Splunk Search

Community Activity

Why am I getting error "Could not use regex to parse timestamp..." for timestamps before November 2010? Using Splunk 6.4.0 on Ubuntu Server Trying to index a file that goes back in years. Working with the Timestamp to g... by TangentTexan New Member in Splunk Search 01-03-2019 0 5	0	5
Is it possible to mask the sensitive data from the configuration files during the search time? I am able to use "SEDCMD" to mask the sensitive data during the index time, but is it possible to mask the sensitive ... by splunkrocks2014 Communicator in Splunk Search 01-03-2019 0 4	0	4
Can you help me with event time subtraction? Need help with the following scenario. I want to be able to know how many users and how long each user was logged-in... by zacksoft Contributor in Splunk Search 01-03-2019 0 4	0	4
How do you get the count value by using tstats or stats command? Hi Team, I am using the below command for getting the total value of Payable_Column & show the total count: index=... by rakesh44 Communicator in Splunk Search 01-03-2019 0 4	0	4
Where splunk default alert action script will store Where splunk default alert action script will store.Once i created a script to execute in alert action then where it ... by raja8220 New Member in Splunk Search 01-03-2019 0 1	0	1
How do you get the value from a tabular event for alerting? Hi my log event will be in a tabular format like below program status Group Lag ... by raj_mpl Path Finder in Splunk Search 01-03-2019 0 14	0	14
Can you help me with my regex pattern match? Here is my code . I want my field record_type to contain only the events/records that contain either of the keywords ... by zacksoft Contributor in Splunk Search 01-03-2019 0 3	0	3
Where following a dc(field) I am looking at a firewall. I am trying to find only results where there are more than 20 distinct ports per source. ... by stakor Path Finder in Splunk Search 01-03-2019 0 3	0	3
Failing to extract to multivalue field with props.conf and transforms.conf Im not sure why I am not extracting into multivalue fields. It's only extracting the last matching group. I think its... by nkleck New Member in Splunk Search 01-02-2019 0 1	0	1
How do you use OR logic in lookup fields? Hello! Problem: Take .csv lookup file and search through an index in order to identify a match, if ipaddress OR us... by tomsterkw Engager in Splunk Search 01-02-2019 0 4	0	4
Can we create outputlookup table user based? Hi, As we know that, lookup table can be created as global, if file is located at '$SPLUNK_HOME/etc/system/looku... by sumangala Path Finder in Splunk Search 01-02-2019 0 8	0	8
Splunk search causes browser to crash One of the searches by our user caused his browser to crash. "index=oseventlog OR index=activedir OR index=oseventlo... by mlevsh Builder in Splunk Search 01-02-2019 0 8	0	8
Can you answer a couple of questions for me regarding the certification exam? folks, just checking your experience with Recertification and Splunk Enterprise Certified Architect Anyone have do... by koshyk Super Champion in Splunk Search 01-02-2019 0 4	0	4
Custom lookup table used in search I created a csv file that has two columns, name and ip. I've uploaded the csv and I want to use the name column as li... by mpunderw Engager in Splunk Search 01-02-2019 0 3	0	3
How to add a wild card to all the field values at the end of a field? I have a query as follows \| inputlookup hosts.csv \| table host \| format Which gives the result as follows ( ( h... by pavanae Builder in Splunk Search 01-02-2019 1 4	1	4
Index time extraction: How to field extract from source, with two capturing groups? This is an example of my source: /frameworks/app_console-ui_v656_web_0/runs/latest/errors.stdout I am using the fo... by splunkIT Splunk Employee in Splunk Search 01-02-2019 1 2	1	2
How do you change the background color of a timechart if there is a value of zero ? I have a simple timechart that looks at the _internal index for various hosts and makes a simple timechart span by ho... by DEAD_BEEF Builder in Splunk Search 01-02-2019 0 6	0	6
remove lines containing stack trace Hello, I just started to use Splunk to search and generate reports from logs collected from a Java application. Somet... by asalinas New Member in Splunk Search 01-02-2019 0 0	0	0
Upgrade Splunk Instance to 7.2.x - showing Splunk>Hunk instead of Splunk>Enterprise After the upgrade to 7.2.1 all instances show Splunk>Hunk instead of Splunk>Enterprise This is also affecting previou... by rbal_splunk Splunk Employee in Splunk Search 01-02-2019 0 3	0	3
Base Searches and postprocess Hi! I have a dashboard with 4 panels. I use a base search "baseSearch1" and two post process searches based on my ba... by raphgoncalves Explorer in Splunk Search 01-02-2019 0 7	0	7
How to join large tables with more than 50,000 rows in Splunk? How do you join large tables? It is impossible to join tables with more than 50k rows in splunk, so I'm using some t... by 0range Communicator in Splunk Search 01-02-2019 1 16	1	16
How do you use strptime with different date formats? I have two date formats coming into my index (01/11/2018) and (01/11/18). I wrote: \| eval LastSeen_epoch = strptime... by JoshuaJohn Contributor in Splunk Search 01-02-2019 1 2	1	2
How do you fix the font size of each single value display panel? How do I fix the font size of each panel as in this i have used single value display with concatenate option but as p... by shishirkumar Engager in Splunk Search 01-02-2019 0 4	0	4
How do I replace '," with ";" between a bracket? I have raw data: IMS,CSCF1,,,{REGISTER,19728881234@domain.com;user=phone,200},,{PUBLISH,19728881234@domain.com;use... by jianyu75074 New Member in Splunk Search 01-02-2019 0 2	0	2
Can you help me format system time? hi, I need to format SystemTime='2018-12-27T04:26:29.200782700Z' like this : yy:mm:dd hh:mm Could you help me plea... by jip31 Motivator in Splunk Search 01-01-2019 0 7	0	7