Splunk Search

Community Activity

How do I use an eval command with a case function with regex to separate the blank vs any character? hi, I have a field PORT_DESC with the values as: "somethings sdsa Device:XYZ PORT: 1.2.3 BackPort: 4.5.6 some oth... by Chandras11 Communicator in Splunk Search 11-30-2018 0 4	0	4
Recursively Search Until Condition Hi, I am looking for a way to connection multiple events with two corresponding values together until I hit a condit... by mrstrozy Path Finder in Splunk Search 11-30-2018 0 1	0	1
In a dashboard, how do you do a filter so that only certain values appear in the chart dropdown ? Hi all, I have created a dashboard as below. But I had a problem during the chart generation. When the first dropd... by kingwaras Engager in Splunk Search 11-30-2018 0 1	0	1
How do I break multiline events beginning with a #? Hello, I have to break an event that begins with a # on the first line. ds-sync-hist: modifyTimestamp:00000167645c9... by ktn01 Path Finder in Splunk Search 11-30-2018 0 5	0	5
How do I combine unique values of a field into one for multiple fields? I am trying to make a report with the unique combination of ID, AVER SRV, ZONE, IPADDR & host. Unfortunately, I am ge... by srizan Path Finder in Splunk Search 11-30-2018 0 2	0	2
Enterprise 7.2 - Extract doesn't work, rex does Hello all, I have a problem with one field extract that works if I use the exact regex syntax in the rex command but... by mweissha Path Finder in Splunk Search 11-30-2018 0 5	0	5
Process high memory usage hello, on my splunk i have about 50 dashboards with 10 panels for each one. Many times i see "process is waiting for ... by null0 New Member in Splunk Search 11-30-2018 0 0	0	0
Multiple alerts in one query Please help I want the query with below scenario. Requirement 1: Check occurence of 0 in 10 mins timeframe. If conti... by sahil237888 Path Finder in Splunk Search 11-30-2018 0 3	0	3
Join two seaches with a range time Hello there. I have reading some answers similar to mine, but none of them fit with what I have in mind. I have two... by slorente Explorer in Splunk Search 11-30-2018 0 2	0	2
Reset_after command not working for resetting values of multiple columns Reset_after command not working for resetting value of multiple columns. I am using below command (replace @ symbol ... by sahil237888 Path Finder in Splunk Search 11-30-2018 0 0	0	0
Need help with REST API & SDK We are using Splunk Cloud. How can I access REST API? Do I need to request to enable REST API? by splunkusr9 New Member in Splunk Search 11-30-2018 0 1	0	1
How do you make a count based on multiple fields? index=syslog \| eval length=len(field1) \| where length > 100 \| table field1,field2 I want to create a search that, i... by rotundwizard Explorer in Splunk Search 11-30-2018 0 1	0	1
Need some clarification on search-time _meta field extraction. I have got a question about using _meta fields in the /opt/splunkforwarder/etc/system/local/inputs.conf of a Splunk ... by AndreAtNN New Member in Splunk Search 11-29-2018 0 4	0	4
Why can't I do an eval with a rest call in a subsearch? Hi there, I'm trying to add a column to my base search that is the user currently logged into Splunk. This is a code... by nick405060 Motivator in Splunk Search 11-29-2018 0 5	0	5
Network file permission error (-5000) when starting Splunk enterprise Recently installed Enterprise 60d trial from the Splunk website download on OS X and first, and subsequent startup in... by mikeah21 Explorer in Splunk Search 11-29-2018 2 3	2	3
field extraction from some multivalued fields seperated by comma Log event x: This is the name of the group#2 target(s) [name3] Log event y: This is the name of the group#1 target(s)... by christythomas Explorer in Splunk Search 11-29-2018 0 2	0	2
How do you show unique downloads and their location using the geomap command? I am trying to show unique downloads and their location using the geomap command. Without geomap, my download query ... by mistydennis Communicator in Splunk Search 11-29-2018 0 2	0	2
Make my splunk query more performetric or efficient I have write the below query , Can someone rewrite the query in more efficient way. Basically I am trying to see bre... by saifullakhalid Explorer in Splunk Search 11-29-2018 1 5	1	5
Creating new field on each regex match Hello Splunk Community! As I am quite new to Splunk/Regex, I've got a silly question that may be simple for you: I ... by llacoste Path Finder in Splunk Search 11-29-2018 0 3	0	3
Suitable Sourcetype for uploading a file in json format Hello, I am parsing a file in JSON format to splunk entrprise but the sourcetype is not selected automatically, when ... by dinaabdelhakam Path Finder in Splunk Search 11-29-2018 0 1	0	1
How do you make a regex to remove a string from file path in inputs.conf? I want to change a source by removing a "hostname" from file path (string) using inputs.conf Currently, the source i... by meet_vadaria Engager in Splunk Search 11-29-2018 0 8	0	8
Please see the followings outputs. Data is there which is confirmed using outputtext command but it is not getting displayed as shown in 1st picture. by a_m_s Explorer in Splunk Search 11-29-2018 0 0	0	0
How do you make a regex to extract the following value? Hi, I want to extract a value from the following line: systemGuid=9516e36a-e5e9-4ec5-a449-edcaeb5f227f, I need th... by abhishekgandhe Explorer in Splunk Search 11-29-2018 0 3	0	3
Custom Search Command - Can I emit multiple records for each input record? I'm have a custom command that parses an input field in each given record and emits 0 to N records as its output. I'm... by kmarx Explorer in Splunk Search 11-29-2018 0 0	0	0
Help on stats and on regex in a same query hello I use the code below index="windows-wmi" (sourcetype="WMI:LastLogon" OR sourcetype="WMI:LastReboot") \| dedup h... by jip31 Motivator in Splunk Search 11-28-2018 0 8	0	8