Splunk Search

Community Activity

Why would the rex command ignore special characters in a search? I have my log like params=All Items \| ABC \| 2019-01-29 \| \| \| \| \| \| \| = \| \| = \| \| \| \| \| \| ,uri=/api/items... by skhprabu New Member in Splunk Search 02-01-2019 0 2	0	2
regex field extraction - match field in double quotes after sting match I'm attempting to build a regex that will extract a field enclosed in double-quotes, after a string match. Basically ... by rotundwizard Explorer in Splunk Search 02-01-2019 0 8	0	8
Can you help me build a search that finds scheduled reports that are running? Hi! I need help with a search to find scheduled reports that are running. I want to know what are exactly running ri... by amirarsalan Explorer in Splunk Search 02-01-2019 0 4	0	4
search to find total amount in a particular index Im looking to find the total amount of data that was ingested for a particular index. We usually use out deployment s... by vonsolo29 Explorer in Splunk Search 02-01-2019 0 4	0	4
How do you do a conditional Eval? The scenario is this. I have a two field name name joe and bob. if bob help a job it indicate yes as its field value... by marjonhtuazon Explorer in Splunk Search 02-01-2019 1 4	1	4
Percentage not showing on Timechart correctly Hi Splunk Experts, I'm doing a calculation and adding to timechart like so eval ... by luckyman80 Path Finder in Splunk Search 02-01-2019 0 3	0	3
How do you edit props.conf to correctly parse data from a PowerShell script? I have a powershell script which feeds data into Splunk via a UDP port. The output of the script is as follows: Abat... by ckeller2791 Explorer in Splunk Search 02-01-2019 0 3	0	3
How to match the values from different rows on a table and compare result. I have 2 tables contains random msisdn which can be repeated in one another as follows: Table1 \| Table2 msisdn1 ... by mandarpim New Member in Splunk Search 02-01-2019 0 5	0	5
Can someone explain concurrent historical searches to me? I do not understand what is meant by concurrent historical searches. Can someone else explain what it means to me? ... by sboogaar Path Finder in Splunk Search 02-01-2019 0 7	0	7
In a table output that uses the stats command, how do you convert a row to a header? How do I convert the output of a table from stats command that looks like this: TIME VALUE METRIC time1 ... by dtakacssplunk Explorer in Splunk Search 02-01-2019 0 3	0	3
How to set height for bar chart Bars? I have created a few bar charts. In that few of the charts have 10 bars,5 bars, and 1 bar. All of these charts bars s... by sajithpm101 New Member in Splunk Search 02-01-2019 0 1	0	1
How do I extract a field between two strings using a regular expression? I have logs having string like: 127.0.0.1\|> GET /alldata 127.0.0.1\|> GET /somedata 127.0.0.1\|> GET /nodata 127.0.0.1... by rohanmiskin Explorer in Splunk Search 02-01-2019 0 2	0	2
Data models slow after restart - tstats HI Every Saturday we do a full stop of Splunk and we do a full back up + restart. The issues is come Monday morning ... by robertlynch2020 Influencer in Splunk Search 02-01-2019 0 6	0	6
Search query required to lookup a csv file Hi, I need to check if the source address from the firewall logs is in private ip address range. How would i check u... by ajayrejin Explorer in Splunk Search 02-01-2019 0 4	0	4
String compare regex wildcard (( host="vwp054" AND source="E:\\Apache\\apisit\\")) \| eval site = if(match(source,"E:\A."),1,0) \| eval aba = if(... by darioapis Explorer in Splunk Search 01-31-2019 0 1	0	1
How can I add a matched lookup field to my stats command output? Hi all, My apologies if the title was a bit vague, wasn't sure how to word it! I have a search which identifes keyw... by danfinan Explorer in Splunk Search 01-31-2019 0 1	0	1
Change table representation I have a table as follows: CN\|Lev\|ref1\|ref2\|ref3\|ref4\|ref5\|ref6 cn1\|1\|1\|2\|3\|4\|\|\| cn2\|2\|\|\|\|\|5\|6\| The representation ... by anisgupt New Member in Splunk Search 01-31-2019 0 2	0	2
How do you set date_mday for yesterday? If I run the following search, adjust the time picker to the last 7 days, AND the 28th falls within the time picker d... by dorgra Path Finder in Splunk Search 01-31-2019 0 2	0	2
Rex to extract text that ends with either one of multiple words Hello all, I have data like this reason="abc";appName=.... reason="xyz";ERServer=... reason="dfg",ClientBob=... Ho... by Cbr1sg Path Finder in Splunk Search 01-31-2019 0 17	0	17
How do you build a panel with different source inputs? I am trying to build a panel where I would like to input the source and present in a radial guaze. The simple query ... by pranay04 Explorer in Splunk Search 01-31-2019 0 3	0	3
How do you get a distinct count of one field based on the value of another? I need to count the total based on status, but also the number of sessions for each status. The number of sessions i... by weidertc Contributor in Splunk Search 01-31-2019 0 2	0	2
Configure an emailed report with timechart to display in local time rather than GMT? I have a report of proxy logs that is emailed to me every evening. The logs themselves are in GMT. I set the time f... by DEAD_BEEF Builder in Splunk Search 01-31-2019 0 0	0	0
Why are log events indexed from GZip archive with a specified source type missing extracted fields? Hi there, I have a custom source type (papertrail) that is a tab delimited source and have verified it works correct... by statmuse Engager in Splunk Search 01-31-2019 0 7	0	7
What exactly is Archiver (Archiving large_file) doing? In splunkd.log we see: 01-31-2019 12:38:03.683 -0800 INFO Archiver - Archiving large_file=/opt/splunk/etc/apps/sear... by the_wolverine Champion in Splunk Search 01-31-2019 0 2	0	2
Can I have an accelerated search summary for 1 year if the index retention time is set to 90? I am attempting to come up with a solution to hold log data for 180 days for data within an index that has a retentio... by ericg57 Engager in Splunk Search 01-31-2019 0 4	0	4