Splunk Search

Community Activity

Simple rex works on REGEX101 but not in splunk. Hey so I have a list of of values, that need to be standardized. The values I'm need to transform look like this: Po... by codedtech Path Finder in Splunk Search 09-19-2019 0 1	0	1
DateStamp removal from a specified path ? Hi, I want to remove the date convention from a specified path ,can anyone help me with the rex command use for it ?... by bapun18 Communicator in Splunk Search 09-19-2019 0 1	0	1
Calculate the value of a field based on the values of other fields I have a some fields like this: Group_servers\|Name_server\|Status Group1\| server1\|OK Grou... by alex_orl Engager in Splunk Search 09-19-2019 0 2	0	2
How to access data from table that is not displayed Hello, I have a table with three columns, but I only want to display two columns, so I use the field command. When I... by mabinn Explorer in Splunk Search 09-19-2019 1 3	1	3
How can I produce results with a span of 1 day Hi, I am joining several source files in splunk to degenerate some total count. One thing to note is I am using ctcS... by Gowtham0809 New Member in Splunk Search 09-18-2019 0 8	0	8
Alert based on same domain count We have email data reported in Splunk and I want to build an Alert, based on a search, that can trigger if it sees mo... by balcv Contributor in Splunk Search 09-18-2019 0 1	0	1
How to extract values from three levels deep list Hello splunkers, currently the appevent that I'm working on contain lists within lists : trx: [ [-] { ... by helmekkaoui New Member in Splunk Search 09-18-2019 0 6	0	6
Charting Total Index Size vs Used Space Inside Index Hello to all, We have a few indexes that are configured with different max MB's. I want to be able to create a das... by aferone Builder in Splunk Search 09-18-2019 0 3	0	3
Arrange non-null values in a field Hi, I have the below events 100, ABC, , , 110, DEF, , , , , , , , ,120 ,GHI, 130, JKL, , , , , , , , ,140 ,MNO , ... by rupesh26 Path Finder in Splunk Search 09-18-2019 0 2	0	2
The system is approaching the maximum number of historical searches that can be run concurrently. current=7 maximum=8 I am not searching anything why above message display very frequently? While I have deleted all saved search. by jangid Builder in Splunk Search 09-18-2019 1 13	1	13
Retrieving unique values of an indexed field Is there a quick way to retrieve the list of all unique values of an indexed field? I know I could search for the fi... by NancyCunningham Engager in Splunk Search 09-18-2019 3 7	3	7
How to extract data from Splunk to get the allowed and blocked events count separately for each firewall I have few firewall logs coming into the Splunk. I need to extract the data from Splunk to get the allowed and blocke... by anshubathla New Member in Splunk Search 09-18-2019 0 2	0	2
How to count stats by grouping substring from an URI Here is my search: index=app sourcetype=access context=PL uri=/PL/data/2.0/space/* and I have the following logs ... by prakashpnvs Engager in Splunk Search 09-18-2019 0 2	0	2
Eval condition in props.conf using mvindex? I have a field which contains 2 values for every event as shown below: Field Name :- Username Example Values :- A,B... by pavanae Builder in Splunk Search 09-18-2019 0 4	0	4
Column not appending to first search I have read a lot of similar questions to mine but I still can't get the results to work as needed. I have two searc... by l0gik Explorer in Splunk Search 09-18-2019 0 2	0	2
How to get stats from log and display src,dest from another log having uniqueId is common I have a set of logs... log1 is task startingtime log having taskbegin ,uniqueID, src ,dest and log2 is task endTime... by arjun_krishna Explorer in Splunk Search 09-18-2019 0 4	0	4
Regex command causing the search to not work - unknown search command Hi People, I am trying to run a regex command to cut out a part of the REQ field, On regex 101 it is working fine, ... by ssjabid Explorer in Splunk Search 09-18-2019 0 5	0	5
How to divide each line and data row? ServiceTitle KPITitle ... by htramtran83 Explorer in Splunk Search 09-18-2019 0 5	0	5
Is there a way to recover a dataset? Someone accidentally deleted a dataset - a lookup from the app's Datasets section. Is there a way to recover it? It's... by danielbb Motivator in Splunk Search 09-18-2019 0 2	0	2
Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search? My search starts with this: tag=kpi earliest=1521504000 latest=1521849600 \| table _time enterprise_id facility_id sh... by seva98 Path Finder in Splunk Search 09-18-2019 0 3	0	3
Field Alais created were not working We have created several Field aliases based on different source and source types in our splunk query. Most of the F... by Gowtham0809 New Member in Splunk Search 09-18-2019 0 3	0	3
Receiving "OR OR" error message Hello, My colleague and I noticed an issue in the following SPL. If there is data, the SPL works. If there isn't any ... by genesiusj Builder in Splunk Search 09-18-2019 0 10	0	10
How to convert base search query that uses stats into a timechart? Hi, I want to display this query in my dashboard in two different charts. So this is my base search query: search ba... by lsy9891 Engager in Splunk Search 09-18-2019 0 3	0	3
How to count one field multiple times with different condition? Since I am new to Splunk is there is demo query for calculating this will be helpful,Basically, i want to count one f... by rj12 Loves-to-Learn Lots in Splunk Search 09-18-2019 0 1	0	1
How to fix this datamodel error ? "Error decompressing zstd block: Corrupted block detected" This error appears when I search with datamodel but this... by arahf Loves-to-Learn in Splunk Search 09-18-2019 0 1	0	1