Splunk Search

Ask a Question

Discussions

Thread Info

Help in creating regex for encryption of data?

Hi Splunkers, I am looking for some help in creation of regular expression to Anonymize data with a regular expres...

by Explorer in

How do i search non matching values from two different indexes and display

This is what I am doing extract value until the first occurrence of char & using the search string index="pro...

by Explorer in

Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working.

Trying to search a connections log, top 10 hosts sending the most traffic, need some help, thanks.

by New Member in

How to manipulate the time formats to get the exact results in Status

Hi, I have created a query to fetch the status of some jobs in a particular format. There are different scheduled ...

by Engager in

How can I remove numbers from Y-axis?

Hi! I'm having trouble removing the values 0.5, 1 and 1.5 from the Y-axis in the following dashboard: But ...

by New Member in

Why is the tstats command not displaying all data from a data model?

Hi I have set up a data model and I am reading in millions of data lines. The issue is some data lines are not di...

by Influencer in

Hi, Can i use sum and list command in single query

by Engager in

Please help me in forming Regex.

Hi All, Please help me to extract the email ids which is not between <> angle brackets. Sample event: someon...

by Motivator in

Finding most recent event by host

We are collecting logs from McAfee and Splunk pulls information for each host every 1 Hr. The logs have two fields ho...

by Explorer in

Splunk Dedup by _time and Combine Values Simultaneously

I am working with Exchange 2010 data. I have the MessageID, Sender, Recipients, and _time. Depending on the event typ...

by Engager in

position of a character in a string

Hello I'm trying to do a substr to strings such as: google-public-dns-b.google.com cachewas.tdp.net.pe b.resolvers...

by Contributor in

AVG days for selection of events

In the following search I want to have the average for the events where GB_w is < 15 days | stats earliest(A_Z) AS...

by Path Finder in

setting some token based on the result of search query

Hi, My requirement is to set some token based on the output of search query. my search query return one row and I ...

by Builder in

how to retrieve memory value from GC log

I have below event from GC log, 2017-11-20T23:13:13.311-0800: 205957.353: [GC (Allocation Failure) 5152315K->46477...

by Communicator in

If 3 consecutive files are found > 1KB in size, send an email alert

How can I get results only when 3 consecutive files exceeds 1 KB limit? I tried this with below Query however not ...

by Engager in

How do I use the latest value given to replace a field that is NULL but both event have one common value?

As stated I want the latest value in "Hash Value" and "Type" column to be filled instead of being "NA" and "Unknown" ...

by Path Finder in

Why does rex/regex return different results than field-extraction?

Data: Nov 16 12:50:51 172.23.0.29 Nov 16 12:50:51 dc01 Microsoft_Windows_security_auditing.[1688]: Domain\user1: Secu...

by Path Finder in

Splunk enterprise 6.6.1 - existing custom apps are not opening

We have few custom apps in our splunk enterprise instance which were opening to all user before. Suddenly custom apps...

by Explorer in

How to extract a field using regex at indexing time?

Hi, I'm ingesting the data in JSON format. we have a field event.user, which is auto extracted. is there a way to ...

by Builder in

eval command

Ok I'm feeling kinda stupid this query works index=wholesale_app buildTarget=comcast analyticType=SessionStart ...

by Motivator in

How to assemble a field via indirect references to other fields

I have logs where the these fields exist: raw_message="Dropped table {table_name}" table_name="jobs" and I wan...

by New Member in

Are there any search and performance pitfalls with keeping data in hot buckets for 1 month and moving it from hot to cold directly?

I have gone through the documentation and want to check if a scenario like this will work out: -Hold 1 months data in...

by Explorer in

I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value?

by New Member in

How can I identify duplicates in a multivalue field based on the value of another field?

I need to be able to identify duplicates in a multivalue field. The difficulty is that I want to identify duplicates ...

by Builder in

Tokens and Evals

I am trying to set up a form input and I feel like I'm missing some basic understanding of how tokens work. Our data ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help in creating regex for encryption of data?

How do i search non matching values from two different indexes and display

Trying to search a connections log, top 10 hosts sending the most traffic, doesn't seem to be working.

How to manipulate the time formats to get the exact results in Status

How can I remove numbers from Y-axis?

Why is the tstats command not displaying all data from a data model?

Hi, Can i use sum and list command in single query

Please help me in forming Regex.

Finding most recent event by host

Splunk Dedup by _time and Combine Values Simultaneously

position of a character in a string

AVG days for selection of events

setting some token based on the result of search query

how to retrieve memory value from GC log

If 3 consecutive files are found > 1KB in size, send an email alert

How do I use the latest value given to replace a field that is NULL but both event have one common value?

Why does rex/regex return different results than field-extraction?

Splunk enterprise 6.6.1 - existing custom apps are not opening

How to extract a field using regex at indexing time?

eval command

How to assemble a field via indirect references to other fields

Are there any search and performance pitfalls with keeping data in hot buckets for 1 month and moving it from hot to cold directly?

I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value?

How can I identify duplicates in a multivalue field based on the value of another field?

Tokens and Evals

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!