Splunk Search

Community Activity

Reuse field extraction in another field extraction/transformation? I am looking for a solution to extract certain types of UIDs and therefore defined a basic UID field extraction: (?<U... by jmartens Path Finder in Splunk Search 07-24-2018 0 3	0	3
Remove first four lines of field I want to display each event's raw text in a table column, but I need to remove the first four lines of the field (te... by calarie001 Explorer in Splunk Search 07-24-2018 0 3	0	3
Count of consecutive like events. Hi all, Is there a way to produce a count of consecutive like events in Splunk? Example Logs bookingEvent booking... by topleyg New Member in Splunk Search 07-24-2018 0 9	0	9
export the search results directly into Amazon S3 I have a requirement where I need to export the search results directly into Amazon S3. I need to export a daily repo... by jarapally Explorer in Splunk Search 07-24-2018 1 0	1	0
Indexing updatable data from a relational database Dear all, I am wondering what is the best strategy regarding indexing data coming from a relational database which c... by ecoquelin Explorer in Splunk Search 07-24-2018 0 1	0	1
Is there a way to customize delimiter based field extractions via the UI? Is there a way to customize delimiter based field extractions via the UI? Looks like you can do it for regular expres... by ytenenbaum_splu Splunk Employee in Splunk Search 07-24-2018 0 1	0	1
JOIN how to save as an eventtype ? Hello Splunkers, I'm using JOIN expression to classify a type of errors. I want to have all errors classified like ... by jermi001 Engager in Splunk Search 07-24-2018 0 2	0	2
Splunk Search content for a particular string Hi Team, I have search in search head which gives output like in snapshot. Now i want to assign a new field to clien... by kaushal21rajput New Member in Splunk Search 07-24-2018 0 5	0	5
How to extract many fields with a single regular expression ? Hi, I have a sample log file as shown in the attached screenshot. I have many such tags in the log file. I want to ... by Allampally Path Finder in Splunk Search 07-24-2018 0 2	0	2
How to create a rex string with "#" sign? I have data 2018-07-23 21:00:54##7049015762##358479078622895##2##4000######N##ABS##\|##USER_NUMBER##QUERY##1##90864 ... by jianyu75074 New Member in Splunk Search 07-23-2018 0 1	0	1
need line breaking for the following data generated as CSV Good day All, My skill in regex is very limited. Can anyone help me with the props.conf for the following data? ITs b... by ranjitbrhm1 Communicator in Splunk Search 07-23-2018 0 6	0	6
best practices vs my code hello all i use this code but he has not good performances following splunk best practices, is it possible to give m... by jip31 Motivator in Splunk Search 07-23-2018 0 7	0	7
Modular Input - interval Hi, i've noticed that when the time required to execute a modular input's streamEvents method is greater than the con... by dluyk New Member in Splunk Search 07-23-2018 0 0	0	0
Accessing results from search after timecharting Hi all, I'm trying to write a query that pulls up some data, time charts it, then calculates a percentage based on h... by marrette Path Finder in Splunk Search 07-23-2018 0 2	0	2
How to convert time to epoch time? How to convert time to epoch time? What the best approach for this one? Mon 07/23/2018 17:19:01.89 by knalla Path Finder in Splunk Search 07-23-2018 0 1	0	1
Why is the append query not working? hi, index="idx_a" sourcetype IN ("logs") component=* logpoint=request-in \| table transaction-id,timestamp-in\| appen... by Mohsin123 Path Finder in Splunk Search 07-23-2018 0 2	0	2
Unable to sinl logs from oracle user on webui Unable to sink logs from user Oracle on webui, but can able to sink logs from tmp. can you please suggest. Thanks. by ahmemohs03 Explorer in Splunk Search 07-23-2018 0 0	0	0
eval duration/latency My timestamp-in and timestamp-out fields are in this format 2018-07-23T15:53:11.588Z how do i calculate duration ? i ... by Mohsin123 Path Finder in Splunk Search 07-23-2018 0 1	0	1
How to execute a script and display results on a search page? I need to execute a python script from Splunk search and display the return value on the same page. How can this be d... by tusharsaran1 Path Finder in Splunk Search 07-23-2018 0 5	0	5
How to take the time from the field I am interested in and compare that to the current time to mark as an alert? I am exporting data out of AD and trying to look for devices that are older than a certain time frame. From my data ... by willadams Contributor in Splunk Search 07-23-2018 0 5	0	5
NOT Inputlookup not working I am trying to perform a search and trying to add an inputlookup to filter information I don't need to know about. F... by willadams Contributor in Splunk Search 07-22-2018 0 5	0	5
Can Splunk find similar strings in a log? Hi Does Splunk can do similar string search? For example the given string is mystring, and I want to return any log... by samlinsongguo Communicator in Splunk Search 07-22-2018 0 7	0	7
How do YOU use splunk! (Search/Query Examples) Hello everyone, Our company just started using Splunk, and after experimenting with some basic commands it certainly... by ktrumpol Path Finder in Splunk Search 07-22-2018 1 4	1	4
calculate percentage from the results of two reports I'm having a difficult time calculating a percentage based on two reports (searches). Search 1 \| inputlookup mydata... by jdlocklin526 Observer in Splunk Search 07-22-2018 0 3	0	3
How to get other field on x-axis other than _time? I'm fetching data by hitting an API, and the data I get will be a single event which consists of cpu_used and corresp... by bollam Path Finder in Splunk Search 07-21-2018 0 2	0	2