Splunk Search

Community Activity

How to create a Regex question for field extraction for our shibboleth:audit sourcetype events? I created the following regex to extract the fields for our shibboleth:audit sourcetype events: ^(?:[^\\|\n]*\\|){2}(?... by jwalzerpitt Influencer in Splunk Search 06-12-2019 0 1	0	1
"Oops! Your instance is no longer here." I have been working on the Fundamentals 1 Certification using the free Cloud Trail instance of Splunk. My instance ha... by dpickett New Member in Splunk Search 06-12-2019 0 0	0	0
How to extract the HTTP Status Code? I need help with extracting and graphing the HTTP status code which is always the end of every log formatted as; `20... by bryceweb22 Path Finder in Splunk Search 06-12-2019 0 3	0	3
How to use extracted field as input parameter to another search? Hi, I needed help with using field extracted in the search(ORG) to be used as input for another search where a simil... by rahulkawadkar26 New Member in Splunk Search 06-12-2019 0 5	0	5
How to use calculated field with url? Hello, I'm trying to use calculated field on data with url field. Simple doesn't work. Even a very simple 'upper(url... by a_naoum Path Finder in Splunk Search 06-12-2019 0 10	0	10
How to create a regex to match URLs ending with a known file extension downloads? I am trying to filter out all URLs which are for file downloads and those URLs will end with the file extension. Eg -... by jkumarr2 New Member in Splunk Search 06-12-2019 0 1	0	1
Does the`search` command has implicit AND between expressions? I always understood the search command's expressions be connected by a logical AND by default: search customer=123 it... by davidch12 Explorer in Splunk Search 06-12-2019 0 1	0	1
manipulate timestamp Hello in my organisation we have few kinds of log format one of them does not have the year in the time stamp so the ... by sarit_s Communicator in Splunk Search 06-12-2019 0 6	0	6
How to line break events Can anyone here help with breaking this sample into multiple events each should start with { "resourceId": ? I have t... by anasamer New Member in Splunk Search 06-12-2019 0 9	0	9
help on token strange behaviour hi I use the search below and I filter the data with 2 token \| inputlookup tablet_host.csv \| lookup PanaBatterySta... by jip31 Motivator in Splunk Search 06-12-2019 0 19	0	19
How to display certain stats values command in a search? Hello I use the stats command below but some process_name have no process_cpu_used_percent value So how to do for di... by jip31 Motivator in Splunk Search 06-12-2019 0 11	0	11
Splunk search issues with timezone of logs from forwarders Dears, My Splunk Indexer is in CDT time zone and my forwarder logs are in UTC time zone and there is time differenc... by rchittip Path Finder in Splunk Search 06-12-2019 0 9	0	9
How can I combine the list of events within recent timeframe with the count of similar event in a broader timeframe (not taking into account the last 5 days)? Hello everyone, I am trying to combine the following: - The query 1 looks for recent events (earliest=-10m@m latest... by tomgc Engager in Splunk Search 06-12-2019 0 0	0	0
Take multiple regex in single search string I have to extract the same features from two sets of logs with very different formats and need to take the additional... by AshimaE Explorer in Splunk Search 06-12-2019 0 5	0	5
How to return values from lookup which are not matching the search? Hi I currently have a search which returns a list of users with employee id from a user lookup eg: user lookup has ... by kavyadekkata Explorer in Splunk Search 06-11-2019 0 1	0	1
Convert Timestamp from one format to UNIX style format I have a log file that has the timestamp for each line as: Jun 10, 11:07:59.305475 Note that the year is missing -... by dowdag Engager in Splunk Search 06-11-2019 0 6	0	6
I am looking on how to filter the unwanted logs getting forward to indexer In my Application there are logs statements which are repetitive and how to avoid them sending to Indexer so that i w... by lsanthoshbe New Member in Splunk Search 06-11-2019 0 1	0	1
How to table events in columns with time/date related counts I want to write a search where the events are in one column and the related counts are in each column corresponding t... by ankurtaunk Explorer in Splunk Search 06-11-2019 0 9	0	9
Splunk 6.4 how to achieve @w1 of splunk 7 I am doing weekly statistics and in splunk 7, i can easily specify the first day of a week by @w1 so 1 means Monday. ... by viking1978 New Member in Splunk Search 06-11-2019 0 1	0	1
Comparing 2 Windows Event logs together I am kind of new so I apologize to my ignorance. What I am trying to do is use the Windows Event Logs EventCode 5156 ... by dirtyspawn Engager in Splunk Search 06-11-2019 0 6	0	6
How to chart count by events and name? I have a search that gets the count of events by users which works well. However, I want to have the chart list all u... by jenkinsta Path Finder in Splunk Search 06-11-2019 0 5	0	5
Custom index for forwarded data Hello all, I have a working universal forwarder that happily sends data to my Enterprise indexer. The data shows up u... by eholz1 Builder in Splunk Search 06-11-2019 0 5	0	5
How to use rex to match only where the field exactly has 8 characters? Hello, I need a search to match when a field that has free form text contains exactly 8 characters that are letters ... by user93 Communicator in Splunk Search 06-11-2019 0 3	0	3
Data virtualization with Splunk? hi, what are your thoughts on data virtualization and how does it apply to Splunk? I ave been researching data virtua... by barriersbill Explorer in Splunk Search 06-11-2019 1 2	1	2
Interactive dashboard stats count Good afternoon I have a stats count query leading to a single number dashboard. I was wondering if it is possible to ... by jsalsbur Explorer in Splunk Search 06-11-2019 0 3	0	3