Splunk Search

Community Activity

How do you search port ranges and match to service? Hi Guys, I hope someone can help me? I'm looking to search through several port ranges and match against one or mul... by MABurberry Engager in Splunk Search 03-05-2019 0 2	0	2
How do you return Boolean if today matches the dates listed in lookups table? I have mydates.csv file uploaded to Splunk lookups. It looks like this: Date 1/2/2019 2/5/2019 2/16/2019 I need to ... by lucy2019 Explorer in Splunk Search 03-05-2019 0 12	0	12
Two different values for the vertical axis Hi! I am currently working on a project that required to show a timeline duration of a machine runtime, downtime, er... by mdmaala Communicator in Splunk Search 03-05-2019 0 1	0	1
Can you help me use start and end times in one search in a mapped subsearch? I'm trying to connect the sum of measurements from a certain process and connect them to workorders by the times the ... by baklimek New Member in Splunk Search 03-05-2019 0 8	0	8
Regex: subpattern name expected org_name="myOrg" index="myIndex" app_name="myAppName" space_name="Staging" \| rex field=msg "stack:(?<.java\.lang.Ex... by robprice797 New Member in Splunk Search 03-05-2019 0 2	0	2
How do you dynamically generate month name based on a search? I have created a Month over Month dashboard that will eventually become a report that is sent on the 1st day of the m... by rwarnerii New Member in Splunk Search 03-05-2019 0 2	0	2
rex and sed with automatic lookups Hi, This is basically a question of when automatic lookups are applied to data. I have a field url i need to sed a... by christoffertoft Communicator in Splunk Search 03-05-2019 0 2	0	2
index_name variable to use in all index paths I'm looking for a variable that can be used to replace the index name for the following configs in the indexes.conf f... by ashleyherbert Communicator in Splunk Search 03-05-2019 1 5	1	5
Remove fields from a query The title says it all. I'm looking for a way to remove fields from searches and subsearches. I know I can hide fields... by kahless1985 Explorer in Splunk Search 03-05-2019 0 3	0	3
HEC large field value not extracted but is in _raw Have a field in our HEC input that is larger the 10,000 characters. When searching the data input from HEC the field ... by simpkins1958 Contributor in Splunk Search 03-05-2019 0 6	0	6
How do you put constraints in rex? Data: message: ================> Request Details: [requestId:123122313-3453-1122-1112222] [requestMethod = GE... by changj New Member in Splunk Search 03-05-2019 0 3	0	3
How come the rex command is not working like normal regex? Given a string: (path=/myPath/123/endpoint,method=GET,accept=text/plain;version=0.0.4;q=1,/;q=0.1,content-type=nul... by jmorri6 Engager in Splunk Search 03-05-2019 0 2	0	2
Looking for assistance with regex when extracting json from inside of syslog events Original syslog format of json message: Feb 25 16:24:24 hostname.fqdn.com Feb 25 22:24:24 log-forwarder-pn4c9 edge-4... by rhendle Observer in Splunk Search 03-05-2019 0 2	0	2
How to calculate moving average based on 2 fields? Hi Splunkers, Suppose I have 2 values in my seach: Date, # of items purchased, UnitPrice Day1, 4, 0.12 Day2, 10, 0.1... by ADRIANODL Explorer in Splunk Search 03-05-2019 0 7	0	7
How to add values to the fields? Hi, index="osh" sourcetype="Service" CaseNumber=1111 status=* assignment_group=* \| dedup _time,CaseNumber,assignmen... by ramesh12345 Explorer in Splunk Search 03-05-2019 0 3	0	3
Analyze where the users "looking for" information in our application Our log looks like as following after first filter: Date...Time...UserID...Function...Level 1...Level 2...Section...... by jyab6z Path Finder in Splunk Search 03-05-2019 0 8	0	8
Is there any result limit of CIDR() in lookup? I want to add AS number to ip by using some geo data. This data has column AS number and network like below. AS_num... by yutaka1005 Builder in Splunk Search 03-04-2019 0 2	0	2
How do you use the IN function with a free text search? I would like to search the entire record for a list of text strings using the IN function. At the moment, I have a s... by toryan Engager in Splunk Search 03-04-2019 0 7	0	7
How do you calculate the difference between two different dates? HI all, I've read many articles in Splunk community to find out how to calculate different dates. I get the correct ... by wagnerlucena Explorer in Splunk Search 03-04-2019 0 6	0	6
How to edit my SEDCMD-mask regex on a heavy forwarder to mask a string in my sample data? Having issues using SEDCMD on Heavy forwarder layer. I have a complex REGEX with multiple pipes \|\|\|\| But it is not wo... by ssyed2009 New Member in Splunk Search 03-04-2019 0 1	0	1
Eval Equals Another Field Greetings, I have a query that ends with a timechart command \| timechart span=1h eval(round(avg(FIELD),0)) as "Resp... by cquinney Communicator in Splunk Search 03-04-2019 0 3	0	3
the way fields are arranged in a timechart / join combination particularily the 2nd search being joined I basically have 3 KPIs that I want to do a search on search1 will be for yesterday and search 2 will be for some p... by HattrickNZ Motivator in Splunk Search 03-04-2019 0 5	0	5
How do you compare dynamic field values created after xyseries? I have the below output after my xyseries comp, Field1,Field2,Field3 A,a1,a1,a1 B,b1,b2,b3 C,c1,c2,c2 I want to ad... by bapunpatel New Member in Splunk Search 03-04-2019 0 4	0	4
Match condition to unset a token based on value in input field I am trying to clear a input field based on user's input. I am able to clear input field by using unset form.token I... by praphulla1 Path Finder in Splunk Search 03-04-2019 0 2	0	2
Event Timechart with event duration Hello, I need help making a graphical presentation of the event happening over time. The X-axis will represent the t... by lain179 Communicator in Splunk Search 03-04-2019 0 5	0	5