Splunk Search

Community Activity

Extracting JSON/XML from string entry and dispalying in table Hi I am trying to extract various fields from below entry in splunk. I executed the below splunk query : index=test... by amith7 New Member in Splunk Search 02-28-2019 0 0	0	0
How do you extract fields that end with a question? I wanted to extract a field to capture the data before the question mark as below. api_call "Get \search\ip\6789\?=n... by Deepz2612 Explorer in Splunk Search 02-28-2019 0 6	0	6
How do you get events where the phone number field only begins with specific digits? Hi Experts, How can I get events on a numeric field where a 7 digit number begins with 11? I tried with ...my searc... by alc2019 New Member in Splunk Search 02-28-2019 0 6	0	6
How do you use the join command in an LDAP search? I am trying to create a search against our LDAP strategy to show the capabilities, indexes, and users assigned to eac... by solarboyz1 Builder in Splunk Search 02-28-2019 0 0	0	0
Can you help me monitor httpd process through Splunk on a Linux Machine? Greetings all, I want to monitor an "httpd" process for a Linux Machine, and if the process is down or not running, ... by ssatti New Member in Splunk Search 02-28-2019 0 4	0	4
How do you CIDR Match a subnet in a list of subnets? So IP to a subnet CIDR match has always worked in Splunk. No issues there. BUT a request came where we need to do a s... by theouhuios Motivator in Splunk Search 02-28-2019 1 0	1	0
How do I calculate application availability based on status code? How do you calculate application availability in minutes based on a status code? I want to determine the outage if 50... by mahenders New Member in Splunk Search 02-28-2019 0 0	0	0
What is a good approach to run a search multiple times in time batches? Hi all, I am trying to run a search that returns one row of results over a long historical time window on a per hour... by stanwin Contributor in Splunk Search 02-28-2019 0 7	0	7
How do you make a query to see logs not sent by a forwarder? Guys, I need to see which forwarders do not send events in a period of 3 hours. For example: if a forwarder does no... by wvalente Explorer in Splunk Search 02-28-2019 0 5	0	5
How to apply colors of a choropleth map on a field other than count? Choropleth map applies different colors depending on the range of the "count" field. How can I use another field? If ... by hylam Contributor in Splunk Search 02-28-2019 1 5	1	5
How do you use the rex command to parse out the IP between fix characters? Hi all, I was wondering how can i write a Splunk rex to parse out the IP between two words. for example <IpAd... by AbubakarShahid New Member in Splunk Search 02-28-2019 0 2	0	2
How do you retrieve date from the following string using regex? Hi, Test-20190212-0912 from this string. I want to retrieve date like this 2019-02-12 How do I write this in regex? by ramesh12345 Explorer in Splunk Search 02-28-2019 0 21	0	21
Splunk search does not return event data when there is multiple json in same event I have a created a splunk alert when there is a failure occurs. I have query as follows: index=* source=*** \|spath p... by karthi25 Path Finder in Splunk Search 02-28-2019 0 7	0	7
How to change the default color formatting on a table header? I just want to color the column headers and not the cells of my dashboard tables by surekhasplunk Communicator in Splunk Search 02-28-2019 1 14	1	14
Populate field based on subsearch I have a Splunk query that parses out some Windows event log data. One of the things that I examine is the user name... by evetsleep New Member in Splunk Search 02-28-2019 0 4	0	4
How do you match on multiple fields in a lookup table? Hi all, I've been banging my head against the wall trying to get this to work. What I'm trying to do is to use a lo... by tljohnson Engager in Splunk Search 02-28-2019 2 2	2	2
How to get earliest time and latest time token in JOB Hi splunk comuniti! I have a job in splunk. In "Edit Search" i have two fields - Earliest time and Latest time. How ... by mishaaaaaaaaaa Explorer in Splunk Search 02-28-2019 0 4	0	4
Can you help me with a stats count that returns a percentage? Hi, I use the search below in order to count event number. I want to do the same calculation, but in percent event... by jip31 Motivator in Splunk Search 02-28-2019 0 7	0	7
Can you help me use multiple regex for a single field? Hi all, We are trying to do the following: At index time we want to use 4 regex TRANSFORMS to store values in two f... by MattibergB Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you create a regex that keeps only specific events? I'm looking to send junk data to nullque on our heavy forwarder and I only want to key in on specific events in the r... by fisuser1 Contributor in Splunk Search 02-27-2019 0 5	0	5
Extract numeric value from CHKDSK event A schedule task on a Windows server runs a CHKDSK /SCAN on every logical drive. The resultant Message field looks lik... by dorgra Path Finder in Splunk Search 02-27-2019 0 4	0	4
How do you remove special characters from a token? What would be the easiest one line solution to remove special characters from a token? I'm taking a text input (mac ... by clintla Contributor in Splunk Search 02-27-2019 0 6	0	6
Time picker : can we convert presets, relative time into date range ? Hello, I am doing: case(strptime($latest$,"%Y/%m/%d %H:%M:%S")-strptime($earliest$,"%Y/%m/%d %H:%M:%S")<518400,... by henriq_c Explorer in Splunk Search 02-27-2019 0 1	0	1
Correlation 2 sourcetype with common fields different name Hello guys, I have 2 sourcetype, the sourcetype A have the fields [ IP , hostname , source_mac ] , the sourcetype B ... by pgbr7 Explorer in Splunk Search 02-27-2019 0 8	0	8
Missing data after I increase the numeric data in my where clause Greetings I'm using the following query over 24hrs. \| initial search \| timechart useother=f span=1h avg(field1) by ... by cquinney Communicator in Splunk Search 02-27-2019 0 9	0	9