Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Where are my posts that are awaiting moderation

I just posted a quite elaborate question and it is now awaiting moderation. However, I cannot seem to find it anywhe...

by Explorer in

How to make the chart legend static?

Hey Splunk experts, Please see if you can help me on this: I created a choroplet map chart and it is receiving the...

by New Member in

Splunk REST API body format - What are my options to bulk load users via REST API

I am working on a way to bulk load users into splunk via REST API, what format does the body need to be? My dream is ...

by Builder in

regex to get only the filename and filedate

Hi, My requirement is to show the date when the index got last created or to show the date of the latest file whos...

by Communicator in

Complex request improvement

Hi I would like to improve this complex request : (sourcetype=powershell:rebootPending) |stats latest(Reboot_Pe...

by Motivator in

scripted input interval limit

is there any document for the up limit and down limit of datainput/script? Thank you.

by New Member in

Mismatch '[' error in field extraction using regular expression

I am a new splunk user and apologies for this dump question. I tried to extract a field with the fort "servername:por...

by New Member in

How to get the first 20 characters of a field value in Splunk

Hi Team, I have two fields called Message and Solution. Value of the Solution field is a link which i have defined...

by New Member in

Grep a part of the multiline event.

I want to strip few rows from my log file and create a report in Splunk. Here is a sample even. blah blah blah bla...

by New Member in

Why does the Splunk PDF Reports in 7.0.2 has formatting issues if the scale is in thousands?

Has anyone noticed that pdf reports in 7.0.2 has formatting issues if the scale is in thousands? I have a report that...

by Path Finder in

How to mvcombine results that already have OTHER Multivalue results without messing up the formatting?

Okay, I think I'm losing my mind with trying to work with the formatting of multivalue outputs... Let's say I have...

by Path Finder in

Windows Event Code 4765

I am having an issue trying to get the group name for windows security event ID 4765. I am a little new to using rege...

by Explorer in

FillNull In Timechart

Hi, I'm wondering whether someone may be able to help me please. I'm using the following to extract metrics for a ...

by Motivator in

How can I compare the most recent field extraction in a log to the previous one?

All, I have a log file which produces a MD5sum every hour or so. I'd like to compare the most recent event, with ...

by Builder in

Need help in regex

{"runDate":"2018-04-18T00:31:46 EDT","dataDate":"20180319","jobName":"experianCounters","counterList":[{"counterName"...

by Explorer in

Optimize join for audit logs

I have a search that returns correct results. However, the join subsearch portion is constantly hitting the max 50000...

by Explorer in

how to remove start and last character from field value in splunk using single command

how to remove start and last character from field value please find the example below Example test=road-car tes...

by Explorer in

inputlookup shows no results after adding two more columns to csv

I had 3 columns initially in the csv file. I added two more and added the same in the inputlookup command. But no tab...

by Engager in

Basic Key Value extraction

Hello, I receive message like this : topic="Sniffer" message=""timestamp"="1524387631351","process"="com.x.and...

by Explorer in

How to search for multiple fields with 2 sourcetypes?

HI All, I need to search two sourcetypes and multiple fields at the same time. Following query is working correct...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Where are my posts that are awaiting moderation

How to make the chart legend static?

Splunk REST API body format - What are my options to bulk load users via REST API

regex to get only the filename and filedate

Complex request improvement

scripted input interval limit

Mismatch '[' error in field extraction using regular expression

How to get the first 20 characters of a field value in Splunk

Grep a part of the multiline event.

Why does the Splunk PDF Reports in 7.0.2 has formatting issues if the scale is in thousands?

How to mvcombine results that already have OTHER Multivalue results without messing up the formatting?

Windows Event Code 4765

FillNull In Timechart

How can I compare the most recent field extraction in a log to the previous one?

Need help in regex

Optimize join for audit logs

how to remove start and last character from field value in splunk using single command

inputlookup shows no results after adding two more columns to csv

Basic Key Value extraction

How to search for multiple fields with 2 sourcetypes?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...