 09-23-2019 0 7	0	7
Can we make a search id persistent Dear Team, We want to make a search id persistent in splunk can we do that? by using the search id we want to run th... by santosh11 New Member in Splunk Search 09-23-2019 0 0	0	0
Alternative for join. index=core a=BuilderService AND "decision.received" "Overrides" NOT "ItemOverrides=()" NOT commitCode=null \| rename ... by sandeepmakkena Contributor in Splunk Search 09-23-2019 0 3	0	3
How to calculate time difference between two identical events I have the following events **2019-09-20 01:39:25 INFO Listener processing event with message metal:AUD:ADJ 2019-09... by peeeeeeeeeeter Engager in Splunk Search 09-23-2019 0 5	0	5
Extract fields from array of data and find best performing currency. SSP Request: {<!-- --> "disableAMLFlag" = "false"; "orderAttributes" = {<!-- --> "OrderAttributes" = {<!-- --> "requestPostalIn... by sandeepmakkena Contributor in Splunk Search 09-23-2019 0 0	0	0
How to find values that are not in a summary index Good day, I have sysmon information collected in an index called sysmon. I also have created a summary index "HASh256... by mpasha Path Finder in Splunk Search 09-23-2019 0 1	0	1
How to calculate state based on values from many searches I'm using a dashboard to display the state of some services. For this purpose, I must takes single values from many s... by prsepulv Explorer in Splunk Search 09-23-2019 0 5	0	5