Splunk Search

Community Activity

Regex help in Splunk Hi, I have few events in splunk like these - 1. "GET /test/materials/components/fields HTTP/1.1" 2. "GET /test1 HTTP... by Shashank_87 Explorer in Splunk Search 04-09-2019 0 6	0	6
Extracting date from filename and inserting as title in dashboard I need to extract the date from my filename "abc_20190401" and put it as a title in my dashboard? by sn_18 New Member in Splunk Search 04-09-2019 0 3	0	3
Is it possible to use two base searches in one post-processing search? I have a dashboard similar to this one: <form> <label>Multiple Base Searches</label> <fieldset submitButton="fal... by krdo Communicator in Splunk Search 04-09-2019 2 4	2	4
Not able to invoke each rows sprint, the element after the "by". I have been trying to see if (sprints==last_chunk) but my problem is that, if I eval within the stats section, sprint... by awesterman New Member in Splunk Search 04-09-2019 0 2	0	2
How to use conditional tokens to run an append command I am creating a table by appending the result of many searches together so each result appears in one row of the tabl... by julmarqu Engager in Splunk Search 04-09-2019 1 2	1	2
Save results to avoid recalculation for new users per day or total number of distinct users I am pretty new to Splunk and this is my first posted question so here goes... I have an application and I need to i... by tmtcollins Explorer in Splunk Search 04-09-2019 0 1	0	1
Searching and reporting against custom indexes I created a new Index for syslogservers to store remote syslog messages coming in on a Data Input UDP:514; The inde... by salighie New Member in Splunk Search 04-09-2019 0 6	0	6
Regex Help I have this data: cfjbht06,08-Apr-2019,18:01:47,2.9,11.6 Splunk is reading this timestamp as: 4/8/19 6:01:47.200 P... by jkrehrer22 Engager in Splunk Search 04-09-2019 0 1	0	1
Complex Regex, HELP! I have a transform that I need help writing a regex for. It has two conditions. It needs to match the value in this... by jedatt01 Builder in Splunk Search 04-09-2019 1 10	1	10
Differentiate between two fields with the same name in two different jsons So I have a single log event that captures the request and the response JSONs. As a user I'd like to be able to write... by seomaniv Explorer in Splunk Search 04-09-2019 0 3	0	3
formating a text file i have a file in the format of : productId,product_name,price,sale_price,Code DB-SG-G01,Mediocre Kingdoms,24.99,19.9... by ashish_chand New Member in Splunk Search 04-09-2019 0 3	0	3
converting 1.1.1970 to epoch doesn't work, whereas converting epoch 0 to string does work... is it a bug or did I miss something? Hi, I stumbled on something funny with the time conversion functions. Trying to convert the 1st of January 1970 to ep... by grundsch Communicator in Splunk Search 04-09-2019 1 3	1	3
To extract a string which has numeric value and get the count I have logs in splunk as mentioned below 3/22/19 2:05:44.000 PM Date = 2019-03-22 13:58:19,827 \| Level = INFO \| Req... by minaljain New Member in Splunk Search 04-09-2019 0 1	0	1
How to write a search to not display the last bucket of data in a timechart? I have a requirement in which I don't want to display the last bucket of data in the timechart. Example: The bucket t... by ID_SplunkUser Path Finder in Splunk Search 04-09-2019 1 5	1	5
How to modify a part of a search based on two inputs selection? Hello, I have a dashboard with 2 inputs: A radio input with two buttons, index and role, with the token viewText inp... by ktn01 Path Finder in Splunk Search 04-09-2019 0 1	0	1
HELP FOR FORMATTING TEXT IN A PANEL SEARCH Hello I have the panel below in my dashboard <row> <panel> <single> <search> <query>\| i... by jip31 Motivator in Splunk Search 04-09-2019 0 2	0	2
Stop kv-store lookup from grouping values per key I have a kv store that has several fields (ip addresses, time stamps etc) tied to a unique key (the default mode) - w... by christoffertoft Communicator in Splunk Search 04-09-2019 0 7	0	7
Splunk 6.2.4, TA-tippingpoint 3.3.0 - Failed extractions I have TA-tippingpoint 3.3.0 app installed on Enterprise Splunk 6.2.4, but there are no field extractions for the IPS... by may_aaron Engager in Splunk Search 04-09-2019 1 6	1	6
Can you help me search to return results even if there are none available? I have 2 source types that run every morning at 8:30am. If 1 or more does not, I need to still see the source types ... by ryhluc01 Communicator in Splunk Search 04-09-2019 0 6	0	6
In a subsearch, retrieve last-logged-on-user, for IPs in a search for most-blocked connections from Firewall I have a search that returns the IPs that have recently been blocked the most, and I want to add the "Last Logged On ... by VexenCrabtree Path Finder in Splunk Search 04-09-2019 0 2	0	2
Handle 0 Count, No results found & when no data is being indexed I was displaying the count of certain type of locks using the query below. index=A sourcetype="source" LOCK_MODE!="... by njohnson7 Path Finder in Splunk Search 04-09-2019 0 2	0	2
How to extract values "good" and "bad" from my sample data into a new field named STATUS? Hi I have a log file in which all the events has this below lines as common; 04:03:28 04/12/2016 good 201961028 ... by roopeshetty Path Finder in Splunk Search 04-09-2019 0 5	0	5
how to match a specific field in 2 different csv file and 2 different index Hi I use the search below in order to display in a table a specific EventCode by host I am matching the host with th... by jip31 Motivator in Splunk Search 04-08-2019 0 2	0	2
When I use \| spath \| search \| table search commands I am getting duplicate entries When parsing information from a _json file when using \|spath \|search \|table I am receiving duplicates. I'm not sur... by bzsplunk54 New Member in Splunk Search 04-08-2019 0 1	0	1
Regex in Splunk Hi, I have the following column: CVSSv2 CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N I want to do something like this: sourc... by hjsabdjahbd Observer in Splunk Search 04-08-2019 0 3	0	3