Splunk Search

Community Activity

How do I extract a field value after a specific string in unstructured data? Hi, I would like to extract a new field from unstructured data. FX does not help for 100%, so I would like to use re... by HeinzWaescher Motivator in Splunk Search 02-25-2019 1 2	1	2
Can you help me with my regex expression? Hi Team, I'm struggling to get the regex expression for the following values. I want to capture the text before the ... by pench2k19 Explorer in Splunk Search 02-25-2019 0 2	0	2
How to get latest parameter from csv disregarding empty values Hi splunk comunity! I have dashboard with text input, which starts to execute when i change my parameter in text box... by mishaaaaaaaaaa Explorer in Splunk Search 02-24-2019 0 6	0	6
How do I search from 2 different indexes? Hi, How do I search in two indexes? I am looking for the IP address in both the indexes at that same point of time a... by ajayrejin Explorer in Splunk Search 02-24-2019 1 6	1	6
Search for POST params Hi- I am pretty new to Splunk. Can we search for a specific (form) parameter against a POST REST call ? by ashishgarwal New Member in Splunk Search 02-24-2019 0 1	0	1
Splunk extraction of fields for email texts I have the infra as shown below: Splunk Log Forwarder-> Splunk Indexer The Log forwarder defines which data goes int... by tan_junyuan Engager in Splunk Search 02-23-2019 0 1	0	1
How to calculate no of opened ticket in past in splunk Hi , i want to calculate total no . of opened incidents by a user over a time interval in dynamic environment in spl... by himanshu_b_shek New Member in Splunk Search 02-23-2019 0 4	0	4
help on rangemap command with loadjob Hi I use the search below in order to display GOOD or BAD in a panel When I execute the query i have a result But I... by jip31 Motivator in Splunk Search 02-23-2019 0 8	0	8
Can you help me with a subsearch? Hi, I use the search below in order to display the model of a host for only the host which has a Wear_Rate>0 But th... by jip31 Motivator in Splunk Search 02-23-2019 0 2	0	2
How to capture 2nd max value of a field and compare with 1st max value of the same field I have data in json format as following:- {Run=1 , Average=2.1, Max=3, Min=1.4, Transaction=Sample1} {Run=1 , Average... by pratyushak New Member in Splunk Search 02-22-2019 0 2	0	2
Difference in result with timechart span=1d dc(ip) vs timechart span=1h dc(ip) I am using distinct count with time chart for the whole day (yesterday). The result is varying if the span is change... by aa274t New Member in Splunk Search 02-22-2019 0 5	0	5
Reference Time on Dashboard Load (and adjust to time change) Hi, I was wondering how I can reference the time picker on load for a dashboard and make sure that it's the right fo... by mrstrozy Path Finder in Splunk Search 02-22-2019 0 1	0	1
Two searches but only need to return results of the second search that match the first ok so...I have been banging my head against the wall on this one for a bit. I have tried using join (which I don't an... by RickerNJ New Member in Splunk Search 02-22-2019 0 5	0	5
Dedup search results not showing for a user I have a user that is a doing a search that has \| dedup in it. While I can see the results when I run the search (I'm... by toddhawkins New Member in Splunk Search 02-22-2019 0 4	0	4
help on join command please hi I use the search below index =* sourcetype=* \| dedup host \| stats count This search returns 87 events I try t... by jip31 Motivator in Splunk Search 02-22-2019 0 5	0	5
how to display a 0 result instead an empty result hi I use the search below and I would like to have a 0 results displayed when there is no events corresponding could... by jip31 Motivator in Splunk Search 02-22-2019 0 14	0	14
After integrating Splunk with JIRA, How can I see the list/count of defects created in last 7 days? I have integrated Splunk with JIRA. I want to see the list/count of defects created in last 7 days. I'm picking the c... by cadrija Path Finder in Splunk Search 02-22-2019 0 1	0	1
Search to find indexes with events and display index size, total events , earliest and latest events per index Hi, what would be the best way to find indexes with events and display its size, total events , earliest and latest ... by mlevsh Builder in Splunk Search 02-22-2019 0 4	0	4
Compare current and last one hour event value in same search. Hi All, I have to monitor the queues. And for that I have made the basic dashboard where it shows the details. Detai... by vaibhavvijay9 New Member in Splunk Search 02-22-2019 0 1	0	1
Can you help me create the regex for an Index time field extraction? Hi, We are trying to create an index time field extraction. I tried following the docs, but I am making a mistake so... by MattibergB Path Finder in Splunk Search 02-22-2019 0 3	0	3
Subsearch returns empty value, main search also returns no results , so the returned value from subsearch is not creating eval error index=app_core sourcetype=app_log cluster_name=app1_cluster is_scheduled=1 \| eval [ search index=app_core sourc... by nomadichunters Explorer in Splunk Search 02-21-2019 0 13	0	13
Is Splunk 7.x Fundamentals Part 1 (eLearning) free? I just finished all the modules and the final quiz, my question is Do I have to pay for the certification of "Splunk ... by dunix New Member in Splunk Search 02-21-2019 0 2	0	2
How do you search logs for a letter at a specific position? I'm very new to Splunk and need help with a search. I want to perform a search to show me the results where the 5th... by arthurva Explorer in Splunk Search 02-21-2019 0 3	0	3
Simple Regex in search I have a string of data that includes a field named user that has a value made up of domain\userid (eg prod\3245762 o... by balcv Contributor in Splunk Search 02-21-2019 0 9	0	9
lookup a csv if a field has certain value Good day, I have a lookup file "Mainlookup.csv" that contains an IP address, Mac address and Host name of Clients ma... by mpasha Path Finder in Splunk Search 02-21-2019 0 2	0	2