Help in writing regex
Hi, I wanted to extract the words that comes after 3 back slashes as field API Example : /v1/batterythreshold/inactivate /v1/batterythreshold/retrieve /v1/batterythreshold/save /v1/chargelogs/delete...
View ArticleLookup Table Question
Hello, This probably a stu*** question, but I am not able to find a clear answer. My code to generate the lookup table works. Here are the contents of my lookup table. Input field **acct** Ex: *user1*...
View ArticleLog extrapolation problem
Good evening we have installed splunk enterprise Version 6.6.0.0 If we look for logs the extrapolation is ok If we save as an .excel file there are only 10,000 records and the rest of the logs are not...
View ArticleUnable to login splunk instance with the admin login credentials created...
hi, Towards splunk tool installation completion step, when I accept license and start splunk service I was asked to create login which was successful and completed the installation process. When I...
View Articlehelp for doing a pie chart from 2 subsearch
hi I have the search below `test` [| inputlookup host.csv | table host | rename host as USERNAME ] | lookup aps.csv NAME as AP_NAME OUTPUT Building | lookup cmdb.csv HOSTNAME as USERNAME output...
View ArticleFormat event in search
Hi, I am running a search and the event structure is displaying as: { [-] line: 2019-09-27 11:47:29,696 [server] INFO [http-nio-8079-exec-1] [] [] o.s.w.s.DispatcherServlet | Completed initialization...
View ArticleAfter upgrade to 7.3.1 file upload is stopping after 80 events
I have a file monitor running on my heavy forwarder and after my upgrade to 7.3.1 it is only loading the 1st 80 events.. there are over 600 events in the file and this worked fine prior to the upgrade....
View ArticleLooping stats sum w/variable input fields
I have a summary indexed search that runs every 10 minutes, totaling our total unsanctioned email usage. Each unsanctioned email application is calculated and returned with the total MB in/out per...
View ArticleSplunk Indexers Physicial memory usage high
Hi , I am currently experiencing high memory usage on my indexers when i saw the memory usage , i saw a high amount of memory caches below, total used free shared buffers cached Mem: 516761 477169...
View ArticleAdjusting size of graphic/window
So this is a real cool visualization, I'm hoping to use it in a few places. I'm hoping you can hlep with an issue we're having though. If we choose a large enough time window in the picker, and have...
View ArticleInstallation error on Windows 10 - Error writing to file "Splunk.pdf.js file"
Kindly assist in installing the **Splunk 7.3.1** Enterprise version in my Windows 10,64 bit PC. First time installing Splunk in my new laptop. I'm installing though the only user (**Administrator...
View ArticleOracle audit unified template SQL query not working for rising column
Hello I am trying to get oracle unified logs into Splunk using Splunk DB connect and Oracle Add-on for Splunk. `oracle:audit:unified` has default template with sql query : SELECT * FROM (SELECT...
View ArticleSearch query for events when a field value changes
Is there a splunk search idiom that I can use to get all the events in a dataset whenever a particular field value ***A*** changes over time with respect to another field value ***B***? For example, if...
View ArticleUsing splunklib.modularinput without making a class
I've code that looks like this #!/usr/bin/env python # ######################################################################### # Program : verodin_get_jobs.py # Purpose : # Programmer : Joe Hughes #...
View ArticlePopulate stats with 2 field values
Sample set of logs with fieldnames (time, name, and status) from one index=test 1. name=X1 status=FAIL time=7am 2. name=X1 status=FAIL time=7:01am 3. name=X1 status=SUCCESS time=7:02am 4. name=X2...
View ArticleRenaming extracted values
I have the following data: Code Area 1234.1234 ABC 9933.9933 DEF 6611.6611 GHI 8910.8910 ABC 8910.1111 ABC Query looks like the following: | inputlookup combined.csv | search Code=* | eval...
View ArticleSplunk query to find the timestamp of each (Login, Logout, Expire) keyword...
Hi Guys, Can anyone please help me in below query. I want the name of all log files with details of keywords from each sourcetype. If there is keyword present in the specific log file then the last...
View ArticleWhat are the implications of enabling suppress_sourcename in your Windows...
To improve indexing speed for windows security events, we have been told to enable: suppress_sourcename suppress_checkpoint suppress_keywords suppress_type suppress_opcode We did see our indexing...
View ArticleTimechart of two stats with split by same field, one as overlay, then color...
I've been doing ugly hacks around this need for months and now I need to dig in and figure out an eloquent solution even if it means learning some new skills. I need to `| timechart` two stats - `Total...
View ArticleIP address extraction across different pattern of events
I'm trying to extract IP (v4) addresses from different events. For instance, for an event such as: [...] sent ping to 1.1.1.1:514 [...] this rex command works just fine: | rex field=_raw "...
View Article