Splunk Search

Discussions

Thread Info

Why is my rex command after upgrade to 6.3 not working

Hello I'm using this Regex command: rex max_match=25 "\s+(?P<UserName>[^ ]+\s*\w*)\s+(?P<Status>[Allow|Deny]+)\...

by Contributor in

Why are my json fields extracted twice? (redux)

I came across http://answers.splunk.com/answers/174939/why-are-my-json-fields-extracted-twice.html which seemed to de...

by New Member in

How to create a timechart with charting.legend.labels, but maintain the x-axis label format and color two lines red and blue?

I have a timechart with two lines (sum and max of values). Have a problem with the display format of the x-axis. It i...

by Explorer in

How do you configure splunk to extract fields from SMTP Message Transaction Logs?

We currently use Cisco IronPorts and are sending the Message Transaction Logs via syslog to Splunk. I couldn't find t...

by New Member in

Can I apply an inputs.conf WinEventLog stanza by regex or IP range with a whitelist?

Can we, because of Windows SID translations needing to be pointed to specific DomainController based on IP, point our...

by Explorer in

How to schedule real-time search with a cron schedule in Splunk 6.2.1

I am trying to convert real-time searches in the dashboard to scheduled real-time searches to reduce performance over...

by Path Finder in

How to trace batch processing in one transaction?

Say I have the following log, where I have separate input and output parts, however, they are processed as batch in b...

by Engager in

How to create a chart to view Business Transaction counts with line overlays for both highest and lowest data points??

I am looking for a chart for the business team to view the transaction counts for last day span hourly (so total of 2...

by New Member in

HunkでのサーチにMRジョブが生成されない

Hunkでサーチを実行すると、サーチによってHadoop側のMRジョブが自動的に生成されたり、生成されなかったりしていますが、理由が分かる方いらっしゃいますか？

by Contributor in

How do I extract a string from a message and create a chart on that field?

My message text contains a value like this: 2015-09-30 16:52:19.907|LOCATION:GATEWAY|SERVICE:DepositsRestProxy|VER...

by New Member in

Can I add 15M entries into a summary index on a daily basis?

Running into challenges with monthly reporting, and need to figure out how to use the right Splunk tool for the job. ...

by Splunk Employee in

How to associate and create fields between 2 JSON events?

Hey Everyone, I'm trying to extract fields from an event using a somewhat similar foreign key concept/mechanism. F...

by Explorer in

Transaction very slow, use stats?

Hello, I have the following logs (1 line = 1 event): id=**10** from="**10.10.10.44**" id=10 ### whatever useles...

by Engager in

How to extract a timestamp from line 2 of a CSV and apply it to each line of data in the remainder of file?

We have a particular file of the format: Field1, Field2, Timestamp field, Field4, Field5, Number of records, Field...

by Explorer in

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

The following were the strings visible in my Splunk search results… An error occurred at line: 127 in the jsp file...

by Builder in

Splunk Search

Discussions

Why is my rex command after upgrade to 6.3 not working

Why are my json fields extracted twice? (redux)

How to create a timechart with charting.legend.labels, but maintain the x-axis label format and color two lines red and blue?

How do you configure splunk to extract fields from SMTP Message Transaction Logs?

Can I apply an inputs.conf WinEventLog stanza by regex or IP range with a whitelist?

How to schedule real-time search with a cron schedule in Splunk 6.2.1

How to trace batch processing in one transaction?

How to create a chart to view Business Transaction counts with line overlays for both highest and lowest data points??

HunkでのサーチにMRジョブが生成されない

How do I extract a string from a message and create a chart on that field?

Can I add 15M entries into a summary index on a daily basis?

How to associate and create fields between 2 JSON events?

Transaction very slow, use stats?

How to extract a timestamp from line 2 of a CSV and apply it to each line of data in the remainder of file?

How to write the regex to extract a number within a string and the path that appears after the string in my search results?

Real Time Search Performance Considerations: Are there any scenarios where real-time searches would be acceptable?

Can I edit my search or a filter field to search for multiple UserIDs as an input on my dashboard?

Regex Help in splunk 6.1.3

How edit my search to display a missing field from one table that is found in another table?

How to change the format of a date from "ddmmyyyy" to "dd/mm/yyyy" in a search?

Getting the error ImportError: splunklib.modulari...

Field Extraction Struggle

Extraction using rex

How to populate nonexistent values in a table?

Using lookup to filter out fields from current sea...