Splunk Search

Community Activity

apply apache field extractions to nonstandard sourcetype Hello, I have some apache access logs coming in that I'd like to label sourcetype="aem:access" instead of sourcetyp... by zhatsispgx Path Finder in Splunk Search 01-15-2019 0 7	0	7
Finding Historical Gaps in Data I have an existing search that shows devices that currently are not logging i.e. gaps however, I didn't have an aler... by neely_hpe New Member in Splunk Search 01-14-2019 0 1	0	1
SWAGGER URL for SPLUNK Hi All, I have downloaded SPLUNK Enterprise -Trial We are trying to use SPLUNK Enterprise for Automation using cloud... by abedeen Engager in Splunk Search 01-14-2019 1 0	1	0
Question : I am facing issue in Regular expression want to print substring from string Hello Sir , I am new for this Regular expression . in our log has different value for field. want to remove char upt... by su_kumar New Member in Splunk Search 01-14-2019 0 5	0	5
Field Extraction help for user and email The following is one of the sample raw logs. 01/14/19 2:05:25.000 PM 2019-01-14 19:05:24.915 INFO 1234 --- [abcd-2... by pavanae Builder in Splunk Search 01-14-2019 0 2	0	2
Hot folder does not index some files Good morning everyone I'm having trouble crawling multiple files at once. Today I copied 100 files and placed them i... by gabrielgarciia New Member in Splunk Search 01-14-2019 0 2	0	2
Can Splunk charts display a logrythmic Axis? Hi, Is there an option for Splunk to display chart axis logrythmically? I don't see an option in the standard chart... by a212830 Champion in Splunk Search 01-14-2019 1 2	1	2
How do you add a blank row after each unique host in search results? I have a search statement in a customized dashboard to show the disk utilization of my servers. I would like to add a... by kenntun Engager in Splunk Search 01-14-2019 0 8	0	8
Need to hide data in DB connect Hi Team, I have 2 sources & have 12 months of data in DB connect app , Can we hide particular month of data in DB co... by rakesh44 Communicator in Splunk Search 01-13-2019 0 5	0	5
Query substring of value stored in token I have a $token$ with value 192.168.25.2. How do I perform a query for all addresses that have 192.168.25.* excluding... by burchl New Member in Splunk Search 01-13-2019 0 7	0	7
Why is my search head sorting columns when displaying statistics/visualizations? We have two search heads, one for general use and one for Enterprise Security. Any table/stats searches on the ES se... by gf13579 Communicator in Splunk Search 01-13-2019 0 7	0	7
How do you extract an XML tag from _raw field? Hi all, I'm new to Splunk and don't have much idea of regex. I'm trying to extract the content of "faultstring" tag... by mukesh2019 Explorer in Splunk Search 01-13-2019 0 3	0	3
Can I exclude certain columns in a table from drilldown? Hello, Basically, I just want to know if there is a way in the Splunk XML to exclude certain columns in a table from... by mal81394 New Member in Splunk Search 01-12-2019 0 3	0	3
Reindex a file on 3000 machines All, I indexed a 30-line config file off all our Linux hosts. But accidentally used the wrong source-type and index... by daniel333 Builder in Splunk Search 01-12-2019 0 4	0	4
interesting regex Hi, I have data that looks like this 2018-06-11 23:37:11,035 pool-10-thread-1 DEBUG c.i.w.i.s.WholesaleCVRService ... by dbcase Motivator in Splunk Search 01-12-2019 0 5	0	5
Dynamic eval if match from a list of values - foreach? A standard eval if match example is below. Any ViewUrl value which starts with /company/.* has the entire string re... by DanielFordWA Contributor in Splunk Search 01-12-2019 0 8	0	8
How do I get the timechart results for a summary index query? I have a query which uses the summary index and some lookup tables with eval conditions and ends with... \| chart co... by pavanae Builder in Splunk Search 01-12-2019 0 6	0	6
Multiple If Statements (Comparing Two Columns) Hello, I have information being indexed from a website that does constant ping tests. The information that I am retr... by dfrench151 Explorer in Splunk Search 01-12-2019 0 4	0	4
ID of the max value event Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z, 8... by kvaga Explorer in Splunk Search 01-12-2019 0 7	0	7
How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios? I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version... by splunkot New Member in Splunk Search 01-11-2019 0 2	0	2
How do you treat a variable value as another field with Splunk? I have a field named "object_XXX_property", where XXX string is dynamically generated and is held in another field na... by derekho55 Explorer in Splunk Search 01-11-2019 1 7	1	7
Help with slot time conditions hi i use the request below but i have an issue with the relative_time: secondlastday=I dont want to have events afte... by jip31 Motivator in Splunk Search 01-11-2019 0 7	0	7
How do you correlate one field between two sources, and then if they match, find value from another field from the second source type? I have: sourcetype_a` and`sourcetype_b Where one field message_ID exists in both source types. I want to loop thr... by luke222010 Engager in Splunk Search 01-11-2019 0 3	0	3
[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table Hi all, I have a CSV lookup file to map with one field in my indexed data. The search was working perfectly before, b... by dannili Communicator in Splunk Search 01-11-2019 0 3	0	3
How to call Splunk custom endpoint using jquery ? Dear all, I wish I could make a call such as $.ajax(...) to my custom endpoint. But which Splunk method should I us... by ecoquelin Explorer in Splunk Search 01-11-2019 0 1	0	1