Splunk Search

Community Activity

group results to be emailed to appropriate support team based on server I'm looking to search for multiple errors and exceptions across application logs for across multiple servers. using... by splunkhan New Member in Splunk Search 05-13-2019 0 1	0	1
How to get the count of the number of duplicates that have been eliminated using dedup There are many failures in my logs and many of them are failing for the same reason. I am using this query to see the... by marty1234 Engager in Splunk Search 05-13-2019 0 1	0	1
Extract multiple values from a single existing field, using regex Hey, I have this event. as you can see there is field named cs1. I need to create new field lets say cs_1 and extract... by hketer Path Finder in Splunk Search 05-13-2019 0 13	0	13
match values in same fields Hi, i would match two field, exactly: field1 - field2 1 - Empty 1 - Empty 1 - Empty ... by perryd Engager in Splunk Search 05-13-2019 0 8	0	8
How to extract pipe delimited field value? HI All, I have scenario where my field value is pipe delimited e.g. Session=PP\|OO\|GG if in search I do table of Ses... by rrakesh874 New Member in Splunk Search 05-13-2019 0 4	0	4
how to break fields into separate lines which were concatenated Hello, My Situation is different. I have few columns like: code, Week, rfs, decision, new_deecision. In my search,... by mnarmada Path Finder in Splunk Search 05-13-2019 0 0	0	0
Unique IP count It seems like something that has been answered before but i have been unable to find the answer. Is it possible to ru... by jdhavo New Member in Splunk Search 05-13-2019 0 3	0	3
Can you help me make a query that would Fill in values in braces from data inside the JSON? Here is the source data: { "contextValues": [ "10.1.1.1", "10", "testhost" ], "contextTypes": [ ... by jatwell2 New Member in Splunk Search 05-13-2019 0 9	0	9
Can anyone help resolve the issue with my search for events relating to USB violations by wlwilliams01 Engager in Splunk Search 05-13-2019 1 2	1	2
How to populate fields from two indexes that share one field Hello, I asked this question yesterday but didn't get the right solution. I have two indexes with different fields a... by maryamchar Explorer in Splunk Search 05-13-2019 0 4	0	4
I am writing a subsearch to get a user details as input for someother search but it is not working when i include the subsearch . need help asap index=* [search index=_internal [\| rest /services/authentication/current-context splunk_server=local \| fields usernam... by arunsundarm Engager in Splunk Search 05-13-2019 0 3	0	3
user activities, PCI Requirement 10 May I know what is User Activity as per PCI requirement 10 ? On going SSAE 18 audit, there is one question - please ... by brpsingara Explorer in Splunk Search 05-13-2019 0 0	0	0
Use of upper/lower Other than making reports more readable, are there other reasons to use the upper/lower function of eval? by smanganiello_sp Splunk Employee in Splunk Search 05-13-2019 0 4	0	4
dbinspect query help I'm trying to write a dbinspect query to calculate the # of days of data that is stored in our hot/warm storage parti... by mschlapfer Explorer in Splunk Search 05-13-2019 0 2	0	2
Extraction issue with dynamic field names Hello there, I am stuck with a dynamic field name extraction. The data is partly JSON and sometimes contains nested... by D2SI Communicator in Splunk Search 05-13-2019 0 2	0	2
how to use string from lookup table in search Hi there, I want to build a query with strings from the lookup table. I have the list of domains in the look up table... by afulamba Explorer in Splunk Search 05-13-2019 0 19	0	19
How to delete old lookup table (CSV) files in a search head clustering environment? How can one delete stale lookup files? Sometimes users output their data to a lookup table file to reference in anoth... by BP9906 Builder in Splunk Search 05-12-2019 1 4	1	4
How to use regex to replace string? Hi, I have the below urls. How can I use the regex to remove the tokens from urls? Looking to remove data between /... by knalla Path Finder in Splunk Search 05-12-2019 0 3	0	3
Create correlation search from multiple host or device logs based on the Source IP field Hi all, I want to create the correlation search in order to further enhance our current security alert from splunk b... by chrishow Engager in Splunk Search 05-12-2019 0 3	0	3
how to parse a semicolon separated file for a lookup file I have a semicolon separated file that is to be used as a lookup file. How do you parse the file within the transform... by SplunkDank New Member in Splunk Search 05-12-2019 0 5	0	5
timewrap compare last week with avg last three months Hi team! I want to compare last week with avg last three months. This is my code right now. I need some help pls. ... by christianubeda Path Finder in Splunk Search 05-12-2019 0 0	0	0
Problem with map command - Using search from lookup Hi all, I am trying to run a map command that will run searches from a lookup one by one as follows : \| inputlooku... by astatrial Contributor in Splunk Search 05-12-2019 0 13	0	13
Help with a custom co-relation search!!!! I'm having a problem creating an alert for following scenario: Data source: index=mail sourcetype=pps_messagelog (in... by swaguzari Engager in Splunk Search 05-12-2019 0 3	0	3
help on tostring function hello I am doing the distinct count below in my search \| stats dc(host) AS OnlineCount by Code \| where Code = "Onl... by jip31 Motivator in Splunk Search 05-12-2019 0 5	0	5
Using a different value for _time index=av sourcetype=BobsCutRateAV category="BadStuffHappening" \| eval date_hour=strftime(_time, "%H") \| eval date_w... by williamsmew New Member in Splunk Search 05-11-2019 0 7	0	7