Splunk Search

Community Activity

How to count distinct IPs from a given country I am trying to parse a syslog input to count the number of distinct IPs for a given country. My search string is i... by mlines333 New Member in Splunk Search 08-12-2019 0 1	0	1
How to list of search results with a value > X in a specific search field Hello, I have the following field:= message.msg: msg: before send to xxx, payload = {"id":"abc123","userId":1,"curr... by alysea New Member in Splunk Search 08-12-2019 0 5	0	5
Error in 'DataModelCache': Invalid or unaccelerable root object for datamodel Hi Champs, I am getting below error when I run below tstats command. My datamodel is just a search query with multi... by nareshinsvu Builder in Splunk Search 08-11-2019 0 3	0	3
At which layer lookup works? Hi There, Could anyone help me understand at which Splunk layer lookup works, I mean at input layer, indexer layer or... by rajeev_ku Path Finder in Splunk Search 08-11-2019 0 2	0	2
How to create a bar chart that will stack values of given max value Hi, I want to create a bar chart that will stack values of given max value. So the max value will be the max value... by limjophilip New Member in Splunk Search 08-11-2019 0 9	0	9
Regex not working for multiline events Hi, My logs look like this ... AS RAW TEXT: {"timestamp":"2019-08-08 10:23:38.320","level":"INFO","thread":"task-s... by namrithadeepak Path Finder in Splunk Search 08-11-2019 0 3	0	3
Using field of a search in other search I am trying to use a field of a Index1 in Index2 to search for status of Correlation ID, but it is not working as exp... by bsaujla131984 Path Finder in Splunk Search 08-11-2019 0 2	0	2
Column chart color change if threshold is hit Currently, i have a column chart with the default color blue. I want these default color to change if a certain count... by newbie09 Explorer in Splunk Search 08-11-2019 0 14	0	14
How to add another column which shows TRUE/False based on row values HI all, Could anyone help me to add another column which shows true/false based on values on the other 3 rows. When a... by vinaykataaig Explorer in Splunk Search 08-10-2019 0 1	0	1
In a distributed search environment, how to find out from which location it reading the configuration file of distsearch.conf ? Hi All, Please let me know how to find out from which location splunk is reading the configuration file of distsearch... by Hemnaath Motivator in Splunk Search 08-09-2019 0 5	0	5
Help with field extraction for specific start line for log Trying to extract the value of the 1st WORD in line 3 of each log (i.e. FAILURE or SUCCESS) and put that into a field... by joesrepsolc Communicator in Splunk Search 08-09-2019 0 9	0	9
What is this Where clause by time doing? Is this requesting all the records, from 3 minutes ago? index="my_index" source="bandstats" recordType="core" ... by wrussell12 Explorer in Splunk Search 08-09-2019 0 3	0	3
How to find the duration for order submission to each suborder process. I am working for a product where I will have one order number, it has multiple suborders. Once each suborder processe... by ravi08402 New Member in Splunk Search 08-09-2019 0 6	0	6
How do I divide a columns number by two? The code belows displays a column showing the amount of times the string "GetPolicy.doPost(56)" occurs. I want to div... by elijahm Explorer in Splunk Search 08-09-2019 0 1	0	1
S2: Receiving search error message My customers are getting error below for their searches; [splunk-idx-1] Streamed search execute failed because: Err... by sylim_splunk Splunk Employee in Splunk Search 08-09-2019 2 1	2	1
Need assist with regex for extractions I am trying to get some name space information from the clients inputs. the value I want is namespaceName. I am unf... by nls7010 Path Finder in Splunk Search 08-09-2019 0 8	0	8
How do you compare multiple events to filter out the same host with different field values? I have alert logs coming in from an AV tool and when a tech is working on an alert assigned it to themselves, it gene... by RyanDonnelly22 Explorer in Splunk Search 08-09-2019 0 4	0	4
Can I use the same search but divide the results of one time frame with another? How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percen... by mcram52 New Member in Splunk Search 08-09-2019 0 1	0	1
How to extract only the first three octets of the IP address instead of the whole address? I have the below command to extract the top 100 IP addresses. How can I modify the search to extract only the first ... by samble Path Finder in Splunk Search 08-09-2019 0 5	0	5
Search for daily indexing rate per sourcetype and list the specific indexes Hello all, I just came onto a new job and we're trying to figure out the daily indexing rate broken down by sourcety... by mpham07 Path Finder in Splunk Search 08-09-2019 0 2	0	2
ldap seach with a wildcard I have a search below that works fine, but I would like to add a wildcard to it. This search works \| ldapsearch doma... by chadman Path Finder in Splunk Search 08-09-2019 0 8	0	8
How to read and write data to CSV lookup? Hi, I must write and read data from lookup files. Example: cn,srcip,destip,owner "Canada","207.188.75.136","192.1.1... by sbimizry Engager in Splunk Search 08-09-2019 0 3	0	3
Splunk rex field extraction issue Hi Guys, I have to extract one field from the below log and i tried this regex in https://rubular.com/ "(?<... by dineshCool New Member in Splunk Search 08-09-2019 0 1	0	1
Timechart duration, with values rolling into next span I am running the below search to get a sum of starvation per 15 minute period. The problem I am having, is that durat... by ALXWBR Path Finder in Splunk Search 08-09-2019 0 17	0	17
intermediate storing of the results Hello, I have a dbxquery, that returns a table, where I am interested in one column, let us say c1. Then in my searc... by damucka Builder in Splunk Search 08-09-2019 0 4	0	4