Splunk Search

Community Activity

timestamp lookahead Hello i have this event for example: $changeSystemTimeCmd 1533808153 -newTime 1533808153 -oldTime 1533808147 i ne... by sarit_s Communicator in Splunk Search 06-18-2019 0 5	0	5
How to extract values between two same characters using regex? How to extract the field values between two same characters. Event Axxtalled=xrxnx xx Client\;12.0.5294\;15.179... by rashid47010 Communicator in Splunk Search 06-18-2019 0 2	0	2
Help with concatenation needed Hello, I need to concatenate two variables including strings (e-mail lists) into one. the code I use for that is the... by damucka Builder in Splunk Search 06-18-2019 0 1	0	1
Calculating percentages over multiple counts I'm trying to get percentages based on the number of logs per table. I want the results to look like this: **Table ... by hduncan7 Engager in Splunk Search 06-18-2019 0 3	0	3
What is the keyboard shortcut for the Splunk 6.5.0 search bar formatting on a German keyboard? Hi forum, I'm currently searching for a way to use the new Splunk 6.5.0 feature "query formatting" on a German keybo... by schose Builder in Splunk Search 06-18-2019 4 19	4	19
How to convert rangemap results into icons? Hi, I am simply trying to convert my table results or numbers to icons. Here is my search command which gives me the... by jsmorgan1it New Member in Splunk Search 06-18-2019 0 1	0	1
The stats command collect data together if the value is the same Hello im running this query: ((index=ssys_internal_fdm OR index=other_fdm) AND sourcetype!=machine) source=* \| s... by sarit_s Communicator in Splunk Search 06-18-2019 0 2	0	2
What would be the best approach to write a regex for dynamic sourcetypes? We recently instrumented our OpenShift environment to index data into Splunk. I'm looking for the best approach for ... by fisuser1 Contributor in Splunk Search 06-17-2019 0 3	0	3
Root Can't Create /var/log files This is the first time this has come up: When running the following command as root: (10:07:49) root@servername:/op... by heats Explorer in Splunk Search 06-17-2019 0 4	0	4
Looking for better alternative to checking a windows service status and trigger on state change Using the windows Infrastructure TA I have the following snippet in my inputs.conf: [WinHostMon://service] type = se... by Esky73 Builder in Splunk Search 06-17-2019 1 16	1	16
How can I calculate data in sub groups? Hello all, I have a question regarding a calculation for the stock. My table has three coloums: ISIN, price and ti... by juliaester03 New Member in Splunk Search 06-17-2019 0 5	0	5
How to update/edit multiple fields in lookup without making duplicates rows? Hi ! I have this search: \| makeresults \| eval customField="$Soc3$" , soc3dField="$multi$" \| table customField soc3dF... by hketer Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract response time I am trying to create a graph with the top 10 longest response times by host. An example is: 200 0 0 78 Where the... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 2	0	2
Sorting TP Column by State BY Top 5 Count Base search AND "Return”="Finished” OR “body.message.Exit”=“Finished” “body.client.channel” IN (“CA”,“KY “,”NY “,”VA)... by tej8 New Member in Splunk Search 06-17-2019 0 3	0	3
Transaction duration not working as expected \| transaction CheckNumber startswith="Tender" endswith="PrintIntercept\:\:PrintXML finished" \| top CheckNumber Time... by dowdag Engager in Splunk Search 06-17-2019 0 2	0	2
Why is the regex creating empty events from incoming data? I have a log text file that captures logs in this format: ---------------------------------------- Timestamp: 5/9/20... by derekho55 Explorer in Splunk Search 06-17-2019 0 2	0	2
How to create a lookup search for matching 2 fields? I have 2 devices: fw and waf. I want to make a lookup, my lookup file is mal_ip that has 4 fields : mal_ip category ... by badoomi New Member in Splunk Search 06-17-2019 0 7	0	7
Ironport: How to get all 'from' emails for specific user Hello, I am trying to run a search to get the "Email_From_Address" of a specific user within ironport. Can someone ... by cosmo360 New Member in Splunk Search 06-17-2019 0 2	0	2
Why are we only able to extract the first value of a comma separated list for a given field? Hi, (In Splunk) I am only able to extract the first value of a comma-separated list for a given field in which the f... by varunawasthi9 New Member in Splunk Search 06-17-2019 0 5	0	5
How to get eval values from two fields My current search is this: index="x \| timechart count(eval(statusCategory="B")) I want to add one more statusCate... by rashi83 Path Finder in Splunk Search 06-17-2019 0 8	0	8
_txn_orphan field missing from transaction command after upgrade Just upgraded SH from 7.0.2 to 7.2.5.1 (indexers still in progress) and some reports which rely on _txn_orphan broke.... by eugenek Path Finder in Splunk Search 06-17-2019 0 2	0	2
How to extract HTTP status codes in report? Hi, I know how to extract the HTTP Status from Splunk. But I need it in the below format which I am not able to do: ... by ruchijain New Member in Splunk Search 06-17-2019 0 3	0	3
How to swap X and Y axis? I have an area chart with Time_Taken on the x axis and count on the y axis and I want them to be switched, please hel... by bryceweb22 Path Finder in Splunk Search 06-17-2019 0 5	0	5
show top 5 values in column chart Hello im trying to show top 5 values in column chart this is my query: index="ssys_*_fdm" pauseReason: NOT "pauseRe... by sarit_s Communicator in Splunk Search 06-17-2019 0 21	0	21
Command to display percentage increase in stats count Hi, Is there a way of showing the percentage increase or decrease from the command: "stats count as daycount by date... by colinmchugo Explorer in Splunk Search 06-17-2019 0 4	0	4