Splunk Search

Community Activity

Can you help me build the regex that would extract a filename without filenamenumber and extension? Hi, i am not familiar with regex and am trying to extract only the filename from the following data without the numb... by ugruner Explorer in Splunk Search 11-16-2018 0 1	0	1
Where is the .conf file for the lookup definition? I've looked hard, but I can't seem to find the .conf file of Lookup Definition. I know it can be done on the user int... by morethanyell Builder in Splunk Search 11-16-2018 0 2	0	2
Can I optimize an mvzip, mvappend, and mvexpand combination for creating additional events? Hello, I am looking for optimization advice for a use case in which I need to create new event data and then calcula... by andrewtrobec Motivator in Splunk Search 11-16-2018 0 3	0	3
How do you get sklearn algorithm to work in Splunk? I have added another algorithm SVR in Splunk Enterprise with the way on the website below, and it works. But I'm conf... by rickyhsu7 Explorer in Splunk Search 11-16-2018 0 1	0	1
Why do my results appear and then disappear on a map? Dear All, I have a geostats search that is providing a mapped view of events over a single area. It is like this: i... by BlueSocket Contributor in Splunk Search 11-16-2018 1 9	1	9
How do you perform a search based on lookup values? Hello, I'm trying to do an outer join, but without actually using a join, I have a lookup with names and based on t... by ndaniel88 Explorer in Splunk Search 11-15-2018 0 3	0	3
Splunk Tableau ODBC connection and date field parsing We are connecting to Splunk from Tableau via ODBC. It worked fine for most of the time. Recently we are facing [Spl... by ngantla New Member in Splunk Search 11-15-2018 0 0	0	0
What is the best practice to perform a query using distributed search? Hello Splunkers, I've a issue with my distributed searches. I've one search head and 2 indexers. Both indexers are ... by danje57 Path Finder in Splunk Search 11-15-2018 0 2	0	2
Why is the transaction command not working? Hello Everyone...I have the below query and I want to evict transactions that starts with Message arrived but not end... by ramprakash Explorer in Splunk Search 11-15-2018 0 1	0	1
External search command 'ldapfetch' returned error code 1. Script output = "error_message=Missing required value for alternatedomain in ldap/DOMAIN. " I keep receiving the error "External search command 'ldapfetch' returned error code 1. Script output = "error_message... by msteffes New Member in Splunk Search 11-15-2018 0 2	0	2
Can you help me come up with the regex to get the domain + scheme? Hi, I tried many things but I still cannot get to the correct result. my field value looks like this http://34.223... by jtotzek Explorer in Splunk Search 11-15-2018 0 5	0	5
How do I show nested field in one box in a table? How can I get the nested JSON in this field called "Message" (see below) with the nested fields (here currentMessage)... by nikosattlermhp Engager in Splunk Search 11-15-2018 0 0	0	0
How do you exclude two matching field values in a search? Hello, I want to make a very specific exclusion from my search. In my case, there are two different field names I am... by johann2017 Explorer in Splunk Search 11-15-2018 0 2	0	2
use streamstats for checking multiple column values How can I use streamstats for checking multiple column values.(With or without foreach command for multiple columns) by sahil237888 Path Finder in Splunk Search 11-15-2018 0 9	0	9
Why is an unknown value showing up in my search? One of my dashboards reflects some data which actually isn't present in the data input. It might have been present be... by rpradeep Path Finder in Splunk Search 11-15-2018 0 15	0	15
How can I build a regex to extract xml field value? I want to extract XML field value ItemType and ItemNo from following XML. How can I build the Regular expression? <... by praspai Path Finder in Splunk Search 11-15-2018 1 5	1	5
Problem with agent Hi Splunk Team. I have a problem with the agent as follows: I added a monitor to the directory, then 2 hours I chec... by Cyber_X New Member in Splunk Search 11-14-2018 0 2	0	2
get the list of keyword values which is present in one query and not present in second query we have two queries . both the queries have same keyword with value.so we would like to list the values of the keywor... by dsha Engager in Splunk Search 11-14-2018 0 2	0	2
How to average fields together across multiple columns grouped together by the field name containing a specific string ? I am trying to average fields together across multiple columns based on a specific string (A_Field and B_Field) For ... by l1bertyx Engager in Splunk Search 11-14-2018 0 2	0	2
calculate concurrency of transactions Hi Splunk people. I am trying to map the number of concurrent transactions. This is not exactly the same than the co... by yannK Splunk Employee in Splunk Search 11-14-2018 5 16	5	16
How do you calculate the time between events with the streamstats command? Hello guys, I have data like this using Splunk 7.1 and I would like to calculate minutes between start and end of ea... by splunkreal Motivator in Splunk Search 11-14-2018 0 1	0	1
Joining values from two indexes and returning just specific values Hello fellow Splunkers I'm trying to figure out how to join values from 2 indexes and return one field (from one of... by splunker1981 Path Finder in Splunk Search 11-14-2018 0 6	0	6
Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields I am using souretype cisco:wsa:squid, however I tried all the cisco:wsa:w3c as well, no luck so far? No sure where am... by kshanker New Member in Splunk Search 11-14-2018 0 1	0	1
What is the difference between format and return in subsearch? i am new to Splunk. Please let me know when to use format and return in a Splunk subsearch. by neeraja432 New Member in Splunk Search 11-14-2018 0 1	0	1
How do I pass a single value query output to a field? I have a requirement to print the source count from how many hosts we are collecting. Expected output: source_count/... by twh1 Communicator in Splunk Search 11-14-2018 0 3	0	3