Splunk Search

Ask a Question

Discussions

Thread Info

How to extract field with regex such as sentence with space

Hi regex masters, Please help me. Below are sample xml logs. Incident Number: 151719935 Date Of Incident: 1...

by Splunk Employee in

How to apply the fit command with a "by" field

Hi Everyone, So I have data like this in my lookup table fields A | B | C 10| 2 | red 4 | 6 | red 9 | 1 ...

by Explorer in

Almost no search results after upgrading to 7.0.0

Upgraded from 6.1 to 7.0 and now none of my old searches gives any results i.e dashboard searces. As a Splunk rook...

by Path Finder in

How to trigger an action when no results are found (without using the settings in a saved alert)

My organization using something called Ticketer to in Splunk to auto-generate an incident form when something shows u...

by Explorer in

single value trend with earliest

I've got the followingsearch: | stats values earliest(AG_Z) AS A_Z values earliest(D_AG) AS D_A_I | eval eA_Z=str...

by Path Finder in

How to extract user behavior pattern during peak load from web access log

From NFR perspective trying to figure out how to use Splunk to extract user behavior pattern during peak load conditi...

by New Member in

How to make list(x) include all values?

list(x) does not return all values. If I have white space as my value, list omits it. Here is a simplified example of...

by New Member in

Splunk Light Email Anonymization before Indexing

Hello everybody, I am new to Splunk and I try to anonymize an email adress of my Logfile with the help of files p...

by New Member in

We are getting error when we search with windows index , this is happening from past month

Below is the error we got [hsplunkp01] Dispatch Runner: Configuration initialization for /opt/splunk/var/run/sear...

by Explorer in

Session duration calculation

Hi, I have this data Time Event 11/13/17 5:12:53.000 PM { [-] analyticType: SessionEnd ...

by Motivator in

How to extract a dynamic String that is comma delimited (it comes directly after a constant)?

The Splunk logs I'm working with are big and don't come with any predefined useful fields. I want to extract a dynami...

by Explorer in

How do we convert rex into makemv?

The following | rex "^(?:[^,\n]*,){8}\"\w+\":\"/(?P<apiURL3>\w+/\w+/\w+/\w+\.\d+/\w+\.\w+)" produces for us the desir...

by Ultra Champion in

What is the right way to join fields from different rows into one?

Within the same index and sourcetype, I have some rows containing type=master and many more rows containing type=slav...

by Path Finder in

How can I extract this email address field and name it "email_id"?

What would be the correct expression to extract only the email address that follows "email="? I then want to call tha...

by New Member in

Why is my Base Search cutting off Fields in the Dashboard view?

I made a dashboard with a single base search passing the results to downstream panels. When I make my panels dependen...

by SplunkTrust in

How can I skip the first two "\n" letters from my fields?

Hello Everyone! I want to remove the first two letters from my fields "\n" how can I do it? \nCDIARIA2 \nCDIARI...

by Path Finder in

Regex for extracting email with a trailing whitespace

Hi, I have log line according to the next template: [2017-11-03 13:55:52,945] [MYPROJ] [EMAIL=xxx@yyy.com] But ...

by Path Finder in

Finding whether firewall hosts sending logs to splunk ?

Hi , I have a list of firewall hosts names and some ips of firewall and i created the lookup of all host names of fir...

by Communicator in

Is it possible find total of transactions in a lookup table

I have a lookup table with personal financial transactions on it. They list like they do when you review transactions...

by Communicator in

Getting error in splunk cloud while running every search in the splunk cloud

Error : " Error 'Could not find all of the specified lookup fields in the lookup table.' for conf '(?::){0}XmlWinE...

by Engager in

Using MVZip and MVExpand on MultiValue fields where one node sometimes exists

Hello friendly Splunk community, May I ask your assistance in dealing with a multivalue field that sometimes conta...

by New Member in

How do I create a piechart visualization with the count of two field values and the sum of both displayed?

I have a query that gives me the count of certain events with keyword 'ab' OR with keyword 'pq'. The query is like th...

by Contributor in

How can I get the count of two different field values in the same search?

My splunk query is , host=x OR host=y OR host=z nfs1 | stats count as nfs1_count In the above case nfs1 field i...

by Contributor in

counting combination of fields

Hi, How would I count a combination of fields in splunk? For example, I have a "from_ip_addr" and a "to_ip_addr" i...

by Champion in

How to get percentages of value pairs

I have a very large set of retail data. The significant fields for this query are store_no, transaction_amt, zip, eth...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract field with regex such as sentence with space

How to apply the fit command with a "by" field

Almost no search results after upgrading to 7.0.0

How to trigger an action when no results are found (without using the settings in a saved alert)

single value trend with earliest

How to extract user behavior pattern during peak load from web access log

How to make list(x) include all values?

Splunk Light Email Anonymization before Indexing

We are getting error when we search with windows index , this is happening from past month

Session duration calculation

How to extract a dynamic String that is comma delimited (it comes directly after a constant)?

How do we convert rex into makemv?

What is the right way to join fields from different rows into one?

How can I extract this email address field and name it "email_id"?

Why is my Base Search cutting off Fields in the Dashboard view?

How can I skip the first two "\n" letters from my fields?

Regex for extracting email with a trailing whitespace

Finding whether firewall hosts sending logs to splunk ?

Is it possible find total of transactions in a lookup table

Getting error in splunk cloud while running every search in the splunk cloud

Using MVZip and MVExpand on MultiValue fields where one node sometimes exists

How do I create a piechart visualization with the count of two field values and the sum of both displayed?

How can I get the count of two different field values in the same search?

counting combination of fields

How to get percentages of value pairs

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6