Splunk Search

Community Activity

Timechart bug. index="iedss_was_prd" OR index=iedss_mule_prd \| rex field=source "(?P<logType>[^\\\]+)$" \| eval raw_len=len(_raw) ... by reverse Contributor in Splunk Search 08-15-2019 0 13	0	13
Modifying Splunk query to include multiple host from Production and DR app servers without duplicating data I have a dashboard prepared in Splunk Enterprise for Production where input data is coming from one of my application... by kapiljagdishwal New Member in Splunk Search 08-15-2019 0 5	0	5
Multivalued fields in a lookup file I have a csv file like : User_id,emails 375352,foo@foo.com foo@foo.ca foobar@foobar.co.uk 872352,toto@foo.com note: ... by lzaexpert Explorer in Splunk Search 08-15-2019 1 8	1	8
Why count searchmatch return double counts? the events data set looks like this: 2:05:34.067 PM 3DS: auth_validate_success Proceeding with payment authorizatio... by jerrysplunk88 Explorer in Splunk Search 08-15-2019 0 2	0	2
Calculate % of each field as ratio? I have the table: _time Ip_1 Ip_2 Ip_3 a 36 ... by Joycetran New Member in Splunk Search 08-15-2019 0 2	0	2
Using lookup table matches to limit Web datamodel results I have created a lookup table which contains iocs, a subset of which are IPv4 addresses. I am trying to use events f... by adamblock2 Path Finder in Splunk Search 08-15-2019 0 1	0	1
Search criterial I have a search that takes logs from an SSL vpn and shows me failures what I would like to do is put a time frame in ... by andy_macn New Member in Splunk Search 08-15-2019 0 1	0	1
splunk query with sub search not returning the desired results Query is: index=xyz source ="File1.log" [ search index=xyz source="File2.log" search_input \| rex ".]*Rpc id :(?[0-9][... by vivek991985 New Member in Splunk Search 08-15-2019 0 3	0	3
UNIX CPU data extraction for multiple hosts Hello, Am trying to extract UNIX CPU data core wise for multiple hosts, Am using the below query for extract, sourc... by johnsasikumar Path Finder in Splunk Search 08-15-2019 0 6	0	6
Apply Field Extraction to similar sourcetypes but named slightly differant Hi, I need to apply field extractions across multiply files. They are the same type files but slighly labled differ... by jason_perkins New Member in Splunk Search 08-15-2019 0 1	0	1
Need to match the right Regex Need your help matching the next line of agent occurence timestamp. Example captured in link below link text Below ... by rajaguru2790 Explorer in Splunk Search 08-15-2019 0 7	0	7
Regex is correct but splunk throws error For the following log, I would like to filter by a string. I would have to extract the string using regex. traceId=x... by amunag439 Explorer in Splunk Search 08-14-2019 0 2	0	2
Summing up rows My search result is Date a.log a.log.1 a.log.2 b.log b.log.1 b.log.2 8/1 4 3 4 5 6 ... by reverse Contributor in Splunk Search 08-14-2019 0 9	0	9
How to identify slowest traffic on a host I have 10 servers for my X applications. Sometime 1 or 2 servers will start to take 10% (or < 25%) where other 8 ser... by manapuna New Member in Splunk Search 08-14-2019 0 4	0	4
Regex in regex101, is not working in splunk . HI , I want to extract serialNumber value from the logs. Below is the sample logger \"serialNumber\" : \"A1BZD2C5HD... by jagdeepgupta813 Explorer in Splunk Search 08-14-2019 0 16	0	16
how to get a time chart for the queuedepth for a given queue name I need to get a timechart for the data define by the search query sourcetype=bsgmc tranStatus="'ENTER'" \| stats co... by dhirajsir New Member in Splunk Search 08-14-2019 0 2	0	2
Limit search results to items from lookup table I have a lookup table which includes a list of IP addresses (field name = ip). I am trying to compose a search which ... by yemyslf Path Finder in Splunk Search 08-14-2019 0 6	0	6
Can I disable field extractions? If I look at Settings > Fields > Field extractions, it looks like there's a Status for "enabled/disabled." Is it poss... by mbavlsik Engager in Splunk Search 08-14-2019 1 1	1	1
Why are we getting excessive number of alerts? We have an All time (real time) alert which produced 315 alerts in the first eight hours of the day. When running th... by danielbb Motivator in Splunk Search 08-14-2019 0 22	0	22
Why is sub-search getting auto-finalized after 60 seconds and triggering false alerts Hi, I have the below search query to monitor the process/instances running on our servers and the sub-search within ... by shashank8 Engager in Splunk Search 08-14-2019 0 9	0	9
Splunk Query - How to create a table from event I'm quite new to Splunk and currently am trying to do a simple with Splunk using syslog. I have a firepower syslog wh... by pclooi New Member in Splunk Search 08-14-2019 0 3	0	3
Multiple Events - Looking for Matching Data I would like to show a count for every time I get a "burst" of similar events. This would be defined as more than on... by jon0149 New Member in Splunk Search 08-14-2019 0 1	0	1
How to use subsearch results as values in a different field of parent search? Hello, I am working with Windows event logs in Splunk. Specifically, process execution (EventCode 4688) logs. I hav... by frbuser Path Finder in Splunk Search 08-14-2019 0 4	0	4
Field Extractions Not working in Splunk Cloud Hi Team, We have few aplication logs which are getting captured from Microsoft Storage Blobs using Microsoft Splunk ... by anandhalagarasa Path Finder in Splunk Search 08-14-2019 0 5	0	5
Regex for looking at executables in a specific folder Hi All, I am trying to create a search that will parse our endpoint logs for any executable that have been run from ... by tbradsher86 Engager in Splunk Search 08-14-2019 0 5	0	5