Splunk Search

Community Activity

regex to mask password in props.conf I am need of help to build the regex to mask a password string looking similar to this Password: 22222222abc22222222... by caitcait Explorer in Splunk Search 01-23-2019 0 10	0	10
Regex Help; exceeded configured match_limit I have this query that works in all regex assist sites but is too greedy for my Splunk Environment. I am unable to ad... by JoshuaJohn Contributor in Splunk Search 01-23-2019 0 3	0	3
Using Wildcard as value in a variable Is there any way to use a wildcard as a value to a variable? \| inputlookup Functionalities.csv \| search AppNo=$app$ ... by weidertc Contributor in Splunk Search 01-23-2019 0 15	0	15
How do you format a table row as currency but not the column field only a specific row? I have a table that has various columns of Totals. However, the CurrentYear can represent different information. I o... by EmEdwards Path Finder in Splunk Search 01-23-2019 0 1	0	1
Search help I have the Sophos XG forwarding logs to Splunk. How do i search for users who logged into Sophos XG in Splunk. by ticbos New Member in Splunk Search 01-23-2019 0 2	0	2
How to prevent Eventgen from generating duplicates Hi, I´m new to Splunk and Eventgen. I have a sample with 24 events distributed over 1 day (timestamps from 19.11.2018... by ttyurina New Member in Splunk Search 01-23-2019 0 0	0	0
Can you help me with a lookuptable question? Hello all, I have indexed data that contains an extracted field (domain) and a CSV (https.csv) file with the followi... by adabud6267 Explorer in Splunk Search 01-23-2019 0 4	0	4
Is it possible to have a common URL for Splunk? Hi, We have three different URLs for Splunk for example, https://splunk1.com, https://splunk2.com; https://splunk3.... by dbashyam Explorer in Splunk Search 01-23-2019 0 4	0	4
Why does the stats function remove my fields and what Splunk solutions can I use for the following order: 1st do lastest(_time) -> then do sum(on the result of latest) Hi, I've read a while ago how easier Splunk is vs SQL, but I do not agree within the context of my issue:( I want t... by net1993 Path Finder in Splunk Search 01-23-2019 0 20	0	20
Is it possible to calculate 'responseTime' values in a cumulative stats table? I have identified an issue with a response time stats report that was built by a former Splunk specialist at my organ... by alexandermunce Communicator in Splunk Search 01-23-2019 0 3	0	3
Splunk forms I would want to know if I can create a form as below : Time : 23/01 No of Events ... by Deepz2612 Explorer in Splunk Search 01-23-2019 0 3	0	3
How do you transform table values to a column replaced by values? Hi Folks, I'm still new to Splunk queries. I'm struggling with the following (simple) table transformation: All val... by mgutschelhofer Explorer in Splunk Search 01-23-2019 0 3	0	3
What does the following Splunk health check warning mean? For one of the app we are getting error: Health Check: msg="A script exited abnormally with exit status: 1" What d... by mbagali_splunk Splunk Employee in Splunk Search 01-22-2019 0 1	0	1
How do I count events for the past 45 days when the start date is the 15th of each month? Please Help !!!! I am trying to create an SPL query to count events for the past 45 days from the start date the 15t... by amilavsky Engager in Splunk Search 01-22-2019 0 2	0	2
Does anybody have idea on "INFO PipelineComponent - Process delayed by 1524.266 seconds, perhaps system was suspended?" log message? All my summaries are running and completed successfully. But I can see "INFO - Process delayed by 1524.266 seconds, p... by sesharao92 Explorer in Splunk Search 01-22-2019 2 0	2	0
What's wrong with my rex? I'm trying to time an event. The event occurs within a burst of log events, which arrive at my Splunk server and usu... by stcrispan Communicator in Splunk Search 01-22-2019 0 15	0	15
Why is my single visualization w/trendline total display off by 1? i have the following query and the events/results show "5" but the Single w/Trendline Visualization shows "4". index... by jaj Path Finder in Splunk Search 01-22-2019 0 2	0	2
tabulate timeline of a notable event I'm trying to create a table that displays the timeline of the notable event based on its status from creation. So, ... by pthalasta New Member in Splunk Search 01-22-2019 0 0	0	0
Services.sh with Init doesn't seem to give service status We've been using services.sh to get service status on systemd boxes without issue. But when we started looking at ol... by splunk219783 Path Finder in Splunk Search 01-22-2019 0 0	0	0
How do you capture values with regex? Hi, I am fairly new to regex and cannot figure out how to capture certain strings. Here is an example of the string... by ebkeys94 Engager in Splunk Search 01-22-2019 0 4	0	4
Can we decide to not show fields ? I have a log file date which is split on different fields ( date_hour, date_second, date_hour etc...) Can i decide t... by magilbert1 Explorer in Splunk Search 01-22-2019 0 3	0	3
Retain SPL format in a drill down When I do a drill down in my dashboard the search box in the new windows get's rid of all the line breaks in my SPL s... by dstuder Communicator in Splunk Search 01-22-2019 1 1	1	1
Search question Hi there, Can someone help me with search around these subjects (I'm using DBX output to SQL) I'm new to this langua... by odeddror New Member in Splunk Search 01-22-2019 0 1	0	1
How do you determine the time difference between two events? So I've read several previous questions on how to get the time difference between events, and they all seem to revolv... by muzicman61 New Member in Splunk Search 01-22-2019 0 9	0	9
Can you help me with the following query using regex: missing terminating ] for character class So I tested this regex with regex101 and it seems to be working but Splunk doesn't seem to like it. Any ideas? \| rex... by JoshuaJohn Contributor in Splunk Search 01-22-2019 0 10	0	10