Splunk Search

Community Activity

How to extract a string from a particular XML tags with regular expression? Dear Experts , Need your help with regular expression. I have an XML tag in the field f. I would like to extract all... by kirangurram Explorer in Splunk Search 06-24-2019 0 5	0	5
How to find delta between two tables? Hello, I am trying to find the delta between two tables, but somehow failing with it. My code is as follows: \| ta... by damucka Builder in Splunk Search 06-24-2019 0 1	0	1
Correlation rule for Nessus Vulnerability scanner and IDS alerts Does anyone has created any correlation rule between Nessus Vulnerability scanner and Paloalto IDS. We are getting d... by spectrum2035 Explorer in Splunk Search 06-24-2019 0 1	0	1
eval,replace & table query based on token I have a token team_name = "Brenden team, walt, Paul " I want to replace "Brenden team" with his team members details... by poorni_p Explorer in Splunk Search 06-24-2019 0 1	0	1
How to replace the string with the other string in a token? I have a multiselect fied with $team_name$ with Team A, Team B, Team C fields If I select Team A and Team B in multi... by poorni_p Explorer in Splunk Search 06-24-2019 0 1	0	1
Does anyone have an example of a custom alert action script that uses a bash script? All the ones I ever see is Python. I need one that uses a bash script. by gregbo Communicator in Splunk Search 06-24-2019 0 1	0	1
How to find top 20 results and then do a subsequent search? I need to find out the Top 20 sites within my sourcetype and then from there be able to do further analysis on other ... by jackreeves Explorer in Splunk Search 06-24-2019 0 5	0	5
How to extract a field that returns after a line_breaker Hello, We are trying to split a nested json message into seperated events. As we not wish to use the spath function... by jorambokma Explorer in Splunk Search 06-24-2019 0 4	0	4
Adding Color as a 4th Dimension to Bubble Chart Hi; I'm messing around with the new Bubble Chart Feature and it is almost doing everything I want but coloring. Here... by tdiestel Path Finder in Splunk Search 06-23-2019 2 2	2	2
Find orphaned transactions in a series I have the data in the following format Msg Id Event Timestamp ( Format Example) 123 A 24/06/2019 10:02 123 B ... by madisand New Member in Splunk Search 06-23-2019 0 0	0	0
How to create a regex to match URL ending with file extension to detect file downloads? I am trying to write a regex which will detect/match URLs ending with 2, 3 & 4 letter file extensions (eg - .py, .txt... by jkumarr2 New Member in Splunk Search 06-23-2019 0 3	0	3
How to create Splunk Alert based on custom condition? New to Splunk, can anyone please help me with the below scenario? I am receiving events like below: Event LastUp... by nilanjankc New Member in Splunk Search 06-23-2019 0 2	0	2
How to increase elastic search timeout? Sometimes my search gets fail and unable to fetch data because of below error: ConnectionTimeout at "/opt/splunk/et... by ahmadsaadwarrai Explorer in Splunk Search 06-23-2019 0 3	0	3
How to get an alert if the specific search takes more than 10 min? Ex: "Acquired" is a keyword. This keyword is getting for every minute. I have to get alert if this keyword is not g... by prerana_jain Explorer in Splunk Search 06-23-2019 0 2	0	2
How do I export extracted fields for use in another app? I am creating two apps that use the same data (weird,I know, but I am testing something in my environment). I've buil... by adamfrisbee Explorer in Splunk Search 06-23-2019 0 1	0	1
How to create a search that lists all fields? (and data validation question) Hi, I am looking to create a search that allows me to get a list of all fields in addition to below: \| tstats count ... by mbasharat Builder in Splunk Search 06-22-2019 0 4	0	4
How to create a search for Server Uptime for Windows & Linux in Splunk? I need a Splunk search for finding server uptime for Windows and Linux index= linux sourcetype=cpu by PRASADNALLIBOEN New Member in Splunk Search 06-22-2019 0 2	0	2
How to correlate events from three sources based on time condition I have one index which have events from 3 different sources (A, B & C). The value of CELL, CALLERNO & CALLEDNO are th... by spnewashik New Member in Splunk Search 06-22-2019 0 4	0	4
How to create a search based on multi-value fields I am new to Splunk, currently working on a Shift roster. There are 3 teams and 3 members in each team(totally 9 membe... by poorni_p Explorer in Splunk Search 06-22-2019 0 2	0	2
How to configure source_type to regex value? I'm using a Universal Forwarder and want Splunk to return source_type as what's defined for source within the monitor... by psyched4splunk Explorer in Splunk Search 06-22-2019 0 5	0	5
API: How to specify returning dates with a UTC or GMT offset rather than a CDT time zone? How can I specify Splunk to return dates with a UTC or GMT offset rather than a time zone abbreviation? Right now I g... by artrune Path Finder in Splunk Search 06-21-2019 0 3	0	3
How to multiply column values? The way I do this in excel is by using the formula "=PRODUCT(C2C3C4*C5)" How can I do that in Splunk? Ideally, I ... by rslama Path Finder in Splunk Search 06-21-2019 0 3	0	3
Is there a way to add an extra row based on a pre-defined list of stores if the stores don't exist in the search results? I've searched around and I've been having a hard time finding an answer to this probably due to how I'm phrasing the ... by wesbrowntech Engager in Splunk Search 06-21-2019 0 2	0	2
How to calculate HTTP throughput in GB and average HTTP throughput in KBits/Sec? How do you calculate HTTP Throughput in GB and Average HTTP Throughput in KBits/Sec? by kp5116 New Member in Splunk Search 06-21-2019 0 5	0	5
Search average for time-taken field Hi, I have a log file that has a field called "TimeTaken". The values of this field are in the format: 00:01:27.763 ... by salles Loves-to-Learn Lots in Splunk Search 06-21-2019 0 3	0	3