×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
youngc_splunk
Splunk Employee
Member since: ‎06-12-2015
‎06-28-2025
Community Statistics
Posts 12
Solutions 0
Karma Given 0
Karma Received 3
Member Since ‎06-12-2015
Activity Feed
View All

Re: Stringing together searches

by Splunk Employee in Splunk Search
‎11-21-2024 12:25 AM
‎11-21-2024 12:25 AM
@ecnausysadm , it looks like you're trying to process EDIs.  We now have solutions accelerator for EDIs.  Would like to share what we have if you are interested. ... View more

Re: Custom datetime.xml for x12 format

by Splunk Employee in Getting Data In
‎11-21-2024 12:22 AM
‎11-21-2024 12:22 AM
@timothywatson @hogan24 , it looks like you both are trying to implement a solution with EDIs.  We now have a solutions accelerator for EDI documents.  Let me know if any of you is interested in sharing some information, I can set up a call to introduce. ... View more

Re: How to get the difference of time between 2 ev...

by Splunk Employee in Splunk Search
‎11-21-2024 12:20 AM
‎11-21-2024 12:20 AM
@gajananh999 , it looks like your processing EDI data. We do have a new solution accelerator for EDI transactions.  Love to share some content we have.   Let me know if you're interested. ... View more

Re: Mismatch with values in Join

by Splunk Employee in Splunk Search
‎11-21-2024 12:17 AM
‎11-21-2024 12:17 AM
@tlunruh , it looks like your processing EDI data.  We now have solution accelerator for EDI transactions, I would love to share what we have.  Let me know if you're interested. ... View more

Re: eval isnull() always returns true

by Splunk Employee in Splunk Search
‎11-21-2024 12:14 AM
‎11-21-2024 12:14 AM
@dmrhodes101 , it looks like you are trying to process EDI, we do have a solution accelerator for processing EDIs, love to share some of the content we have.  Let me know if you're interested. ... View more

Re: How to Assign Values for _time at Index Time ...

by Splunk Employee in Getting Data In
‎11-21-2024 12:12 AM
‎11-21-2024 12:12 AM
@_gkollias It looks like you are trying to process EDI data.  We do have a solutions accelerator for EDI, we can share.  Are you interesting in learning about it?  Love to set-up some time to share what we have. ... View more

Re: Why is stanza for inputs conf is not working?

by Splunk Employee in Deployment Architecture
‎11-21-2024 12:04 AM
‎11-21-2024 12:04 AM
My email is youngc@splunk.com Please send me an email, I will send a zoom meeting invite for us to connect. ... View more

Re: Monitoring EDI transactions

by Splunk Employee in Other Usage
‎11-19-2024 12:34 PM
1 Karma
‎11-19-2024 12:34 PM
1 Karma
@pradeepiyer2024 @tscroggins , we have recently launched EDI monitoring & analysis Solution Accelerator, love to connect and see if you are interested in evaluation and feedback. ... View more

Re: Why is stanza for inputs conf is not working?

by Splunk Employee in Deployment Architecture
‎11-19-2024 12:31 PM
‎11-19-2024 12:31 PM
@Naa_Win , we do have an EDI solutions accelerator.  Love to connect and give you some dump on the solution. Let me know if you are interested. ... View more

Splunk Extract Command to process single or double...

by Splunk Employee in Knowledge Management
‎09-08-2021 11:06 PM
‎09-08-2021 11:06 PM
Hello Gurus! I am sure some people may have run in to this.   I am using extract command to parse fields from multi line unstructured event, but the data values are encapsulated by single quotes. Here is the example : ====EVENT 1======== 2021-09-08 00:00:00 ABC status - performance event     name : 'James Bond'     address : 'USA'     age : '100'     occupation : 'spy' performance event END ================== So the the following event, I am using transforms to  transforms.conf [performance_data] DELIMS = "\r\n", ":" So above transforms partially works.  The problem is the values has single quote ' encapsulated. Like this Field name "name"  with value "'James Bond'".   single quote included.  How can I get rid of the single quote? ... View more

Re: In this Splunk's video how do the values of "a...

by Splunk Employee in All Apps and Add-ons
‎08-04-2019 11:52 PM
2 Karma
‎08-04-2019 11:52 PM
2 Karma
Hi @rosho ! I am Young Cho, author of "Getting Started with Splunk Security" app. Saw this question and also saw @woodcock 's good answer. This is to show you the approach (Technique) to engineer features from security activities for either machine learning and applying statistics. So, the real application should really consider the right threshold or it also can be a machine learning, to point out anomalies based on the type of traffic in the network. Also, streamstats should do "| streamstats avg(gap) by src dest" where I feel that it should be by "src dest" instead of just "dest". Let me know what you think and love to know if some of these techniques work for your environment. ... View more

Re: Splunk DB Connect 2: Why am I getting Internal...

by Splunk Employee in All Apps and Add-ons
‎11-11-2015 09:42 AM
‎11-11-2015 09:42 AM
Sam, maybe we should use DB Connect 1 until someone answers this DB Connect 2 issue. ... View more
Contact Me
Online Status
Offline
Date Last Visited
‎06-28-2025 11:37 PM
Karma from
View All