Splunk Search

Community Activity

How to do a field extraction on userid? I have an event as below: 2019-07-05 14:00:14 CDT d453bce1-aa68-4674-988e-ed6ab174a1d4 out: ID-sample.sample.com-156... by mbasharat Builder in Splunk Search 07-05-2019 0 3	0	3
Drop a host from search if the destination (multi value field) matches external IP I need help on splunk search for the below condition, The scenario here is like i need to generate a report on hosts... by CryoHydra Path Finder in Splunk Search 07-05-2019 0 4	0	4
multiple subsearch issue HI , I have an urgent issue please help I want to generate a scheduled alert at every 30 minutes, which will have the... by ajitshukla61116 Path Finder in Splunk Search 07-05-2019 0 6	0	6
How to generate a search for url's accessed by user I have many URI's and a user field available and want to count the times URI has been accessed by user. Like: URI ... by rashi83 Path Finder in Splunk Search 07-05-2019 0 1	0	1
Regex from variable I would like to store a regex pattern in a variable and use it to extract data. I've seen lots of similar questions ... by bobweinerjr Explorer in Splunk Search 07-05-2019 0 11	0	11
help on a field rename in a subsearch hi I use the subsearch below in order to match host in host.csv with host in the index But in the index, the host fi... by jip31 Motivator in Splunk Search 07-05-2019 0 4	0	4
How to import std::chrono::system_clock::now().time_since_epoch().count() as timestamp Hello  I have an application that uses std::chrono::system_clock::now().time_since_epoch().count() as timestamp. The... by panharry New Member in Splunk Search 07-05-2019 0 3	0	3
How to chart multiple fields by date? Although I get a lot of hits for these keywords, I'm not having much luck finding a solution. Have tried timechart a... by RB5 Path Finder in Splunk Search 07-04-2019 1 3	1	3
How to define a start time for a search based on log message Greetings, Still confused with Splunk. How do I specify start point to start searching from - for this applicati... by dowdag Engager in Splunk Search 07-04-2019 0 6	0	6
Brief explaination about valuesetter Guys, what is valueSetter? how does it work? why we need it? by jasklee Engager in Splunk Search 07-04-2019 0 2	0	2
How to show table result in one page/ table modification Hi all, I have a table with one column, in this example the column has too many results causing the table to have a ... by mjlsnombrado Communicator in Splunk Search 07-04-2019 0 5	0	5
Splunk - excluding fields which contain certain values I want to exclude events within my search which have a field (Message) which may contain certain values; so my Searc... by nickhaj New Member in Splunk Search 07-04-2019 0 4	0	4
Splunk to split 1 json entry with multiple event times into multiple entries with multiple event times Hi Splunk community My data in json format has 1 entry in Splunk that contain 1 event size and 1 event time for the... by sssignals Path Finder in Splunk Search 07-04-2019 0 1	0	1
Help with subsearch that isn't working I have this search "1" : [index=br_activedirectory_microsoft EventCode=4624 Account_Domain=AGBANESPA Account_Name=A... by lucasdc New Member in Splunk Search 07-04-2019 0 3	0	3
What determines the available roles to assign permissions on owned KO's by non-admin users I want certain non-admin users to be able to assign r/w permissions for other roles on knowledge objects the own. The... by jthunnissen Path Finder in Splunk Search 07-04-2019 0 0	0	0
help me to understand regex and delimiter i can't understand when to use regex and when to use delimiter -Regex Use this option when your event contains unstr... by mkhedr Explorer in Splunk Search 07-04-2019 0 2	0	2
Plot Values by Time Hello, im having trouble getting timechart by value to give me any results. I have a data set that has a value for ea... by lavster Path Finder in Splunk Search 07-03-2019 0 4	0	4
_time is different than timestamp in events, searching by business hours I have events that with timestamp fields that look like this: date="6/21/2019 6:50:49 PM" How do I change my searc... by brandonbachman Engager in Splunk Search 07-03-2019 0 1	0	1
Regex in props.conf doesn't work Our application logs events to the Windows application events with custom SourceNames. Need help to extract the fiel... by nmohammed Builder in Splunk Search 07-03-2019 0 2	0	2
Timechart a dataset of weekly averages I have a dataset with some data points from a report I made; week end date(MM/DD/YYYY), host, user action, and averag... by aohls Contributor in Splunk Search 07-03-2019 0 4	0	4
How to calculate Max, Min, Avg for duration of a transaction? I'm calculating the time difference between two events by using Transaction and Duration. Below is the query that I u... by amunag439 Explorer in Splunk Search 07-03-2019 0 2	0	2
Extracting values for table I have events in my logs that look like { linesPerSec: 1694.67 message: Status: rowCou... by reinharn Explorer in Splunk Search 07-03-2019 0 8	0	8
How to extract nested JSON and display JsonObject in a table? My sample event looks like below: { "thread": "http-nio-8085-exec-1", "level": "INFO", "loggerName": "IN... by Dhanapathi New Member in Splunk Search 07-03-2019 0 8	0	8
lookup csv file good morning , i have some issues on splunk now if some one can help me ; the is a discription of my csv : \|Hostname... by kacel New Member in Splunk Search 07-03-2019 0 7	0	7
Timechart with different bar color My splunk query is index=abc "Server started successfully" OR "Get Operation" OR "POST operation" OR "Error occurr... by pankajad Explorer in Splunk Search 07-03-2019 0 1	0	1