Splunk Search

Community Activity

Need the correct regular expression for my rex command Here is my raw data: {"line":"level=debug t=\"2019-01-29T19:47:20.971Z\" rt=1 method=GET path=\"/service/health?apik... by moizmmz Path Finder in Splunk Search 01-30-2019 0 2	0	2
[SHC]Clarification on scheduler_load_based? How does captain scheduler_load_based calculation on its members to distribute scheduled saved searches ? Is it base... by rbal_splunk Splunk Employee in Splunk Search 01-29-2019 0 1	0	1
Which is this the best way to get a count of events indexed for entire environment? Blockquote 1. \| eventcount summarize=false \| stats sum(count) Blockquote OR Blockquote 2. https://docs.splunk.c... by bgagliardi1 Path Finder in Splunk Search 01-29-2019 0 1	0	1
SEARCH NOT of lookup not working is not working in realtime search i am running a realtime search in which i need to check that if a particular id is present in a lookup then it should... by bhavneesh94vohr New Member in Splunk Search 01-29-2019 0 2	0	2
Help with a pie chart search? All, I have a relatively simple search but I am tripping over it for some reason. I want a pie chart of all hosts... by daniel333 Builder in Splunk Search 01-29-2019 0 1	0	1
how to search multiple strings Hi Team, I have a list of 200 filenames (string) that need to be searched in Splunk. Each filename is unique. examp... by arunkumardhiman New Member in Splunk Search 01-29-2019 0 4	0	4
How do I use props.conf and transforms.conf to filter events based on a key word? Hi All, I have a lot of compressed files in a local directory that I want Splunk to ingest. I set up a directory as... by Log_wrangler Builder in Splunk Search 01-29-2019 0 5	0	5
Can you help me use regex to extract fields that contain 'ssd'? Hello Splunk, I have the following raw log lines: 1 2019-01-29T15:44:41.184068+00:00 xxx vpxd 4566 - - Event [5650... by lucien62 New Member in Splunk Search 01-29-2019 0 1	0	1
Need the correct regular expression for my rex command Here is my event's raw data: {"line":"level=info t=\"2019-01-29T18:19:42.999Z\" rt=2 method=GET path=\"/contentskus... by moizmmz Path Finder in Splunk Search 01-29-2019 0 7	0	7
Help with Query to list current status buckets Hi. Somebody to help me with a query to list current status buckets, example Bucket Name ... by grivera_kudaw Explorer in Splunk Search 01-29-2019 0 3	0	3
How is Splunk utilizing Map Reduce? How is Splunk utilizing Map Reduce and also, does it use the same tech for SPL and data compression? by ashishebansal New Member in Splunk Search 01-29-2019 0 4	0	4
How do I get a full listing of indexes and gigabyte ingestion? I've been using the following search to get a count of ingested daily (24hrs) and for 30 days, but I'm only getting t... by nls7010 Path Finder in Splunk Search 01-29-2019 0 1	0	1
percentage of field I have two fields body.response.successcount and body.response.failurecount .How to write query for success count % &... by tej8 New Member in Splunk Search 01-29-2019 0 1	0	1
Possible "Race Condition" From SPL code to Dashboard code running using lookuptables Hi A SPL line is retrieving data 100% all of the time, but it retrieves data 70% of the time when used as dashboard ... by robertlynch2020 Influencer in Splunk Search 01-29-2019 0 6	0	6
Why would a query using a predefined field work for me but not for my coworkers? hello -- i have a question about fields that are identified as field1, field2, field3.... they are showing for me bu... by dchima Path Finder in Splunk Search 01-29-2019 0 5	0	5
Exclude weekends and business hours to calculate duration of a support ticket I am creating a support ticket for my project. When a ticket is raised, it has 4 levels of severity(how long to solve... by louisawang New Member in Splunk Search 01-29-2019 0 5	0	5
Unable to get logs from Azure Storage blob in Splunk? I have install the Splunk add on for Azure and also configure the storage account. After that I have Configured th... by salma3 New Member in Splunk Search 01-29-2019 0 1	0	1
How do you use a subsearch with a 'table' command? Hello, In order to detect unused workstations in our computer park, we are searching for all assets not connected to... by AlexeySh Communicator in Splunk Search 01-29-2019 0 2	0	2
Can you help me figure out why the regex in my search results is coming back blank? Hi all, I'm trying to create a search that includes some regex. Ultimately, I'm trying to parse out some informatio... by selinakvle Explorer in Splunk Search 01-29-2019 0 3	0	3
Is it possible to hide the legend on Choropleth Maps? I've got iplocation data that I'm visualizing with a Choropleth. In my dashboard there will only be a single IP repre... by romanokpbah Engager in Splunk Search 01-29-2019 1 5	1	5
How do you get the total number of events? Hello! I'm trying to calculate the percentage that a field covers of the total events number, using a search. Thi... by astatrial Contributor in Splunk Search 01-29-2019 0 4	0	4
How do you use an eval command to calculate 'latest' for use in a search? I have crafted the following search that calculates a value for the 'latest' field relative to 'earliest' and uses it... by _smp_ Builder in Splunk Search 01-29-2019 2 19	2	19
converting a non time format value to a correct date format Hi guys , can you please help me with the solution for this use case i have been joining two quries and calculate t... by pench2k19 Explorer in Splunk Search 01-29-2019 0 1	0	1
Exclude weekends when calculating expected end time I am doing a support ticket with 4 levels of severity. Level 1 expects the ticket to be resolved in 4 hours Level 2 ... by louisawang New Member in Splunk Search 01-29-2019 0 1	0	1
How can I move an index in *.nix? Hi, I have index A stored on my systemdisk (i know), and I have made a new Index B on my datadisk. How will I go f... by Anonymous Not applicable in Splunk Search 01-29-2019 0 9	0	9