Splunk Search

Community Activity

How do you calculate the time taken during the authentication process? Hi All, I am trying to achieve the time difference between two logs during the authentication process. During authen... by rakeshyv0807 Explorer in Splunk Search 04-05-2019 0 5	0	5
DB Connect TimeStamp Format Has anyone successfully provided TimeStamp.Format in DB Connect for DateTimeOffset type (SqlSever)? The time is in UT... by dan60201 Explorer in Splunk Search 04-05-2019 1 5	1	5
How do you concatenate two values within a log into one field within a field transformation? I have a log source that breaks up a URL into different chunks (ie: domain, uri string, uri query, etc) within the lo... by iomega311 Explorer in Splunk Search 04-05-2019 0 6	0	6
Omitting matching fields unless blank Hello, I'm trying to omit rows that contain matching fields, unless those fields are blank. Example syntax below: \|... by aherrington Path Finder in Splunk Search 04-05-2019 0 2	0	2
How can we get host names for given IPs in a search using reverse DNS? Hi, I have bunch of IPs and I would like to do reverse DNS and get the host names. So, can I include IPs in the sear... by xvxt006 Contributor in Splunk Search 04-05-2019 0 2	0	2
How can I start each week from tuesday? Below is my code. It starts each week from sunday. How can start each week from tuesday? Do I need to change anything... by nikita012 New Member in Splunk Search 04-05-2019 0 1	0	1
Conditional email subject line Hello, I have search index=* ERROR \| eval svc=mvindex(split(index,"-"),4) \| stats count(svc) as cnt_svc by svc,source... by ygaluzo New Member in Splunk Search 04-04-2019 0 1	0	1
field extraction with rex Field sample: <"Data Name='Description'>Microsoft ® Console Based Script Host"<"/Data"> \| rex ""(?[a-zA-Z0-9.: \\]+)... by borisk95 New Member in Splunk Search 04-04-2019 0 6	0	6
dbx date parameters for apache drill in splunk I am trying to use apache drill to query mapr data via splunk. Using a dbx to use the name \|dbxquery connection="Dr... by priyanka0309 New Member in Splunk Search 04-04-2019 0 0	0	0
locktest command to verify gpfs I ran the locktest command on a Spectrum Scale (gpfs) nsd server node. After typing ./splunk cmd locktest and hitting... by gnevarez New Member in Splunk Search 04-04-2019 0 0	0	0
tstats search that I can group over time for each of my indexes Hello , I'm looking for assistance with an SPL search utilizing the tstats command that I can group over a specified ... by bzsplunk54 New Member in Splunk Search 04-04-2019 0 2	0	2
Strftime/Strptime not including leading zero DateField before eval: 20190402000000 I'm trying to apply strftime/strptime so the DateField will show as 2019-04-02... by mistydennis Communicator in Splunk Search 04-04-2019 0 4	0	4
Problem with case statement using eval Hi all, Getting this error: Error in 'eval' command: The expression is malformed. Expected ). I'm following the fo... by selinakvle Explorer in Splunk Search 04-04-2019 0 5	0	5
Stats: pulling forward data into table results I am trying to create a table by counting rows, then doing a stats command on the results to determine the Avg, Max, ... by pmhelfrich Explorer in Splunk Search 04-04-2019 0 2	0	2
How to split JSON array into Multiple events at Index Time? I have an event : { "local": [ { "display_name": "juniper0", "tenant": null, ... by mayurr98 Super Champion in Splunk Search 04-04-2019 0 3	0	3
Windows performon- not getting collected Hi , I have set up UF to collect data from one server to my indexer. The connection between my Indexer adn UF is fine... by johnsasikumar Path Finder in Splunk Search 04-04-2019 0 1	0	1
How to solve this: Count unique unique number of field X, expect to find the same number of field Y First start with what I have today. We use a tool to deploy applications on to our WebSphere Deployment Server. A sch... by rune_hellem Contributor in Splunk Search 04-04-2019 0 3	0	3
Why is Splunk not displaying the full log entry? I am only receiving the first two lines of a log entry into Splunk: Date: 2019/03/12 14:00:10 SOFTWARE Module: D... by vcorral New Member in Splunk Search 04-04-2019 0 1	0	1
Split semicolon separated event into many events Hello every one, I have some data in Splunk server that is separated by semicolon ";" String1=Int1;String2=Int2;Stri... by starbac Explorer in Splunk Search 04-04-2019 0 13	0	13
Format CVE using Regex I've ran a search and one of my columns in my table references CVE IDs. However, CVE IDs in that column are not in t... by carldipace New Member in Splunk Search 04-04-2019 0 2	0	2
Group data 'n' rows at a time I have 40 rows in my data with fields Date, Total. I want to add the values of Total for each 5 days. How can I group... by nikita012 New Member in Splunk Search 04-04-2019 0 1	0	1
Issue of lookup csv file and output multiple values Hi, When I lookup a csv file, and match multiple values, it will output as a multi-value fields . Like that : But,... by leo_wang Path Finder in Splunk Search 04-04-2019 0 3	0	3
Lookup several times in a KVstore? I'm working on a kvstore that has multiple interesting columns with which i might determine to enrich an event. For ... by christoffertoft Communicator in Splunk Search 04-04-2019 0 0	0	0
field::value vs field=value when doing search I have a UF, Indexer, Search Head. My UF accepts UDP packets. I created a field in the UF so that I can identify that... by htidore Path Finder in Splunk Search 04-04-2019 0 1	0	1
Issue with performance on join command? Hello there, Sorry for asking a noob question! But I'm struggling to determine why my join isn't working across all ... by jsoohoo New Member in Splunk Search 04-04-2019 0 2	0	2