Splunk Search

Community Activity

Why does fieldformat not work if field is renamed? I have reviewed https://answers.splunk.com/answers/63730/using-fieldformat-and-rename.html?utm_source=typeahead&utm_m... by seomaniv Explorer in Splunk Search 08-28-2019 0 3	0	3
Index vs Sourcetype - What's faster I am curious, does including an index help the search any when writing a search? This comes about as me and a frien... by chandlercr New Member in Splunk Search 08-28-2019 0 2	0	2
How to extract trailing numbers from a string with rex I'm trying to extract a string (alphabets and underscore) from a given string which can contain any number of numeric... by hmbisht Explorer in Splunk Search 08-28-2019 0 3	0	3
How to get all sets of response time from user to agent in the entire log In the above log User(Saj) to Agent(Rohi) Response for all the conversations in the log should be captured: In the ab... by rajaguru2790 Explorer in Splunk Search 08-28-2019 0 0	0	0
Need to return second line's agent response time as a separate field using Regex by finding the agent using system message "online for chatting" in the first line Rohi is the agent and Saj is the user. Using system message we can find the . Then we need to matc h the next line of... by rajaguru2790 Explorer in Splunk Search 08-28-2019 0 14	0	14
percentage i have a field called application_name it is indexing to Splunk for every 5 min. so if i run top command for getting ... by srinivasmanikan Engager in Splunk Search 08-28-2019 0 11	0	11
How to find certain field values and change the value into another field If the vulnerability column has a certain value then a new column called ‘Software_Affected’ has a corresponding valu... by ajdyer2000 Path Finder in Splunk Search 08-28-2019 0 3	0	3
How to convert time from an inputlookup Hi, I need help in converting the time provided by a lookup. \| inputlookup AD_User_LDAP_list \| search cn=jon1 \| fiel... by cip1 Engager in Splunk Search 08-28-2019 0 3	0	3
Need to run a transaction search based on the extracted value of another field. I run a search to find all events relating to a particular transaction number i.e. index=myindex searchstring \| tran... by sheloaha Path Finder in Splunk Search 08-28-2019 0 6	0	6
How to show side by side two tables of same field depending on value of another field For example, I have events that contain a Version field and also a timeTaken field. I want to display two tables of ... by elvistitus New Member in Splunk Search 08-28-2019 0 2	0	2
How to identify the average time taken to process an item? I am trying to create a pareto chart. I have already done that portion of the work. I have been asked to identify a n... by rwills2 New Member in Splunk Search 08-28-2019 0 2	0	2
help me in writing Regex for the below data <37>Aug 27 10:52:59 DC1TPSMS02 CEF:0\|TippingPoint\|UnityOne\|1.0.0.17\|7611\|Suspicious Country Blacklist\|1\|app=IP cnt=1 ... by vikram1583 Explorer in Splunk Search 08-28-2019 0 21	0	21
rex multiple matches in single event Hi, I using a query : index=abc source="unknown.log" "192.0.44.13" \| rex "Value 0: (?<device>.*)" \| rex "Value 1: (... by surekhasplunk Communicator in Splunk Search 08-28-2019 0 5	0	5
Field extractions for my app not showing up in search I have a custom set of logs where I wrote out the regex to parse it. I then created a field extraction via the searc... by DEAD_BEEF Builder in Splunk Search 08-28-2019 0 3	0	3
How to sort search and get rid of the count from LAST_MODIFIED_DATE and have them shown by ACTUAL_START_DATE? I have a problem regarding sorting in Splunk. I want to make automated reports and I want to sort in a calendar the a... by theodorel Engager in Splunk Search 08-28-2019 0 2	0	2
Eval total duration in minutes i've created a table from a project run that displays the time a run started, ended and what time files have been cre... by lavster Path Finder in Splunk Search 08-28-2019 0 2	0	2
how to replace \ with \\ in eval statement i expect var1="d:\test\data.csv" but i got it shows mismatch or missing closing parenthesis var="d:\test\data.csv... by reney44 Engager in Splunk Search 08-28-2019 0 2	0	2
count condition I'm having trouble writing a search statement that sets the count to 0 when the service is normally. This is my data... by subachu New Member in Splunk Search 08-27-2019 0 4	0	4
What are the differences between append, appendcols, and join search commands? Hello all, I need to know all differences between append, appendcols, and join when being used with pipe while searc... by Amirahussein Path Finder in Splunk Search 08-27-2019 5 2	5	2
How to create a DNS regex for our sample DNS logs to make them more meaningful? HI Experts, I am a fresh guy in SPLUNK Searching. Recently, my team leader needed us to create a DNS regex and make ... by jackywsy Explorer in Splunk Search 08-27-2019 0 4	0	4
Active Directory DNS debug logs extract domain name props.conf [win_dns] SEDCMD-win_dns = s/(\d+)/./g SEDCMD-domainname = s/(\(\d\))/./g EXTRACT-dns_name = (?i)] \w+\s+(... by splunkranger Path Finder in Splunk Search 08-27-2019 0 7	0	7
How to field extract one or more times to the same field? I am using a CDN and have obtained my DNS logs. Some of the DNS logs have multiple values for the field response ID ... by DEAD_BEEF Builder in Splunk Search 08-27-2019 0 1	0	1
Add To Search Returns No Results I have an index in Splunk enterprise named "my_index". When I search for data using index="my_index" for the last 24 ... by lynmar Explorer in Splunk Search 08-27-2019 0 5	0	5
How to use a table as input for a new search Hi all. I'm trying to write a search that will list users with more than 5 failed logins in the past 8 hours and the... by bobstoll New Member in Splunk Search 08-27-2019 0 1	0	1
Track License Usage Cumulatively, Comparing Last 7 Days I would like to chart license usage throughout the day cumulatively, meaning, the results are added and charts every ... by aferone Builder in Splunk Search 08-27-2019 0 8	0	8