Splunk Search

Discussions

Thread Info

How to keep only certain users events from Windows event log security?

Hello, I would like to filter, at the indexers, events coming from WinEventLog:Security to keep only certain users . ...

by Communicator in

My regex is not working in Splunk although it works at regex101.com

Hello, I have a field "group" these field contains some values with a prefix: "AD-". I need to get rid of the pref...

by Explorer in

How can I get the value of a token as a search eval for another token?

I have the following xml: I want to have Name=$unit$ for the line eval token. And will have other conditi...

by Contributor in

Trying to get the value of a field for the previous month

Hi, I'm working with an old data where I need to get the value of a field for the 'supposed' previous month. He...

by Path Finder in

同じSourcetypeで複数のhostからデータを合計する方法について

同じSourcetypeで２つのhostから受信しているcsvに含まれる値を合計したいのですが、searchの方法を教えてください。 host-Aから受信しているcsvのA列(field_A)とB列(field_B)、およびho...

by Engager in

Combining two field into one output

Hi, Below is the query which generates the table output. index=abc sourcetype=report | table company_id , compa...

by Path Finder in

Date displaying as a string

I have a string field (publication_date) that is displaying a date in the following format YYYY/mm/dd. Ultimately I w...

by Explorer in

How to limit the number of bars in a bar graph

I have a query that produces a bar graph of the number of hits in a page. I want to limit this to the top 5-10 values...

by Communicator in

summing values from stats

Hi, I have a query that produces a stats table that looks like this company count testco ...

by Motivator in

I need help with a regex for line_breaker in props.conf

Hi Team, Need help with regex for LINE_BREAKER attribute in props.conf. I have below log pattern delimited by |...

by Communicator in

Get environment variables in alert action script?

How do I get the environment variables, for example $env:user$ into my alert action script? I've tried adding a param...

by Explorer in

How to Check Remote Server's Date and Time Settings (Windows)

I was wondering if there was a way to search for the Date and Time settings on a remote server? I can't seem to find ...

by New Member in

How can I combine these two searches of the count of field A and the count of field B?

Hi, I have these two queries This one gets the number of camera sessions index=wholesale_app buildTarget=bla...

by Motivator in

Regular expression - need to extract a field

I am trying to do named extraction for the field sample for each event but failing for some reason. Please help! here...

by Communicator in

How to count the number of occurrences of a word in an event?

Hello Guys, I have a log as the following and i need to count the number of occurrence of TagID word in such event...

by Builder in

Why don't my dynamic titles for month names work?

I have tried to pass a token into a panel title from a search that creates month names for last month and the month b...

by New Member in

need to display zero if count is zero for data that is searched dynamically from a lookupfile

i am matching strings from the lookup file(only has one column with my_field) and then checking occurrence count of e...

by Contributor in

How to re-index a file everyday, even when the file is not updated?

Hey All, We have a file which has the version number of an application in the below format : version = 4.0 The...

by Contributor in

How to parse a field value that is delimited by "/"

I have a field for a CVSS vector, and I want to parse it so I can compare each section to a lookup and put it in laym...

by Path Finder in

Saved Search runs after Uninstallation of App

I installed an App from Splunkbase for Testing purposes. The app came with Custom Searches which i had scheduled a...

by Builder in

foreach with subsearch

i search in splunk , seem that foreach cannot pass the '>FIELD<' into Subsearch , i search that have to use map comma...

by New Member in

To display actual logs time by using Timechart command

Hi Everyone I am trying to create a timechart report and I want to display the Output of the Log event time field ...

by Explorer in

Group events by a field and fetch those ones where a second field does not match a given value

I have these events with CID which normally come as a pair of TranType Request and Response. 2017-12-04 09:45:01 CID=...

by Engager in

Automating 20 diffrent searches on a single .csv log file , and getting textual feedback from this searches added to report.

I have 20 searches to be performed on a single .csv log file . Every search results a different feedback like "missin...

by New Member in

Splunk has built-in mbtiles server. Can this be used for mbtiles that we create ourselves?

I noticed that our splunk installs have a $SPLUNK_HOME/share/splunk/mbtiles/splunk-tiles.mbtiles file. This makes ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to keep only certain users events from Windows event log security?

My regex is not working in Splunk although it works at regex101.com

How can I get the value of a token as a search eval for another token?

Trying to get the value of a field for the previous month

同じSourcetypeで複数のhostからデータを合計する方法について

Combining two field into one output

Date displaying as a string

How to limit the number of bars in a bar graph

summing values from stats

I need help with a regex for line_breaker in props.conf

Get environment variables in alert action script?

How to Check Remote Server's Date and Time Settings (Windows)

How can I combine these two searches of the count of field A and the count of field B?

Regular expression - need to extract a field

How to count the number of occurrences of a word in an event?

Why don't my dynamic titles for month names work?

need to display zero if count is zero for data that is searched dynamically from a lookupfile

How to re-index a file everyday, even when the file is not updated?

How to parse a field value that is delimited by "/"

Saved Search runs after Uninstallation of App

foreach with subsearch

To display actual logs time by using Timechart command

Group events by a field and fetch those ones where a second field does not match a given value

Automating 20 diffrent searches on a single .csv log file , and getting textual feedback from this searches added to report.

Splunk has built-in mbtiles server. Can this be used for mbtiles that we create ourselves?

Dashboards: Hiding charts while search is being executed and other uses for tokens

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions