Splunk Search

Community Activity

How to split only alphanumeric strings in line of data with separated by "-" Hi , How to get the alphanumeric string from below data. inputs : ABCD-47440c7534d1a13d7d462860-90d2aa5bb3b20184-1... by asplunk789 Loves-to-Learn Everything in Splunk Search 11-12-2018 0 1	0	1
Adding Empty JSON Array Count To Chart Below, I have a chart being created which is supposed to show how many times we see each tag we find in a "tags" arra... by samkass New Member in Splunk Search 11-11-2018 0 2	0	2
Can spath cater for missing values in an array? Hi, I have a nested array and I want to compare values across I've a query that works, apart from when a value is ... by ewanbrown Path Finder in Splunk Search 11-11-2018 1 1	1	1
understanding how delta and streamstats handles no value This is my search to simulate the data i need to illustrate: \| makeresults \| eval data = " 1-Sep 7820592; 2... by HattrickNZ Motivator in Splunk Search 11-11-2018 0 0	0	0
How do you build an alert that triggers when a file is moved to a monitored folder? I'm trying to build an alert that triggers when a file is moved to an Error folder within the system we are monitorin... by kozanic_FF Path Finder in Splunk Search 11-11-2018 0 7	0	7
search requires stitching together two distinct events from a single sourcetype i require some assistance in my search query where i need to search a mail log to extract the highest recipients by m... by danesh_shah New Member in Splunk Search 11-10-2018 0 5	0	5
Improve TSTATS performance (dispatch.localSearch) command with more Indexers(Search nodes)? HI I have the following tstat command that takes ~30 seconds (dispatch.localSearch) is the main slowness . I have b... by robertlynch2020 Influencer in Splunk Search 11-10-2018 0 16	0	16
How can I search for a particular string in a larger string? I am running the following query: index=uplynk slice_played \| rex field=_raw "^(?<date>\S)\s(?<time>\S)\s(?<slic... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
Sequential automatic lookups not working... Here is my props.conf for the Qualys vulnerability data: [qualys:hostDetection] LOOKUP-2_qualys_nvd_lookup = nvd_db_... by responsys_cm Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me with the following field extraction issue? Hi, I have a weird problem. I have a field called 'playerUserAgent' which returns the following sample of values: ... by moizmmz Path Finder in Splunk Search 11-09-2018 0 7	0	7
How do I correlate email events when the key-id is not defined in all events? So I have correlated email events before where there was a UID defined as a field for all transactions of a unique em... by Log_wrangler Builder in Splunk Search 11-09-2018 0 3	0	3
Can you help me work out a query involving distribution percentages? Hi Splunk Community, I have a simple query which pulls request counts in per node. sourcetype=test-log New Line \| ... by luckyman80 Path Finder in Splunk Search 11-09-2018 0 2	0	2
How do you create a static table for a lookup file? I have kind of a silly question that I am embarrassed to admit has stumped me for a little while. I have a small li... by _smp_ Builder in Splunk Search 11-09-2018 0 3	0	3
debugging when columns are not filled out How does one debug searches when you expect a column to be filled out yet its not? sourcetype=mongo_stats \| stream... by tb5821 Communicator in Splunk Search 11-09-2018 0 2	0	2
How to carry forward values of a field to next event till it changes? My goal is to see the availability of NSG devices in percentage. Each NSG is connected to 4 VSCs. If connection to : ... by achoudhary1 New Member in Splunk Search 11-09-2018 0 0	0	0
How do I make it so time conversion always has epoch start at midnight regardless of DST? I have the following SPL. I am trying to calculate days i want to look up for data. Instead of trying to load a who... by wjrbrady Engager in Splunk Search 11-09-2018 0 5	0	5
Why does the position of my dedup command in a query alter the results of my statistics? My problem is that I cannot understand why I get a different statistics number depending on wether I place the dedup ... by net1993 Path Finder in Splunk Search 11-09-2018 0 6	0	6
How can I search for all fields that have a certain string? Hello How can I get only results for specific fields where field name is like something ? fx. get all fields which... by net1993 Path Finder in Splunk Search 11-09-2018 0 12	0	12
Are values() returned by Splunk in a search sorted alphabetically? I couldn't find any documentation except that values(), when used in transforming commands, performs dedup. But there... by morethanyell Builder in Splunk Search 11-09-2018 0 7	0	7
Why is the chart command returning months in alphabetical order? I am trying to sort the data month wise using the chart command. However the month is getting sorted alphabetically. ... by archu_01 New Member in Splunk Search 11-09-2018 0 8	0	8
Join on this field OR that field Basically I am trying to find hosts on a csv, not sending data to splunk. The problem is, we have to account for de... by bcyates Communicator in Splunk Search 11-09-2018 0 2	0	2
Missing status for scheduled jobs in scheduler.log Hi all, I have a SHC in my environment. Today I was troubleshooting an issue where my alert action wasn't firing. Af... by johannthum Explorer in Splunk Search 11-08-2018 0 0	0	0
Can you help me with my query involving the eval command and strftime? \| eval lastChange=strftime(time_of_last_change,"%m-%d-%y %I:%M:%S %p") \| eval timenow=now() \| eval last1hr=strftime(... by tb5821 Communicator in Splunk Search 11-08-2018 0 5	0	5
How can I do a basic "IN" command in Splunk? I am trying to accomplish a simple "IN" command in Splunk, basically by filtering the result to show only those entri... by hanriv0001 New Member in Splunk Search 11-08-2018 0 5	0	5
Any way to combine these records? SO I understand WHY I get the results I get but I am having a difficult time, most likely due to me, getting the resu... by tkwaller_2 Communicator in Splunk Search 11-08-2018 0 2	0	2