Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to search from last occurrence of a string

Hello Experts, I am trying to read the text from the last square bracket (which is TestModelCompany,en_US) 21:1...

by New Member in

IP Watchlist Lookup

Hello, I currently have a search against our firewalls, below is the current search. index=(my index) sourcetyp...

by New Member in

How to group a multi-regex event to form a single event until you find the date only at the beginning of the interaction

Hi, I have the following log format, How can I break this multiline event on condition that "2020-01-23 03:50:4...

by Explorer in

Extract field values by eliminating random strings

I have field values as below , field1=value1 filed2=server1 field1=service/value2/a1 field2=server2 field1=value3 fi...

by Explorer in

Is there a way to enable event sampling in a search?

Is there any way to enable event sampling in a search? I know this can be enabled in a GUI using dropdown list under ...

by Path Finder in

Splunk Get Earliest Data by Index and Sourcetype

Hi All, Is it possible to get the Earliest available date of index and source type . I tried "Tstats" and "Metadata"...

by Builder in

LIcense Usage by Source Type

Can someone help me include sourcetype to my search below? I am trying to run a report for the past 60 days and need ...

by Path Finder in

Need help with rex command

Hello I'm trying to run a rex command to extract "is set to expire" Relying party trust 'ButterCup Games - Test' ...

by Path Finder in

Splunk Regex Engine Fails?

We're trying to extract fields that match this [ FIELD_NAME = S0m3 Valu3 w\ reaLLy $pec!aL ch*rac+3rs ] and write the...

by Contributor in

time-based lookups and kvstore

Hello all, We are having some problems defining a time-based kvstore lookup on Splunk 6.2.0. We tried defining a s...

by Explorer in

kvstore lookups from database.

Hi Please give me any feedback . ideas as to whether I am following the best action. I have a database table that ...

by New Member in

How to incorporate tag in the if-then-else Splunk construct

Hello, I created SPL search, that should pull out the log entries, based on the if-then-else condition, but it does n...

by New Member in

how to extract a string before the @ symbol from an email adress?

I have the username filed extraction as follows in the props.conf which extracts the email address:- [sourcetype_...

by Builder in

Field extraction stanza help in props.conf?

I have the username filed extraction as follows in the props.conf which extracts the username:- [sourcetype_X] EXT...

by Builder in

Can you please help me in creating a table with multiple rows of the same field using stats or some other code?

I need to display multiple rows having the same PARTNUMBER value for each FLITCOMPONENTS and AMOUNT sourcetype=fli...

by Loves-to-Learn in

How to count top results in each column?

Hi everyone, Trying to find out the top 10 values from different host longmessage index functionality.. So tried like...

by Explorer in

empty fields in a table

why does Splunk display empty fields in the table even though there are values there

by Explorer in

Removing values from a field

how to remove values from fields highlighted in red index=main | eval description=case(status == 200, "OK", s...

by Explorer in

Outer Join not working

I have data in a CSV called 25millionLinie_Rule.csv (example below) host,source,count "INTERFACES_BUILD","/hp547sr...

by Motivator in

Different element between two stats values() lists

search made before ...| stats values(user) as AllUsers, values(usr_mod) as ModifiedUsers And it returns two lists...

by Path Finder in

Splunk Search

Discussions

How to search from last occurrence of a string

IP Watchlist Lookup

How to group a multi-regex event to form a single event until you find the date only at the beginning of the interaction

Extract field values by eliminating random strings

Is there a way to enable event sampling in a search?

Splunk Get Earliest Data by Index and Sourcetype

LIcense Usage by Source Type

Need help with rex command

Splunk Regex Engine Fails?

time-based lookups and kvstore

kvstore lookups from database.

How to incorporate tag in the if-then-else Splunk construct

how to extract a string before the @ symbol from an email adress?

Field extraction stanza help in props.conf?

Can you please help me in creating a table with multiple rows of the same field using stats or some other code?

How to count top results in each column?

empty fields in a table

Removing values from a field

Outer Join not working

Different element between two stats values() lists

How to force today's date column to display if no ...

Append causing dashboard panels to use colours for...

Generate timechart with normalized/rescaled data p...

mvexpand issues and alternative needed

Continue on dbxquery Failure