Splunk Search

Community Activity

use regex to remove a number from a string Hi, I want to remove a number (up to 5 digits) from a string on its beginning. an example: 43.aaaa_vvvvv.cccccc:ddd... by matansocher Contributor in Splunk Search 01-25-2019 0 3	0	3
視覚エフェクトで作成したグラフの色について - About color of graph created by visual effect Splunk Enterprizeでログのサーチ結果をグラフ化しようとしています。サーチした結果について、視覚エフェクトからグラフ化したところ、グラフの色が用意していた項目の色とずれてしまいました。主導でグラフの色を変えられないか... by arai0729 Explorer in Splunk Search 01-25-2019 0 1	0	1
Timeline App duration problem Hi everyone! I'm trying to use Timeline module but I have some trouble with the duration: Note: I'm working with a l... by MaryvonneMB Path Finder in Splunk Search 01-25-2019 0 4	0	4
Can you help me extract the following fields using the rex command? Is there any way I can extract only PersistenceLo cache cleared! and PmFinUtilityL Cache Cleared (highlighted in BOLD... by harishnpandey Explorer in Splunk Search 01-25-2019 0 5	0	5
Can you help me with a lookup table behavior question? I have a lookup table that is giving me strange search results that I can't figure out — I have a table which is a li... by wfjarrett538 Explorer in Splunk Search 01-25-2019 0 6	0	6
Strange timechart issue I have an issue on one of my two search head clusters where the column order is reversed when running timechart. For... by john_dagostino Path Finder in Splunk Search 01-25-2019 0 9	0	9
Adding search to a search in search string .... Hi all, What i try to ask is if that i can add to this: (index="bogdan") \| rename Date AS RootObject.Date ... by bogdan_nicolesc Communicator in Splunk Search 01-25-2019 0 11	0	11
Extract query parameters from URL Hi, I have a tomcat access log which contains urls like url=/find.do?from-id=549499&q-out=2019-02-20&q-room-0-adul... by vineethvnair0 New Member in Splunk Search 01-25-2019 0 10	0	10
Show events with certain frequency Hi guys, I have an Apache log (with only few information) and I would like to find out the possible events related to... by ernestpoon New Member in Splunk Search 01-25-2019 0 5	0	5
How to only append the event based on the existing records from the main search. Hi. i have a search which need to combine fields from two index. i know i can use "Join" but it is too costly thats ... by xzywind New Member in Splunk Search 01-25-2019 0 0	0	0
Why am I receiving an error in 'rex' command? Hi team, I want to ask: I cannot do extract new field and its show this error. Error in 'rex' command: The regex 'Te... by khairilfirza Explorer in Splunk Search 01-24-2019 1 14	1	14
how to find out the data available for a sourcetype Hi, Can i please know about how to find out a old data available for a sourcetype. For example, if i have a sourcetyp... by iamlearner123 Explorer in Splunk Search 01-24-2019 0 4	0	4
Can you help me extract some data with regex? Hi, I have this data {"method":"GET","url":"/rest/icontrol/logout","params":{},"requestStartTime":1548363789220,"re... by dbcase Motivator in Splunk Search 01-24-2019 0 4	0	4
values Shared by Search output and Lookup TIA. This has probably been asked and answered dozens of times but my brain is now mush. The following search gives ... by DavisLee New Member in Splunk Search 01-24-2019 0 1	0	1
How do I round only certain columns/fields ? How do I round only certain columns/fields ? below this \| foreach * [eval <<FIELD>>=round('<<FIELD>>',2)] will round ... by HattrickNZ Motivator in Splunk Search 01-24-2019 0 1	0	1
Can you help me with a problem with an AND operator in a CASE and IF statement? I have one lookup in which there is a field which consist Team Member A1 A2 A3 A4 A5 A6 A7 Now,If TeamMember=(A1 ... by kumagaur New Member in Splunk Search 01-24-2019 0 1	0	1
How do you rename chart columns and add a dynamic count in brackets? I've got an average session duration (gotten via \| Transaction) broken down by EndStatus. EndStatus is the cause of t... by VexenCrabtree Path Finder in Splunk Search 01-24-2019 1 10	1	10
How to display "0" instead of "No Results Found" Hi guys! I have the below query for a Single Value Dashboard Panel. It is counting the daily total error duration of... by auaave Communicator in Splunk Search 01-24-2019 0 5	0	5
How to Extract Values from a KV within a event log I have the below log event. [INFO ] 2019-01-24T04:09:20,513 [thread=framework1234] className=DummyConsumer - {} - {... by vickyvishwa Explorer in Splunk Search 01-24-2019 0 2	0	2
Is there a way to set a field alias at search time? Is there a way to set a Field Alias as search time, I am building a report looking at Windows Event IDs, In this case... by knutsod Path Finder in Splunk Search 01-24-2019 2 3	2	3
Get time difference between events based on the following event My data looks like this: 1. System CheckpointName ProcessTimestamp ConnectionId 2. SAP Checkpo... by florianduhme Path Finder in Splunk Search 01-24-2019 0 7	0	7
Speeding Up a Search Query Matching Subquery Results Hello, I have a search I'm trying to speed up. I have a list of field values stored in a KV store. I use an inputloo... by SplunkPersonal Path Finder in Splunk Search 01-24-2019 0 1	0	1
Multiple time logs in one timestamp Hello Multiple time logs in one timestamp example 19/01/24 10:28:51 [2019-01-24 10:28:51] DEBUG [SyslogReceiver.jav... by jsryu0247 Engager in Splunk Search 01-24-2019 0 1	0	1
Why can't I see data in the Search App's "Data Summary", but the data is searchable? Hi all, I monitor files on a heavy forwarder and use different sourcetypes and hosts for each file, but one common i... by baxiani Explorer in Splunk Search 01-23-2019 0 4	0	4
Big static report I had to have yearly report on my main dashboard. Creating it every day would be really hard, so I am wondering can I... by darioapis Explorer in Splunk Search 01-23-2019 0 1	0	1