Splunk Search

Community Activity

How can I build a regex to extract xml field value? I want to extract XML field value ItemType and ItemNo from following XML. How can I build the Regular expression? <... by praspai Path Finder in Splunk Search 11-15-2018 1 5	1	5
Problem with agent Hi Splunk Team. I have a problem with the agent as follows: I added a monitor to the directory, then 2 hours I chec... by Cyber_X New Member in Splunk Search 11-14-2018 0 2	0	2
get the list of keyword values which is present in one query and not present in second query we have two queries . both the queries have same keyword with value.so we would like to list the values of the keywor... by dsha Engager in Splunk Search 11-14-2018 0 2	0	2
How to average fields together across multiple columns grouped together by the field name containing a specific string ? I am trying to average fields together across multiple columns based on a specific string (A_Field and B_Field) For ... by l1bertyx Engager in Splunk Search 11-14-2018 0 2	0	2
calculate concurrency of transactions Hi Splunk people. I am trying to map the number of concurrent transactions. This is not exactly the same than the co... by yannK Splunk Employee in Splunk Search 11-14-2018 5 16	5	16
How do you calculate the time between events with the streamstats command? Hello guys, I have data like this using Splunk 7.1 and I would like to calculate minutes between start and end of ea... by splunkreal Motivator in Splunk Search 11-14-2018 0 1	0	1
Joining values from two indexes and returning just specific values Hello fellow Splunkers I'm trying to figure out how to join values from 2 indexes and return one field (from one of... by splunker1981 Path Finder in Splunk Search 11-14-2018 0 6	0	6
Cisco WSA - the WSA TA add on App(verison 3.3) is not extracting fields I am using souretype cisco:wsa:squid, however I tried all the cisco:wsa:w3c as well, no luck so far? No sure where am... by kshanker New Member in Splunk Search 11-14-2018 0 1	0	1
What is the difference between format and return in subsearch? i am new to Splunk. Please let me know when to use format and return in a Splunk subsearch. by neeraja432 New Member in Splunk Search 11-14-2018 0 1	0	1
How do I pass a single value query output to a field? I have a requirement to print the source count from how many hosts we are collecting. Expected output: source_count/... by twh1 Communicator in Splunk Search 11-14-2018 0 3	0	3
How do I extract the following fields using the rex command? I want to extract Balance (Entered)="10008.1311701944" and Balance (Functional)="11648.1319999944" fields from below... by maheshsat Explorer in Splunk Search 11-14-2018 0 1	0	1
In the following Splunk search, how can I only show those users that had a count > 1 in any given _time period? Given the following: index=myindex source=mysource MYSEARCHTERM \| stats count by _time MyField Which gives the re... by GadgetGeek Path Finder in Splunk Search 11-14-2018 0 10	0	10
Can anyone help with how to access properties of Splunk inputs like link list Can anyone help with how to access style properties of Splunk inputs like 1. link list 2. Radio Button 3. Dropdown 4... by VI371887 Path Finder in Splunk Search 11-14-2018 0 0	0	0
timechart issiue Hi , i have 3 fields host , swapfree, memoryfree in my index i want to display count like this : timechart span=1h... by Mohsin123 Path Finder in Splunk Search 11-14-2018 0 5	0	5
Datamodel is giving results outside of the constraints given in Summary Range I have accelerated my data model for 7 days period and Rebuild the datamodel. After its completion, I have executed ... by jshah24 Explorer in Splunk Search 11-14-2018 1 0	1	0
Why doesn't my columnchart show all events? For monitoring purposes I have a columnchart showing the number of events per minute for the last 30 minutes ("30 min... by Oerstier New Member in Splunk Search 11-14-2018 0 0	0	0
How do I get data from a stats table to send as a token? Hi , I have a table with a single data value inside. \|makeresults \|eval value=1 I just want to get the val... by jadengoho Builder in Splunk Search 11-14-2018 0 2	0	2
Why does the "transaction" command return different results by search mode(fast,smart,verbose) OR whether using optimization? My environment : splunk stand-alone ver7.1.4 *I found same phenomenon in ver7.1.3 I executed search below by using t... by yutaka1005 Builder in Splunk Search 11-13-2018 0 4	0	4
Grouping panels from different rows into one panel? Need your help friends. I have data appear as mentioned below. But i have requirement that instead of displaying sam... by Shan Builder in Splunk Search 11-13-2018 0 3	0	3
How to search for and trigger an email alert when there are no logs generated in a directory? I am needing to create an Alert to run every 30 minutes to monitor the file size of all the log files in a directory ... by venkatdba64 New Member in Splunk Search 11-13-2018 0 6	0	6
Predict Command - Alert when value breaches upper95 Hi All, I'm trying to write a search that looks at creating an alert where there is a significant spike in HTTP POST... by MikeElliott Communicator in Splunk Search 11-13-2018 1 7	1	7
Predict Command: Endpoint Communicating with Excessive Hosts Hi team, I hope that we are all well? I'm looking to develop a use case designed to identify where an endpoint has ... by MikeElliott Communicator in Splunk Search 11-13-2018 1 0	1	0
How can I obtain a list of values returned by one query, but not another? I have one query that returns SESSION_IDs of attempted orders: index=my_index "abc" \| rex field=_raw "(?<SESSION_ID>... by jbrenner Path Finder in Splunk Search 11-13-2018 0 8	0	8
How do you join a field which does not exist in the subsearch? I need help with the following scenario. I want to join one of the fields of the main search to the sub search,l whi... by bollam Path Finder in Splunk Search 11-13-2018 0 4	0	4
How do you compare 2 multivalued fields from different indices? I am attempting to correlate network latency fields from different indices. Basically, I would like to end up with a ... by maxzintel Path Finder in Splunk Search 11-13-2018 0 11	0	11