cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
ChrisH
Explorer
Member since: ‎06-11-2020
a week ago
Community Statistics
Posts 3
Solutions 0
Karma Given 1
Karma Received 2
Member Since ‎2020-06-11
Activity Feed
Topics I've Started
No posts to display.
View All

Re: How to migrate Splunk Heavy Forwarder to a new...

by in Deployment Architecture
‎07-30-2020 11:40 AM
1 Karma
‎07-30-2020 11:40 AM
1 Karma
Copying the splunk.secret from the old heavy forwarder to the new one should help with the passwords. ... View more

Re: bullet points in date value and can't strptime...

by in Splunk Search
‎06-11-2020 09:40 AM
1 Karma
‎06-11-2020 09:40 AM
1 Karma
Doing an extra rex on the date field to split out the date parts should work.  I tested it using the following SPL and it appeared to work. | makeresults | eval Message="The previous system shutdown at 10:48:10 AM on ‎6/‎11/‎2020 was unexpected." | rex field=Message "(?i)at\s(?P<shutdown_time>[^\s].+)\son\s(?P<shutdown_date>[^\s]+)" | rex field=shutdown_date "(?<month>\d{1,2})\/.(?<day>\d{1,2})\/.(?<year>\d{4}).*" | eval shutdownAt=month + "/" + day + "/" + year +" "+shutdown_time | eval shutdownepoch=strptime(shutdownAt,"%m/%d/%Y %I:%M:%S %p") | table Message, shutdown_time, shutdown_date, shutdownAt, shutdownepoch, month, day, year   ... View more

Re: Strip datetime and group by filename

by in Splunk Search
‎06-11-2020 09:13 AM
‎06-11-2020 09:13 AM
Assuming that the strings above are source/filename (or another field) within the events, would the below work for you?  This should at least give you fields from the string that you can use with your stats command. | makeresults | eval source="File successfully sent - AllOpenItemsPT_20200610_08-00.csv.zip @08:00" | append [| makeresults | eval source="File successfully sent - AllOpenItemsPT_20200610_10-15.csv.zip @10:15"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsPT_20200610_11-00.csv.zip @11:00"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsMaint_20200610_07-00.csv.zip @07:00"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsMaint_20200610_09-00.csv.zip @09:00"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsMaint_20200610_13-00.csv.zip @13:00"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsUS_20200610_12-00.csv.zip @12:00"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsUS_20200610_14-30.csv.zip @14:30"] | append [| makeresults | eval source="File successfully sent - AllOpenItemsUS_20200610_17-20.csv.zip @17:20"] | rex field=source "(?<prefix>File successfully sent - AllOpenItems)((?<description>[^_]*)_(?<dt>[^_]*)_(?<tm>\d{2}-\d{2}))" | table _time, prefix, description, dt, tm | stats values(description) as description   ... View more
Contact Me
Online Status
Offline
Date Last Visited
a week ago
Karma from
View All
Karma given to
View All