×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
tachifelix
Path Finder
Member since: ‎12-11-2014
‎06-05-2020
Community Statistics
Posts 36
Solutions 0
Karma Given 2
Karma Received 4
Member Since ‎12-11-2014
Activity Feed
Topics I've Started
No posts to display.
View All

Re: If I have multiple Cisco devices sending syslo...

by Splunk Employee in Getting Data In
‎09-28-2020 02:08 PM
‎09-28-2020 02:08 PM
You'd be better to start a new thread and ask the community for help in that manner.   Also, look at the Cisco IOS and ASA TA's that have all the extractions in place. You most likely can find the solution there. ... View more

Re: How to right regular expression for finding fi...

by in Splunk Search
‎04-09-2015 02:22 AM
‎04-09-2015 02:22 AM
thanks rich, for your brief explanation. i got the result with the below search query index=casm_prod sourcetype=smtrace "Center realm" | bucket _time span=1m |stats count(sso_id) as eventcount by _time, sso_id thanks alot ... View more

Re: How to pass a token to a panel in the place of...

by Splunk Employee in Dashboards & Visualizations
‎03-30-2015 11:35 AM
‎03-30-2015 11:35 AM
It's more reliable to write $footoken|s$ than "$footoken$", as the former will deal with backslashes and quotes in the token value correctly. ... View more

Re: How to write the REGEX to extract and add new ...

by in Splunk Search
‎03-19-2015 01:51 AM
‎03-19-2015 01:51 AM
Not working tried it. thanks for the effort ... View more

Re: How to extract multiple values in a single eve...

by in Splunk Search
‎03-25-2015 04:18 AM
2 Karma
‎03-25-2015 04:18 AM
2 Karma
Finally figured this out. Was filling out a support ticket on this "issue" and one of the answers they linked to was http://answers.splunk.com/answers/23321/field-regex-behaves-differently-for-field-extractions-and-for-rex.html. Apparently you need to add "(?m-s)" to keep "." from matching across newlines when using a regex in a transform. I just wish there was better documentation about the different behavior of regex's in different contexts within Splunk. The following transform now works great for me: [mv_localadmin] REGEX = (?m-s)(.*\n|.*$) FORMAT = LocalAdmin::$1 REPEAT_MATCH = true MV_ADD = true ... View more

Re: How to group my sample events together for a t...

by in Splunk Search
‎03-18-2015 01:20 AM
‎03-18-2015 01:20 AM
HI all, thanks for your answers. For me the main problem was that all values was created in the field "value". It worked much better for me to extract the fieldnames using the <_KEY_1><_VAL_1> Fields. This fields extract the names of the values "dynamic" so i get fields with e.g. running=3 sleeping=105 ... so creating a timechart is quite easy when using search | timechart avg(running) as running avg(sleeping) as sleeping Thx and best regards, Andreas ... View more

Re: Splunk DB Connect: How to troubleshoot error "...

by in Getting Data In
‎03-05-2015 08:19 PM
‎03-05-2015 08:19 PM
Hi @ppablo_splunk , I have checked the link. The drivers are for MySQL, Oracle, DB2 and Informix. My database is Microsoft SQL server. Is that require any driver ? If yes, which one should I download ? Please suggest. ... View more

Re: How to join two search events that have a comm...

by in Splunk Search
‎06-10-2015 09:55 PM
‎06-10-2015 09:55 PM
Thanks dturnbull_splunk. By far this is the most efficient query 🙂 ... View more

Re: Using DBQuery to update DB table data

by in Reporting
‎12-16-2014 02:13 AM
1 Karma
‎12-16-2014 02:13 AM
1 Karma
add select command after update like "select Data1, Data2, Status from test_table1, test_table2 where Status='Closed' and Data2='test2' and Data1='test1' " ... View more

Re: How to create a market basket analysis?

by in Splunk Search
‎12-12-2014 04:10 AM
‎12-12-2014 04:10 AM
this search string doing the work for the following data sample data: partner cost World T Plus 19000 Prix Mono 47500 Prix Mono 19000 Prix Mono 19000 World T Plus 19000 Prix Mono 19000 Prix Mono 38000 Prix Mono 19000 search string: source="C:\tachiFlashDisc\test_firstAnswers.csv" |sort partner|table partner cost | dedup cost result: partner cost Africa Telecom 9500 Africa Telecom 19000 Africa Telecom 47500 Africa Telecom 28500 B and C 0 B and C 4750 B and C 33250 B and C 14250 ... View more

Re: How to extract multikv field at search-time wi...

by in Splunk Search
‎12-15-2014 06:55 AM
‎12-15-2014 06:55 AM
The field name for the tests need to by dynamic. A simple rename doesn't work, unless I can use the value of the field name. Splunk has confirmed that as of version 6.2 this cannot be done at search time. ... View more

Re: How to graph time values %H:%M on the y-axis a...

by in Splunk Search
‎12-12-2014 05:16 AM
‎12-12-2014 05:16 AM
Posting in reply to: tachifelix as forum won't allow me to reply Nope, that doesn't work because of the ':' character. ... View more

Re: How to join two log files with matching string...

by SplunkTrust in Splunk Search
‎12-13-2014 11:51 AM
‎12-13-2014 11:51 AM
take a look at this: http://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-sourcetypes-without-join-append-or-use-of-subsearches.html to get an idea how to get this done a different way .... because join should be a last resort .... not the first option to use ... View more

Re: How to combine my two search queries using joi...

by in Splunk Search
‎10-12-2016 10:11 AM
‎10-12-2016 10:11 AM
You are trying to add it to a dashboard. Instead of "<" and ">" user "<" and ">" ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-05-2020 02:04 AM
Karma given to
View All