Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Replacing Xml header at search time

i want to remove the header tag in the xml during search time as it was not properly quoted also, please help with...

by Builder in

How to deal with nested JSON containing variable numbers of objects

I'm trying to work with the aws:description events to track changes to security groups. The events are in a nested J...

by New Member in

In search - Dynamic REX loading.

Hello, I´m trying to load custom rex field extraction if another field has a certain value, for example:if logtype=...

by Explorer in

splunk

I have logs like below Email information for the template:payment_receipt_ppo_1 Posted Successfully with status:200...

by Observer in

[Need Help] how to expand 'OTHER' column created by stats command

Hi team, when I use stats command to group and aggregration. For example: <base query here>| bin span=1d _time|...

by Path Finder in

Combining Searches from Multiple Sourcetypes

Looking for some advice on combining searches from multiple sourcetypes into a single report for my auditing team. Th...

by Explorer in

splunk search

I have logs like below Email information for the template:payment_receipt_ppo_1 Posted Successfully with status:200...

by Engager in

Join command not working

I want to extend the results of the first search : add the column category (from the 2 search) to the results of the...

by Path Finder in

Count Single Occurrence Based On Value

Hello, Need some help with the below. We have multiple entries for a single IP that has multiple results as the St...

by Engager in

Regex help

I am currently trying to use a regex to pick out the events with the date '2020XXXX' - I want the regex to search pic...

by Explorer in

Strange foreach behaviour with wildcards

We all know that foreach * will work on all the fields in the result row right... Well it seems that when using dat...

by Champion in

How to exclude the results from main search that matches with sub search

Here is my problem statement: 1st Query: index=test "TestRequest" | dedup _time | rex field=_raw "Price\":(?<price>...

by Explorer in

Filter rex value in where clause

Hi, I want to filter the below rex value in where clause but its not working. | rex field=_raw ":[ ]*(?<error>[^:...

by Observer in

How to pass IP argument for API call to Python script and integrate with generating command?

Hi, I'm very new to splunklib and not so experienced in programming and breaking my brain on this. I have 2 script...

by New Member in

XML epoch time to time

I want to extract dailyTime from XML and convert it into time <globalView id="108" version="17" recordC...

by Loves-to-Learn Lots in

I want to index fieldName which contains square brackets

Hi,I want to index a fieldName which contains square bracketsBelow is the key-value pair format I have and splunk is...

by Explorer in

Event correlation

There's been numerous other questions that I've read through to see if a similar situation has been asked but so far ...

by Explorer in

Extracting details from windows logs

Hi I'm new to splunk and hope you guys are having a good day!How can I query and extract out the information from thi...

by Engager in

[SmartStore] How to map report acceleration report with the corresponding buckets?

After Smartstore was enabled for deployment the indexer's log's are flooded with messages like"INFO CacheManagerHandl...

by Splunk Employee in

Show only fields values found in subsearch

I have search like below to show me 'src_ip' and 'count' every last 10 min index="pan" sourcetype="pan:threat" earl...

by Engager in

Splunk Search

Discussions

Replacing Xml header at search time

How to deal with nested JSON containing variable numbers of objects

In search - Dynamic REX loading.

splunk

[Need Help] how to expand 'OTHER' column created by stats command

Combining Searches from Multiple Sourcetypes

splunk search

Join command not working

Count Single Occurrence Based On Value

Regex help

Strange foreach behaviour with wildcards

How to exclude the results from main search that matches with sub search

Filter rex value in where clause

How to pass IP argument for API call to Python script and integrate with generating command?

XML epoch time to time

I want to index fieldName which contains square brackets

Event correlation

Extracting details from windows logs

[SmartStore] How to map report acceleration report with the corresponding buckets?

Show only fields values found in subsearch

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

Changes to user or group privileges

Outlier detection

Could not load lookup=LOOKUP-splunk_security_essen...