Splunk Search

Community Activity

	How to use regex to replace string? Hi, I have the below urls. How can I use the regex to remove the tokens from urls? Looking to remove data between /... by knalla Path Finder in Splunk Search 05-12-2019 0 3	0	3
	Create correlation search from multiple host or device logs based on the Source IP field Hi all, I want to create the correlation search in order to further enhance our current security alert from splunk b... by chrishow Engager in Splunk Search 05-12-2019 0 3	0	3
	how to parse a semicolon separated file for a lookup file I have a semicolon separated file that is to be used as a lookup file. How do you parse the file within the transform... by SplunkDank New Member in Splunk Search 05-12-2019 0 5	0	5
	timewrap compare last week with avg last three months Hi team! I want to compare last week with avg last three months. This is my code right now. I need some help pls. ... by christianubeda Path Finder in Splunk Search 05-12-2019 0 0	0	0
	Problem with map command - Using search from lookup Hi all, I am trying to run a map command that will run searches from a lookup one by one as follows : \| inputlooku... by astatrial Contributor in Splunk Search 05-12-2019 0 13	0	13
	Help with a custom co-relation search!!!! I'm having a problem creating an alert for following scenario: Data source: index=mail sourcetype=pps_messagelog (in... by swaguzari Engager in Splunk Search 05-12-2019 0 3	0	3
	help on tostring function hello I am doing the distinct count below in my search \| stats dc(host) AS OnlineCount by Code \| where Code = "Onl... by jip31 Motivator in Splunk Search 05-12-2019 0 5	0	5
	Using a different value for _time index=av sourcetype=BobsCutRateAV category="BadStuffHappening" \| eval date_hour=strftime(_time, "%H") \| eval date_w... by williamsmew New Member in Splunk Search 05-11-2019 0 7	0	7
	How to see changes in field values when comparing today vs. yesterday? Hello, I have a scheduled search that populates a CSV with data each day, including the current date. Here is an ex... by russell120 Communicator in Splunk Search 05-11-2019 0 4	0	4
	How to Sum Latest and Previous Field1 from multiple Field2. Hi All, I have a problem to form the logic for sorting Latest and Previous Data to compare. Looking Field1=Status , ... by keanhong New Member in Splunk Search 05-11-2019 0 7	0	7
	Need to Calculate Response Time matching Index ID between 2 lines in the search If look the below screen shot due to multiple calls in same time some time response takes a while and we need to matc... by lsanthoshbe New Member in Splunk Search 05-11-2019 0 4	0	4
	Exclude any transaction that doesn't include a specific value I need to filter searches that has a value of "F*" included per transaction number. The transaction number with my se... by marxsabandana Path Finder in Splunk Search 05-11-2019 0 1	0	1
	rex expression does not work in curl I have a simple search on a text pad, like this index=text\|rex field=_raw "ApplicationRegistry-(?<text>.*)" max_match... by Sukisen1981 Champion in Splunk Search 05-11-2019 0 22	0	22
	How to get field count rather than stats count? Here's my query: index="smt_fortigate" host="10.8.12.1" srcintf=mysummitwifi \| stats count by devtype What I want t... by summitsplunk Communicator in Splunk Search 05-10-2019 0 5	0	5
	Predict: show past events and future predictions I'm using predict, and seeing good results, but I would like to clean up my visualization. What I would like is to s... by nplamondon Communicator in Splunk Search 05-10-2019 0 20	0	20
	How to use coalesce without hitting search limit My data is from the same source but I would like to count the number of times a host appears on the event based on tw... by alc2019 New Member in Splunk Search 05-10-2019 0 6	0	6
	How do you convert the date field and time field on a lookup table to _time? Hi, How do I convert two fields (date and time) from a lookup table to _time? I would like to use it to create time... by alc2019 New Member in Splunk Search 05-10-2019 0 5	0	5
	Use transaction command to process data and get 3 different results? Is this even possible?? Here is what I have: ...a log table with a unique FName-LName & Job-Title. I pulled 100 rows on both yesterday and ... by timothytruax Explorer in Splunk Search 05-10-2019 0 6	0	6
	splunk HTTP event collector Splunk HTTP event collector not sending data to an index. I have HTTP event collector configured in HF . And it sends... by Prakash493 Communicator in Splunk Search 05-10-2019 0 2	0	2
	help for displaying 2 results in a single panel hello I use the search below in order to display the result (count) in a single value panel In the same single value,... by jip31 Motivator in Splunk Search 05-10-2019 0 1	0	1
	HELP ON DIFFERENT EVAL ARGUMENTS WHICH GIVE THE SAME RESULT hi I use the search below in order to count the number of machines which are online it works BUT When I count the ma... by jip31 Motivator in Splunk Search 05-10-2019 0 1	0	1
	need help with joining two queries Hi ninjas, i have two queries with ] the output as follows query1 output fields: SOR filename expected_... by pench2k19 Explorer in Splunk Search 05-10-2019 0 7	0	7
	I have one field time received this is showing date and time i want to change with that time to _time in props .conf how it would work because i want change to _time or any other way please suggest FIELD -TimeReceived: 2019-05-09T05:29:03.000Z this is my prpos .conf xyz SHOULD_LINEMERGE=false NO_BINARY_CHE... by abhishekdubey00 Engager in Splunk Search 05-10-2019 0 1	0	1
	List process count and 0 when didn't found I'm tring to do a search for some process for a server but I would like for those that are not running the result com... by leonardomassard Explorer in Splunk Search 05-10-2019 0 1	0	1
	Sort by time in a chart with time header names Hi, I have a search table that aims to show the inflow of tickets for a time range. Here is what it looks like... ... by dojiepreji Path Finder in Splunk Search 05-10-2019 0 2	0	2