Splunk Search

Community Activity

Regex not working for multiline events Hi, My logs look like this ... AS RAW TEXT: {"timestamp":"2019-08-08 10:23:38.320","level":"INFO","thread":"task-s... by namrithadeepak Path Finder in Splunk Search 08-11-2019 0 3	0	3
Using field of a search in other search I am trying to use a field of a Index1 in Index2 to search for status of Correlation ID, but it is not working as exp... by bsaujla131984 Path Finder in Splunk Search 08-11-2019 0 2	0	2
Column chart color change if threshold is hit Currently, i have a column chart with the default color blue. I want these default color to change if a certain count... by newbie09 Explorer in Splunk Search 08-11-2019 0 14	0	14
How to add another column which shows TRUE/False based on row values HI all, Could anyone help me to add another column which shows true/false based on values on the other 3 rows. When a... by vinaykataaig Explorer in Splunk Search 08-10-2019 0 1	0	1
In a distributed search environment, how to find out from which location it reading the configuration file of distsearch.conf ? Hi All, Please let me know how to find out from which location splunk is reading the configuration file of distsearch... by Hemnaath Motivator in Splunk Search 08-09-2019 0 5	0	5
Help with field extraction for specific start line for log Trying to extract the value of the 1st WORD in line 3 of each log (i.e. FAILURE or SUCCESS) and put that into a field... by joesrepsolc Communicator in Splunk Search 08-09-2019 0 9	0	9
What is this Where clause by time doing? Is this requesting all the records, from 3 minutes ago? index="my_index" source="bandstats" recordType="core" ... by wrussell12 Explorer in Splunk Search 08-09-2019 0 3	0	3
How to find the duration for order submission to each suborder process. I am working for a product where I will have one order number, it has multiple suborders. Once each suborder processe... by ravi08402 New Member in Splunk Search 08-09-2019 0 6	0	6
How do I divide a columns number by two? The code belows displays a column showing the amount of times the string "GetPolicy.doPost(56)" occurs. I want to div... by elijahm Explorer in Splunk Search 08-09-2019 0 1	0	1
S2: Receiving search error message My customers are getting error below for their searches; [splunk-idx-1] Streamed search execute failed because: Err... by sylim_splunk Splunk Employee in Splunk Search 08-09-2019 2 1	2	1
Need assist with regex for extractions I am trying to get some name space information from the clients inputs. the value I want is namespaceName. I am unf... by nls7010 Path Finder in Splunk Search 08-09-2019 0 8	0	8
How do you compare multiple events to filter out the same host with different field values? I have alert logs coming in from an AV tool and when a tech is working on an alert assigned it to themselves, it gene... by RyanDonnelly22 Explorer in Splunk Search 08-09-2019 0 4	0	4
Can I use the same search but divide the results of one time frame with another? How can I use the same search to divide the results of a specific time frame with the total daily sum to get a percen... by mcram52 New Member in Splunk Search 08-09-2019 0 1	0	1
How to extract only the first three octets of the IP address instead of the whole address? I have the below command to extract the top 100 IP addresses. How can I modify the search to extract only the first ... by samble Path Finder in Splunk Search 08-09-2019 0 5	0	5
Search for daily indexing rate per sourcetype and list the specific indexes Hello all, I just came onto a new job and we're trying to figure out the daily indexing rate broken down by sourcety... by mpham07 Path Finder in Splunk Search 08-09-2019 0 2	0	2
ldap seach with a wildcard I have a search below that works fine, but I would like to add a wildcard to it. This search works \| ldapsearch doma... by chadman Path Finder in Splunk Search 08-09-2019 0 8	0	8
How to read and write data to CSV lookup? Hi, I must write and read data from lookup files. Example: cn,srcip,destip,owner "Canada","207.188.75.136","192.1.1... by sbimizry Engager in Splunk Search 08-09-2019 0 3	0	3
Splunk rex field extraction issue Hi Guys, I have to extract one field from the below log and i tried this regex in https://rubular.com/ "(?<... by dineshCool New Member in Splunk Search 08-09-2019 0 1	0	1
Timechart duration, with values rolling into next span I am running the below search to get a sum of starvation per 15 minute period. The problem I am having, is that durat... by ALXWBR Path Finder in Splunk Search 08-09-2019 0 17	0	17
intermediate storing of the results Hello, I have a dbxquery, that returns a table, where I am interested in one column, let us say c1. Then in my searc... by damucka Builder in Splunk Search 08-09-2019 0 4	0	4
How to configure indexer, search head, deployment Hello, I am new to splunk and learning it . My question is when we install splunk what are things to be done if need... by funlearning321 New Member in Splunk Search 08-08-2019 0 3	0	3
Optimize Nested Search This search is slow (our dns logs are large). index=winlogs sourcetype=dns \| eval dottedquestion=replace(replace(que... by antb Path Finder in Splunk Search 08-08-2019 0 4	0	4
How to group a list per Index/object? Hi, I would like to ask for help in grouping a list per Index/object. I have tried using tables but the values are ... by yomixxxmx New Member in Splunk Search 08-08-2019 0 6	0	6
Get the roles from rest API and set to field in search I need to get the roles assigned to current logged in user and set the value to filed in search. Anybody has any ide... by bhupalbobbadi Path Finder in Splunk Search 08-08-2019 0 4	0	4
Compare Current Field Value to 24 Hour Average So I am currently trying to compare the average value of a field is using 7 days of events to what the value is curre... by mcg_connor Path Finder in Splunk Search 08-08-2019 0 2	0	2