Splunk Search

Community Activity

Extract JSON fields in mixed data structure with props I have an event with a mix of JSON and non-JSON data. I have successfully extracted a Payload field with props whose ... by _smp_ Builder in Splunk Search 05-22-2019 2 5	2	5
Can you help me with an issue with dashboard rows? Hi guys, Is there any way we can display more than 100 rows in a table format dashboard? We tried to modify the ... by roopeshetty Path Finder in Splunk Search 05-22-2019 0 6	0	6
How to display a table that shows all rows without pagination? I need to display a table that will show all the rows without pagination. I have already tried using "showPager" opti... by marxsabandana Path Finder in Splunk Search 05-22-2019 0 2	0	2
how to break a field into two fields based on the prefix in splunk by using regex? I have the regex query as below sourcetype=syslog \| rex field=_raw "(?rshd[^:]: .+) as (?[^\s:]+)" \| rex field=_ra... by pavanae Builder in Splunk Search 05-22-2019 0 2	0	2
Why does regex to extract host from path work in regex101, while it's not working in Splunk? I need to extract "hostname" from the path in data input on directory monitoring. Path: /export/var/path/host1.log ... by mlevsh Builder in Splunk Search 05-22-2019 0 13	0	13
How to extract value under double quotes using the rex command? Has been busy for "639" seconds using rex command i need to extract value 639 and store it in one field. Please he... by saravanafd Explorer in Splunk Search 05-22-2019 0 3	0	3
Duration between Logoff and Logon Hi team, Please help me to figure out the issue. I would like to create a dashboard using my Audit logs to capture m... by vishaltv Path Finder in Splunk Search 05-22-2019 0 3	0	3
Winsorized Average Calculation host = Mayhem sourcetype="phutans:servo" host=R00878 \| eval headers=split(_raw," ") \| eval plant_length=mvindex(he... by zacksoft Contributor in Splunk Search 05-22-2019 0 9	0	9
How to create a new field from the content of another field by condition and rex? Hi, I am trying to create a new field "foo" whose content is generated from field "bar", depending on the content of... by bosch_softtec Path Finder in Splunk Search 05-22-2019 0 2	0	2
How to search Splunk from external web application? Hi, we've a simple web application in PHP that queries user's status from different sources (e.g. LDAP, Oracle DB, et... by stwong Communicator in Splunk Search 05-21-2019 0 3	0	3
Why is Splunk gathering latest data even with Null values? How can i get latest value of all ID (1-1,1-2,2-1,2-2). considering there are no latest data on ID(2-1,2-2) Data: 1... by jadengoho Builder in Splunk Search 05-21-2019 0 1	0	1
Integrating dbxquery in a search I have an sql database containing a list of ip addresses and a bunch of other fields that I can query from Splunk usi... by balcv Contributor in Splunk Search 05-21-2019 0 5	0	5
Prediction on disk transfer / sec Hi , I have used following query for predicting disk transfer of particular host, here we are using LLP algorithm i... by singh3and12 Path Finder in Splunk Search 05-21-2019 0 12	0	12
String Comparison with Foreach I have a lookup table from a csv that looks like this name exam1 exam2 exam3 john good bad bad peter ... by zacksoft Contributor in Splunk Search 05-21-2019 0 1	0	1
How to monitor the lasting of an event with a percentage condition with a CPU charge > 80%? Hello I use the search below in order to monitore process with a CPU charge > 80% BUT What I exactly need is to moni... by jip31 Motivator in Splunk Search 05-21-2019 0 8	0	8
Custom Splunk search command only returns 100 results Hello, I'm writing a custom Splunk search command that runs a query on another Splunk host, then returns those result... by moorhead_30s New Member in Splunk Search 05-21-2019 0 3	0	3
Date input textbox format I want to add 2 text boxes where I can key in 2 dates. Later I want to use these 2 dates at 4 locations of my query. ... by reverse Contributor in Splunk Search 05-21-2019 0 3	0	3
query help inner query \| mstats max(_value) as Bits_in_sec where index=ehealth (host="SC2CLK-CLOUD-CFD-VDC2" OR host="SC2BJV-CLOUD-CFD-VDC2"... by surekhasplunk Communicator in Splunk Search 05-21-2019 0 2	0	2
How to get the number of users having access to each indexes? Hi I need a help with a Splunk search to find the number of users having access for each indexes. Thanks by NAVEEN_CTS Path Finder in Splunk Search 05-21-2019 0 1	0	1
Regex with eval ? I have this following string 2019-05-17 11:30:14.262 INFO 13 --- [pool-3-thread-1] com.abcd.efgh.ijk.statuspage.St... by officialsubho New Member in Splunk Search 05-21-2019 0 4	0	4
Is data considered indexed after full replication or just after initial write to disk (which == searchable)? In a testing distributed environment, we are experiencing indexing delays. With a replication factor of 3, when would... by vzedbny Engager in Splunk Search 05-21-2019 0 1	0	1
search query Splunk new-bee here. Let's say I have two records in the log file: one record has " myID=1234 ticker= abc" and the ... by aokhovat New Member in Splunk Search 05-21-2019 0 1	0	1
Splunk/AWS SQS Queue polling inconsistently As the title says im running into an issue with what appears to be the pull count from SQS queues. For example, right... by arlombar Explorer in Splunk Search 05-21-2019 0 0	0	0
Why does this search cause Splunk to crash occasionally? I have a search that works most of the time, but sometimes just causes Splunk to crash and requires a restart. I hav... by chadman Path Finder in Splunk Search 05-21-2019 0 7	0	7
Base Search returning different results than normal search As the title suggests, I'm having issues with a base search that I'm trying to create. The base search uses tokens t... by betchim_gerwili Explorer in Splunk Search 05-21-2019 0 2	0	2