Splunk Search

Community Activity

How to ensure the linecount is updated after removing lines in a rex search? I've got some events with some lines in it that I don't want displayed, so I'm removing those with a rex sed statemen... by kmorton New Member in Splunk Search 04-07-2019 0 2	0	2
nested level dropdown I have a query to list out all the values of directory. index=main source="test" \| stats count by directory This... by bollam Path Finder in Splunk Search 04-07-2019 0 4	0	4
How do I get an Xyseries to display dates in descending order? sample query: index=foo "string of data"="age needed"age earliest=-5d \| stats dedup_splitvals=t , values(_time) AS ... by ryhluc01 Communicator in Splunk Search 04-06-2019 1 11	1	11
How to list all sourcetypes for an app on a Dashboard? Hi, I want to build a dashboard and list all the sourcetypes for an app (e.g. search or splunk_TA_nix). In the setti... by dkeck Influencer in Splunk Search 04-05-2019 0 6	0	6
File Name Parts Extraction Rex I need to break down a source file name into it's meaningful parts with a regex, however the convention of the file c... by JDukeSplunk Builder in Splunk Search 04-05-2019 0 2	0	2
How do you calculate the time taken during the authentication process? Hi All, I am trying to achieve the time difference between two logs during the authentication process. During authen... by rakeshyv0807 Explorer in Splunk Search 04-05-2019 0 5	0	5
DB Connect TimeStamp Format Has anyone successfully provided TimeStamp.Format in DB Connect for DateTimeOffset type (SqlSever)? The time is in UT... by dan60201 Explorer in Splunk Search 04-05-2019 1 5	1	5
How do you concatenate two values within a log into one field within a field transformation? I have a log source that breaks up a URL into different chunks (ie: domain, uri string, uri query, etc) within the lo... by iomega311 Explorer in Splunk Search 04-05-2019 0 6	0	6
Omitting matching fields unless blank Hello, I'm trying to omit rows that contain matching fields, unless those fields are blank. Example syntax below: \|... by aherrington Path Finder in Splunk Search 04-05-2019 0 2	0	2
How can we get host names for given IPs in a search using reverse DNS? Hi, I have bunch of IPs and I would like to do reverse DNS and get the host names. So, can I include IPs in the sear... by xvxt006 Contributor in Splunk Search 04-05-2019 0 2	0	2
How can I start each week from tuesday? Below is my code. It starts each week from sunday. How can start each week from tuesday? Do I need to change anything... by nikita012 New Member in Splunk Search 04-05-2019 0 1	0	1
Conditional email subject line Hello, I have search index=* ERROR \| eval svc=mvindex(split(index,"-"),4) \| stats count(svc) as cnt_svc by svc,source... by ygaluzo New Member in Splunk Search 04-04-2019 0 1	0	1
field extraction with rex Field sample: <"Data Name='Description'>Microsoft ® Console Based Script Host"<"/Data"> \| rex ""(?[a-zA-Z0-9.: \\]+)... by borisk95 New Member in Splunk Search 04-04-2019 0 6	0	6
dbx date parameters for apache drill in splunk I am trying to use apache drill to query mapr data via splunk. Using a dbx to use the name \|dbxquery connection="Dr... by priyanka0309 New Member in Splunk Search 04-04-2019 0 0	0	0
locktest command to verify gpfs I ran the locktest command on a Spectrum Scale (gpfs) nsd server node. After typing ./splunk cmd locktest and hitting... by gnevarez New Member in Splunk Search 04-04-2019 0 0	0	0
tstats search that I can group over time for each of my indexes Hello , I'm looking for assistance with an SPL search utilizing the tstats command that I can group over a specified ... by bzsplunk54 New Member in Splunk Search 04-04-2019 0 2	0	2
Strftime/Strptime not including leading zero DateField before eval: 20190402000000 I'm trying to apply strftime/strptime so the DateField will show as 2019-04-02... by mistydennis Communicator in Splunk Search 04-04-2019 0 4	0	4
Problem with case statement using eval Hi all, Getting this error: Error in 'eval' command: The expression is malformed. Expected ). I'm following the fo... by selinakvle Explorer in Splunk Search 04-04-2019 0 5	0	5
Stats: pulling forward data into table results I am trying to create a table by counting rows, then doing a stats command on the results to determine the Avg, Max, ... by pmhelfrich Explorer in Splunk Search 04-04-2019 0 2	0	2
How to split JSON array into Multiple events at Index Time? I have an event : { "local": [ { "display_name": "juniper0", "tenant": null, ... by mayurr98 Super Champion in Splunk Search 04-04-2019 0 3	0	3
Windows performon- not getting collected Hi , I have set up UF to collect data from one server to my indexer. The connection between my Indexer adn UF is fine... by johnsasikumar Path Finder in Splunk Search 04-04-2019 0 1	0	1
How to solve this: Count unique unique number of field X, expect to find the same number of field Y First start with what I have today. We use a tool to deploy applications on to our WebSphere Deployment Server. A sch... by rune_hellem Contributor in Splunk Search 04-04-2019 0 3	0	3
Why is Splunk not displaying the full log entry? I am only receiving the first two lines of a log entry into Splunk: Date: 2019/03/12 14:00:10 SOFTWARE Module: D... by vcorral New Member in Splunk Search 04-04-2019 0 1	0	1
Split semicolon separated event into many events Hello every one, I have some data in Splunk server that is separated by semicolon ";" String1=Int1;String2=Int2;Stri... by starbac Explorer in Splunk Search 04-04-2019 0 13	0	13
Format CVE using Regex I've ran a search and one of my columns in my table references CVE IDs. However, CVE IDs in that column are not in t... by carldipace New Member in Splunk Search 04-04-2019 0 2	0	2