Splunk Search

Community Activity

regex to extract part of the variable Hello, I need help with regex. I have the following string under the Tracefile variable in my search: /usr/sap... by damucka Builder in Splunk Search 11-13-2018 0 1	0	1
Can I do an eval on static values of an input? i have an input where I choose some values, based on which i want another input value to be calculated. Can I do an ... by jiaqya Builder in Splunk Search 11-12-2018 0 2	0	2
[Inquiry]: Retrieving search results with schedule timings Hi everyone, Good day! I would like to ask about my search query below. index="myIndex" source IN(MyLogs) host=s... by dcresido New Member in Splunk Search 11-12-2018 0 0	0	0
How do you compare 2 fields in a lookup against a single field in Splunk? Hi, I have a lookup with 2 fields, (device and IP) either of which can be used to log in to Splunk as the 'host' fie... by jacqu3sy Path Finder in Splunk Search 11-12-2018 0 1	0	1
Can you help me with my field extraction? As I extract a field with regex, and it has finished successful, why can't I find my created field in the field side ... by sabaKhadivi Path Finder in Splunk Search 11-12-2018 0 2	0	2
How do you create a subsearch for two correlated queries? Query One: One that is exclusive of Server4 in Index1 based of the hosts in Index2. I.e. based on the Index2 hosts, ... by princeali Engager in Splunk Search 11-12-2018 0 4	0	4
Sorting chart headers (dates) by descending I am trying to sort the column headers of a chart (dates) so they appear with the most recent date on the far left. I... by lukepatrick Explorer in Splunk Search 11-12-2018 0 0	0	0
Stats sum command experiencing strange behavior after 7.2.0 upgrade Hi Folks; So getting a very bizaare issue here after our upgrade to 7.2 index="app_rocket_dxs" sourcetype="fluentd_... by paimonsoror Builder in Splunk Search 11-12-2018 0 4	0	4
Get metrics from events in between 2 events I want to get metrics from events which occur between 2 events(eg: Job Start, Job end). This job event runs every 1h... by rajeshad45 Engager in Splunk Search 11-12-2018 1 1	1	1
How come our negative field search is looking in all the fields instead of the searched field? I have a Splunk local installation that is having some strange behavior. The search is filtered by negative field ext... by jonaspereira New Member in Splunk Search 11-12-2018 0 1	0	1
Pull back metadata against 2 fields in a lookup Hi, I have a lookup file containing hostnames and IP addresses, either of which can be logged in splunk against the ... by jacqu3sy Path Finder in Splunk Search 11-12-2018 0 0	0	0
How to add own IP locations into the GeoLite2-City.mmdb Hello, I applied successfully the tool at github Customizing-Maxmind-IP-Geo-DB-for-Internal-Networks https://gith... by graether Path Finder in Splunk Search 11-12-2018 0 6	0	6
How to split only alphanumeric strings in line of data with separated by "-" Hi , How to get the alphanumeric string from below data. inputs : ABCD-47440c7534d1a13d7d462860-90d2aa5bb3b20184-1... by asplunk789 Loves-to-Learn Everything in Splunk Search 11-12-2018 0 1	0	1
Adding Empty JSON Array Count To Chart Below, I have a chart being created which is supposed to show how many times we see each tag we find in a "tags" arra... by samkass New Member in Splunk Search 11-11-2018 0 2	0	2
Can spath cater for missing values in an array? Hi, I have a nested array and I want to compare values across I've a query that works, apart from when a value is ... by ewanbrown Path Finder in Splunk Search 11-11-2018 1 1	1	1
understanding how delta and streamstats handles no value This is my search to simulate the data i need to illustrate: \| makeresults \| eval data = " 1-Sep 7820592; 2... by HattrickNZ Motivator in Splunk Search 11-11-2018 0 0	0	0
How do you build an alert that triggers when a file is moved to a monitored folder? I'm trying to build an alert that triggers when a file is moved to an Error folder within the system we are monitorin... by kozanic_FF Path Finder in Splunk Search 11-11-2018 0 7	0	7
search requires stitching together two distinct events from a single sourcetype i require some assistance in my search query where i need to search a mail log to extract the highest recipients by m... by danesh_shah New Member in Splunk Search 11-10-2018 0 5	0	5
Improve TSTATS performance (dispatch.localSearch) command with more Indexers(Search nodes)? HI I have the following tstat command that takes ~30 seconds (dispatch.localSearch) is the main slowness . I have b... by robertlynch2020 Influencer in Splunk Search 11-10-2018 0 16	0	16
How can I search for a particular string in a larger string? I am running the following query: index=uplynk slice_played \| rex field=_raw "^(?<date>\S)\s(?<time>\S)\s(?<slic... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
Sequential automatic lookups not working... Here is my props.conf for the Qualys vulnerability data: [qualys:hostDetection] LOOKUP-2_qualys_nvd_lookup = nvd_db_... by responsys_cm Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me with the following field extraction issue? Hi, I have a weird problem. I have a field called 'playerUserAgent' which returns the following sample of values: ... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
How do I correlate email events when the key-id is not defined in all events? So I have correlated email events before where there was a UID defined as a field for all transactions of a unique em... by Log_wrangler Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me work out a query involving distribution percentages? Hi Splunk Community, I have a simple query which pulls request counts in per node. sourcetype=test-log New Line \| ... by luckyman80 Path Finder in Splunk Search 11-09-2018 0 2	0	2
How do you create a static table for a lookup file? I have kind of a silly question that I am embarrassed to admit has stumped me for a little while. I have a small li... by _smp_ Builder in Splunk Search 11-09-2018 0 3	0	3