The dojo of Splunk. Learn, share, teach, mentor.

Welcome to
splunkninja

Sign Up
or Sign In

Or sign in with:

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Added by Michael Wilde
Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Added by Michael Wilde

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Added by Michael Wilde

Latest Activity

Michael Wilde replied to Nikita's discussion Count failures and success via transaction

"How are these transactions linked together... by a field called "ID"? If so.. just build them with the field ID, and then use one of the MV commands to extract a field with success or failure in it. Paste some samples and…"

17 hours ago

Linus Myrefelt updated their profile

Tuesday

Marie updated their profile

Monday

Marie is now a member of splunkninja

Monday

Welcome Them!

Jitter and matthew arguin joined splunkninja

May 18

Matthew Carter and Nikita joined splunkninja

May 17

Nikita posted a discussion

Count failures and success via transaction

Hi,I'm a new in Splunk so sorry for the stupid questions.I want to calculate failures in logs.For example we have request log and response log."request" OR ("fail" OR "response") |transaction startsWith=("request") endsWith=("fail" OR "response") maxpause=5s keepevicted=false maxspan=25s id |eval Failure=if(searchmatch("fail"),1,0)| eval Success=if(searchmatch("response"),1,0) | stats count(Failure) as FailureCount, count(Success) as SuccessCount | table FailureCount SuccessCountThat query…See More

May 17

1 Comment

Andrea Judy is now a member of splunkninja

May 16

Welcome Them!

Perry St. Louis, MO United States Minor Outlying Islands: Share on Facebook Share on Facebook Share Twitter

Blog Posts
Discussions (1)
Events
Videos

Perry's Apps

Perry's Discussions

Regex help
1 Reply

Started this discussion. Last reply by Michael Wilde Oct 3, 2011.

View All

Perry's Page

Gifts Received

Perry has not received any gifts yet

Give Perry a Gift

Latest Activity

Michael Wilde replied to Perry's discussion Regex help

"Perry... think it out... talk it out.. like this.. a backslash, ( followed by any character that is not a backslash ), followed by a backslash. I put the parens around the phrase above, because we'll use that as a capturing…"

Oct 3, 2011

Perry posted a discussion

Regex help

I am trying to pull out the hostname of a virus scan message and create a new field, but I am not having any luck. This is the part of the log I am trying to run a regex against: virus detected in \HOST001\SERVER-AV-1\I can't seem to get what is between the first \ and second \ Any help would be appreciated See More

Oct 3, 2011

1 Comment

Perry is now a member of splunkninja

Oct 3, 2011

Welcome Them!

Profile Information

Are you an existing splunk user?: Licensed

What do you do for your day job?: Security Analyst

Comment Wall

No comments yet!

You need to be a member of splunkninja to add comments!

Join splunkninja

Badges | Report an Issue | Terms of Service

#xg { position:relative;top:120px; } #xn_bar { top:120px; }

Hello, you need to enable JavaScript to use splunkninja.

Please check your browser settings or contact your system administrator.

Videos

Stuff Splunkers Should Know (1) - PerfMon / WMI Collection in Splunk 4.2

Splunk + SCOM - Troubleshooting .NET at Lightspeed!

Splunk Ninja - Basic Training: Splunk & LDAP Authentication

Top Content

Count failures and success via transaction

Latest Activity

Count failures and success via transaction

Perry's Discussions

Regex help 1 Reply

Perry's Page

Gifts Received

Latest Activity

Regex help

Profile Information

Comment Wall

You need to be a member of splunkninja to add comments!

Regex help
1 Reply