Splunk Search

Community Activity

How to use regex on a field's value in a search? index=system* sourcetype=inventory order=829 I am trying to extract the 3 digit field number in this search with r... by splunkuser21 Engager in Splunk Search 12-18-2018 0 4	0	4
How do you apply a formula from another field to eval its value? Hi, I basically want to eval a result-field based on the formula contained in another field. The formula in the othe... by flopit Path Finder in Splunk Search 12-18-2018 0 4	0	4
Splunk DB Connect: Time conversion error while working with SQL Audit log data I have a SQL query using at Splunk DB Connect to pull the SQL audit log into Splunk as below: SELECT event_time, act... by jasonsun Explorer in Splunk Search 12-18-2018 0 1	0	1
How to dynamically set the y-axis scale of a chart with the max value needed + X%? Hi all! I have the following search which displays a stacked bar chart: <index, filters and sourcetype> \| stats cou... by andreafebbo Communicator in Splunk Search 12-17-2018 1 7	1	7
Why is the rename command not working post using fillnull? Can you please help check why below command is not working. index="app_batch_reports" "] ERROR [" NOT "MessageClient... by AnmolKohli Explorer in Splunk Search 12-17-2018 0 1	0	1
Error :"Currently displaying the recent 1000 events in the select range.Select a narrow range or zoom in to see more events." Hello, I have the following error message. "Currently displaying the recent 1000 events in the select range.Select ... by Shuhei052492 Path Finder in Splunk Search 12-17-2018 0 0	0	0
REGEX field at index time - transforms.conf hi, I'm trying to prepare output at the index time for IIS logs and cs_username which for now contains prefix that I... by aszczudlo Engager in Splunk Search 12-17-2018 0 1	0	1
How to monitor USB plug and remove on server 2008 R2? OS: CentOS 7 Component: Search Head, Indexer Product: Splunk Enterprise Version: 7.2.1 OS: Windows server200... by aojie654 Path Finder in Splunk Search 12-17-2018 0 5	0	5
In a search, how would I get the difference between the primary region and all other regions? I have this query that is supposed to get the difference between the primary region and all other regions, but for so... by kiamco Path Finder in Splunk Search 12-17-2018 0 3	0	3
How do I make a custom alert message with variables? Hello, I have a search with several OR statements in it. Example, Microservice=this OR Microservice=that. When the s... by rbrisseyii Explorer in Splunk Search 12-17-2018 0 5	0	5
How do I make a Splunk query that generates stats grouped by account name? Here is my current query: index=wineventlog sourcetype=WinEventLog:Security EventCode=4625 \| rex ".*Account\sName:\s... by bm1391 New Member in Splunk Search 12-17-2018 0 3	0	3
Can you help me create a regex expression that would extract a field? Hi All, I'm trying to extract a field. However, the field I want to extract isn't at the same location each time.... by itionet New Member in Splunk Search 12-17-2018 0 8	0	8
Can you help me to create a query with a timechart? Hi all, with the query below I have extracted the sum of overtime per day. index="effort_tracker" \| stats count by... by kingwaras Engager in Splunk Search 12-17-2018 0 1	0	1
How can I split IIS logs from Amazon Kinesis stream on "- -" ? Hello - Is there a way to split the line below : with '--". This is from the IIS logs of Amazom Kinesis. 200 is h... by jmajumdar Explorer in Splunk Search 12-17-2018 0 2	0	2
How can we make multiple MAC address formats be readable in one search, regardless of format? I'm still pretty new so the answer is probably easy, but am stuck trying to making this search form work. The goal i... by rpquinlan Path Finder in Splunk Search 12-17-2018 0 9	0	9
How do I send Kubernetes Node name to Splunk? We are running a Kubernetes cluster and are shipping pod logs to Splunk Cloud. Our current setup: 1. Universal forw... by catchaj88 Explorer in Splunk Search 12-17-2018 0 1	0	1
Striftime Error or Settings questions For some reason when I have Time as below, and use (\| eval SortingTime=strftime(SortingTime, " %H:%M:%S") I always... by hyungjoon New Member in Splunk Search 12-17-2018 0 4	0	4
How to extract field using mode=sed for name extraction? How to extract field using mode=sed for name extraction? index=test Sender=PEGAS \| rex field= URI"^(?.+?)(\?\|\z)" \|... by karthi2809 Builder in Splunk Search 12-17-2018 1 7	1	7
Is using the transaction command an overkill in this case? If I have two searches as below (uniqueId is a common field exists in both searches, while field1, field2 are unique... by jliu531 Engager in Splunk Search 12-17-2018 0 1	0	1
How do I sort my search events by week? I am new to Splunk. I am having a problem sorting my search results by week. I tried using the following dates as my ... by ronniemakhombi Explorer in Splunk Search 12-17-2018 0 8	0	8
how can i reset splunk.com login password how can i reset splunk.com login password, the email id in the account has a typo, so the reset password option is no... by soumyasaha25 Contributor in Splunk Search 12-17-2018 0 3	0	3
multiple field in geostats HI, i am trying to display multiple fields like num1, num2, num 3 in map and trying to gets its lat and long from ex... by vikashperiwal Path Finder in Splunk Search 12-17-2018 0 3	0	3
Is it violating license agreement to bring in data from external system? We index a lot of data in Splunk, but we also have a lot of other tools, we would like to use Splunk as single pane o... by xchang1226 Path Finder in Splunk Search 12-17-2018 0 6	0	6
Single query to an external REST API I am working on an app that will have an interactive UI where you could input a hash value and afterwards the app wou... by JerryLives Engager in Splunk Search 12-17-2018 0 0	0	0
Is there a Splunk command to find out configuration errors or typos? Hi, I was wondering is there a Splunk command to find out configuration errors? For example, LINE_BrEAKER in props ... by kteng2024 Path Finder in Splunk Search 12-17-2018 0 7	0	7