Splunk Search

Community Activity

what is the best way to enrich events from another search? I have two data sources Source A time action src_ip session user - "action" varies between (logon, logoff and relog... by pwild_splunk Splunk Employee in Splunk Search 08-15-2019 1 4	1	4
chart over multiple counts of string values - single row the events data set looks like this: 2:05:34.067 PM 3DS: auth_validate_success Proceeding with payment authorization... by jerrysplunk88 Explorer in Splunk Search 08-15-2019 0 1	0	1
How to split field into multiple fields for comparison Hello, need help from the experts. My search results (_raw) is this: Event 1 minute ago, vmrit-c4ca0001.lm.lmig... by owie6466 Explorer in Splunk Search 08-15-2019 0 12	0	12
[Search & Reporting] Coodinates Hi, I have a fleet of scotter who are geolocated. My sourcetype is like this: 20190101150909 49.86587 2.32952 NGQ 201... by oxthon New Member in Splunk Search 08-15-2019 0 1	0	1
Splunk extract exact match for a customer name Here is my splunk log line {"line":"2019-08-15T17:48:28.935Z LCS {\"configName\":\"Apple-SQS\",\"customerName\":\"Ap... by balash1979 Path Finder in Splunk Search 08-15-2019 0 2	0	2
distinct first n characters of string Lets say .. My result would produce a.log a.log.1 a.log.2 a.log.3 b.log b.log.1 b.log.2 b.log.3 c.log c.log.1 c.log... by reverse Contributor in Splunk Search 08-15-2019 0 6	0	6
search in the training does not return any results Hi I started the Fundamentals 1 training a couple a weeks ago. I had to stop until today. So I started up by reviewi... by jgmit New Member in Splunk Search 08-15-2019 0 7	0	7
Timechart bug. index="iedss_was_prd" OR index=iedss_mule_prd \| rex field=source "(?P<logType>[^\\\]+)$" \| eval raw_len=len(_raw) ... by reverse Contributor in Splunk Search 08-15-2019 0 13	0	13
Modifying Splunk query to include multiple host from Production and DR app servers without duplicating data I have a dashboard prepared in Splunk Enterprise for Production where input data is coming from one of my application... by kapiljagdishwal New Member in Splunk Search 08-15-2019 0 5	0	5
Multivalued fields in a lookup file I have a csv file like : User_id,emails 375352,foo@foo.com foo@foo.ca foobar@foobar.co.uk 872352,toto@foo.com note: ... by lzaexpert Explorer in Splunk Search 08-15-2019 1 8	1	8
Why count searchmatch return double counts? the events data set looks like this: 2:05:34.067 PM 3DS: auth_validate_success Proceeding with payment authorizatio... by jerrysplunk88 Explorer in Splunk Search 08-15-2019 0 2	0	2
Calculate % of each field as ratio? I have the table: _time Ip_1 Ip_2 Ip_3 a 36 ... by Joycetran New Member in Splunk Search 08-15-2019 0 2	0	2
Using lookup table matches to limit Web datamodel results I have created a lookup table which contains iocs, a subset of which are IPv4 addresses. I am trying to use events f... by adamblock2 Path Finder in Splunk Search 08-15-2019 0 1	0	1
Search criterial I have a search that takes logs from an SSL vpn and shows me failures what I would like to do is put a time frame in ... by andy_macn New Member in Splunk Search 08-15-2019 0 1	0	1
splunk query with sub search not returning the desired results Query is: index=xyz source ="File1.log" [ search index=xyz source="File2.log" search_input \| rex ".]*Rpc id :(?[0-9][... by vivek991985 New Member in Splunk Search 08-15-2019 0 3	0	3
UNIX CPU data extraction for multiple hosts Hello, Am trying to extract UNIX CPU data core wise for multiple hosts, Am using the below query for extract, sourc... by johnsasikumar Path Finder in Splunk Search 08-15-2019 0 6	0	6
Apply Field Extraction to similar sourcetypes but named slightly differant Hi, I need to apply field extractions across multiply files. They are the same type files but slighly labled differ... by jason_perkins New Member in Splunk Search 08-15-2019 0 1	0	1
Need to match the right Regex Need your help matching the next line of agent occurence timestamp. Example captured in link below link text Below ... by rajaguru2790 Explorer in Splunk Search 08-15-2019 0 7	0	7
Regex is correct but splunk throws error For the following log, I would like to filter by a string. I would have to extract the string using regex. traceId=x... by amunag439 Explorer in Splunk Search 08-14-2019 0 2	0	2
Summing up rows My search result is Date a.log a.log.1 a.log.2 b.log b.log.1 b.log.2 8/1 4 3 4 5 6 ... by reverse Contributor in Splunk Search 08-14-2019 0 9	0	9
How to identify slowest traffic on a host I have 10 servers for my X applications. Sometime 1 or 2 servers will start to take 10% (or < 25%) where other 8 ser... by manapuna New Member in Splunk Search 08-14-2019 0 4	0	4
Regex in regex101, is not working in splunk . HI , I want to extract serialNumber value from the logs. Below is the sample logger \"serialNumber\" : \"A1BZD2C5HD... by jagdeepgupta813 Explorer in Splunk Search 08-14-2019 0 16	0	16
how to get a time chart for the queuedepth for a given queue name I need to get a timechart for the data define by the search query sourcetype=bsgmc tranStatus="'ENTER'" \| stats co... by dhirajsir New Member in Splunk Search 08-14-2019 0 2	0	2
Limit search results to items from lookup table I have a lookup table which includes a list of IP addresses (field name = ip). I am trying to compose a search which ... by yemyslf Path Finder in Splunk Search 08-14-2019 0 6	0	6
Can I disable field extractions? If I look at Settings > Fields > Field extractions, it looks like there's a Status for "enabled/disabled." Is it poss... by mbavlsik Engager in Splunk Search 08-14-2019 1 1	1	1