Splunk Search

Community Activity

Search criterial I have a search that takes logs from an SSL vpn and shows me failures what I would like to do is put a time frame in ... by andy_macn New Member in Splunk Search 08-15-2019 0 1	0	1
splunk query with sub search not returning the desired results Query is: index=xyz source ="File1.log" [ search index=xyz source="File2.log" search_input \| rex ".]*Rpc id :(?[0-9][... by vivek991985 New Member in Splunk Search 08-15-2019 0 3	0	3
UNIX CPU data extraction for multiple hosts Hello, Am trying to extract UNIX CPU data core wise for multiple hosts, Am using the below query for extract, sourc... by johnsasikumar Path Finder in Splunk Search 08-15-2019 0 6	0	6
Apply Field Extraction to similar sourcetypes but named slightly differant Hi, I need to apply field extractions across multiply files. They are the same type files but slighly labled differ... by jason_perkins New Member in Splunk Search 08-15-2019 0 1	0	1
Need to match the right Regex Need your help matching the next line of agent occurence timestamp. Example captured in link below link text Below ... by rajaguru2790 Explorer in Splunk Search 08-15-2019 0 7	0	7
Regex is correct but splunk throws error For the following log, I would like to filter by a string. I would have to extract the string using regex. traceId=x... by amunag439 Explorer in Splunk Search 08-14-2019 0 2	0	2
Summing up rows My search result is Date a.log a.log.1 a.log.2 b.log b.log.1 b.log.2 8/1 4 3 4 5 6 ... by reverse Contributor in Splunk Search 08-14-2019 0 9	0	9
How to identify slowest traffic on a host I have 10 servers for my X applications. Sometime 1 or 2 servers will start to take 10% (or < 25%) where other 8 ser... by manapuna New Member in Splunk Search 08-14-2019 0 4	0	4
Regex in regex101, is not working in splunk . HI , I want to extract serialNumber value from the logs. Below is the sample logger \"serialNumber\" : \"A1BZD2C5HD... by jagdeepgupta813 Explorer in Splunk Search 08-14-2019 0 16	0	16
how to get a time chart for the queuedepth for a given queue name I need to get a timechart for the data define by the search query sourcetype=bsgmc tranStatus="'ENTER'" \| stats co... by dhirajsir New Member in Splunk Search 08-14-2019 0 2	0	2
Limit search results to items from lookup table I have a lookup table which includes a list of IP addresses (field name = ip). I am trying to compose a search which ... by yemyslf Path Finder in Splunk Search 08-14-2019 0 6	0	6
Can I disable field extractions? If I look at Settings > Fields > Field extractions, it looks like there's a Status for "enabled/disabled." Is it poss... by mbavlsik Engager in Splunk Search 08-14-2019 1 1	1	1
Why are we getting excessive number of alerts? We have an All time (real time) alert which produced 315 alerts in the first eight hours of the day. When running th... by danielbb Motivator in Splunk Search 08-14-2019 0 22	0	22
Why is sub-search getting auto-finalized after 60 seconds and triggering false alerts Hi, I have the below search query to monitor the process/instances running on our servers and the sub-search within ... by shashank8 Engager in Splunk Search 08-14-2019 0 9	0	9
Splunk Query - How to create a table from event I'm quite new to Splunk and currently am trying to do a simple with Splunk using syslog. I have a firepower syslog wh... by pclooi New Member in Splunk Search 08-14-2019 0 3	0	3
Multiple Events - Looking for Matching Data I would like to show a count for every time I get a "burst" of similar events. This would be defined as more than on... by jon0149 New Member in Splunk Search 08-14-2019 0 1	0	1
How to use subsearch results as values in a different field of parent search? Hello, I am working with Windows event logs in Splunk. Specifically, process execution (EventCode 4688) logs. I hav... by frbuser Path Finder in Splunk Search 08-14-2019 0 4	0	4
Field Extractions Not working in Splunk Cloud Hi Team, We have few aplication logs which are getting captured from Microsoft Storage Blobs using Microsoft Splunk ... by anandhalagarasa Path Finder in Splunk Search 08-14-2019 0 5	0	5
Regex for looking at executables in a specific folder Hi All, I am trying to create a search that will parse our endpoint logs for any executable that have been run from ... by tbradsher86 Engager in Splunk Search 08-14-2019 0 5	0	5
Splunk has not returned event in the result two weeks ago but now returns it. How is that possible? Hello I have a saved search that is running every month at 1st day. The search is not new and has been working a long... by net1993 Path Finder in Splunk Search 08-14-2019 0 0	0	0
Handle different search results as one by analysing the percentage match Hi Community, i have a search which shows me all PHP-Errors in the configured timespan. Now i want so sort this resu... by mmsbswe Engager in Splunk Search 08-14-2019 0 2	0	2
Automatic key-value field extraction does not handle special characters ? Hello, Here is the raw text of my event. {"country_code":"FR","currency":"EUR","reseller":"Franc\u00e9 Loisirs"} ... by juleserror Engager in Splunk Search 08-14-2019 0 1	0	1
How to assign value for any field as "0" when no events are there for the field? I have a below query. But the below is not giving results after the July 11 date because there are no events for the ... by abhi04 Communicator in Splunk Search 08-14-2019 0 5	0	5
help with eval if needed I have the following search: \|makeresults \| eval trigger=0\|eval decision=if(trigger==1, [ \| makeresults \|rename co... by damucka Builder in Splunk Search 08-14-2019 0 6	0	6
Help with custom search command (wait) needed Hello, I need to apply 60 sec delay between two SPL commands, which start and collect the DB trace per dbxquery. In... by damucka Builder in Splunk Search 08-13-2019 0 7	0	7