Splunk Search

Community Activity

Output multiple fields from query to csv via output lookup I have created a query that will extract specific information from my Active Directory logs, and output it into a nic... by iomega311 Explorer in Splunk Search 08-27-2018 0 1	0	1
timechart count for last status=up, each month So, I've simplified my real problem down to this example with as few variables as possible. I wish I could simply alt... by adamsmith47 Communicator in Splunk Search 08-27-2018 0 3	0	3
How do I table a transactionid value using regular expression? Below is my log, [ERL_ROUTE_ACK_INTERFACE] 2018-08-27 11:06:02 DEBUG [callUpdateERLRouteStatus] ERLRouteAckServiceI... by ppanchal Path Finder in Splunk Search 08-27-2018 0 2	0	2
How do I calculate median values for the column for 7 weeks? Dear all, There are two columns with data: time (time scale in steps of 10 minutes) and val (amount of transactions)... by belts New Member in Splunk Search 08-27-2018 0 2	0	2
How to extract the fields for kv pair syslog data? Hi All, How to extract the fields for the syslog data with kv values at indexing time? Aug 27 10:05:58 ciscoasa SFI... by knalla Path Finder in Splunk Search 08-27-2018 0 1	0	1
How can I get my inputlookup to exclude holidays? Hello I have a search that I use to calculate days between 2 dates. The search is like this: \|index=dev_tsv "B... by tkwaller_2 Communicator in Splunk Search 08-27-2018 0 11	0	11
How to create a timechart based on index time? I'm trying to create a timechart to show when logs were ingested. Trying to use _indextime but it doesn't seem to be... by DEAD_BEEF Builder in Splunk Search 08-27-2018 0 3	0	3
How to capture type of events in fields based on single event type? Hi All , 1)How do you capture INFO/ERROR/WARN events using regular expression ? 2)How do you capture the rest of the ... by raj_mpl Path Finder in Splunk Search 08-27-2018 0 3	0	3
How do I search for low counts of specific user logons per host? I'm trying to do some least common occurance hunting in our environment, and would like to see if I can make a search... by rwmilligan Explorer in Splunk Search 08-27-2018 0 3	0	3
How do I search for all the IPs that are located in the domain controller? This is my first time using Splunk and I don't know many commands. I am looking for a command where I can get all the... by Esmeralda1 New Member in Splunk Search 08-27-2018 0 2	0	2
How to convert KB to MB? Hi I need to convert these 2 counters from KB to MB TotalSpaceKB=486757372 FreeSpaceKB=435455092 Do I have to divide ... by jip31 Motivator in Splunk Search 08-27-2018 0 4	0	4
Splunk7.1.2 でタイムゾーン・時刻ズレ／日時のデフォルトフィールド(date_xxxx)の不具合 Splunk 7.1.2でデータ取込みを行い、日時の不デフォルトフィールドを使って9:00～17:00以外の時間範囲というサーチを設定していました。 index=test_index date_hour>=9 AND date_ho... by cipherjake Explorer in Splunk Search 08-26-2018 0 1	0	1
mvexpand gives less results Now when i use mvexpand i just get 600 results in statistics, instead of getting 1412 alll the events as below: So ... by patilsh Explorer in Splunk Search 08-26-2018 0 5	0	5
How can I extract values starting with a specific name using regex? Hi All, Kindly help me with regex for below sample data. Its only a sample there might be some other pattern of data... by Shan Builder in Splunk Search 08-26-2018 0 6	0	6
Dynamic conditions composition into a search uses fields extracted from a lookup Hi to all, I would like to define a dynamic condition into a lookup, which uses the fields defined inside a search, ... by robertosegantin Path Finder in Splunk Search 08-26-2018 0 5	0	5
How do I convert the following data into a pivot table? With the following search index=msperf sourcetype="perfmon_processor_xml" \| xpath outfield=Architecture "//COMMAND/... by tamakg Path Finder in Splunk Search 08-26-2018 0 1	0	1
Why is the chart only valuing 15% above calculated average response? I've created a chart that only shows run times above a 60 day average and it's corresponding average, which works per... by fisuser1 Contributor in Splunk Search 08-26-2018 0 3	0	3
rex extract field not working as expected/ miss handling ")" in regex Hi I have a field with following value 16/08/2018 03:04:11 - Christian (Work notes) Remote Desktop Notes: - still u... by samlinsongguo Communicator in Splunk Search 08-25-2018 0 4	0	4
correlate between two sources hi i have tow devices, i want to check the result of the same event in tow devices. for example if one source is blo... by khanlarloo Explorer in Splunk Search 08-25-2018 0 2	0	2
How do you get events time interval as 15 minutes on timechart x-axis? Hi one and all, I have my log data as below for every 15min interval. 2018-08-23,16:16,11230,37393,49019 2018-08-23,... by prathapkcsc Explorer in Splunk Search 08-24-2018 0 3	0	3
What regex search could I use to find fields that contain exactly 6 digits? I need to search for fields that contain exactly 6 digits. For example, it should return fields that contain "123456... by Piggyy New Member in Splunk Search 08-24-2018 0 3	0	3
Why do I get a 400 stanza error when using a join command in searches? I tried to add a simple join onto my search but Splunk throws a 400 error {"messages":[{"type":"FATAL","text":"Miss... by tb5821 Communicator in Splunk Search 08-24-2018 1 4	1	4
How do I split _raw data into multiple table fields? I have the following data in _raw and I need to split the data at the semicolon into multiple fields in a table LOG ... by slord Engager in Splunk Search 08-24-2018 0 4	0	4
The command table does not show all fields My data : _time MODULE NOMBRE_DE_WA_ECRITS [...] 2016-07-18 20:02:37 MOD1... by splk_clheureux Explorer in Splunk Search 08-24-2018 1 5	1	5
How do I find missing information from query 2 and query 1 I am trying to find missing stores from query 2 in the below script. However, it returns no results, or all results d... by benj851 Explorer in Splunk Search 08-24-2018 0 6	0	6