Splunk Search

Discussions

Thread Info

Another regex

Hi, I have this data 10.210.192.15 - - [26/Sep/2017:19:59:59 -0400] "POST /rest/icontrol/sites/315568/network/i...

by Motivator in

Timechart function and graphing specific field?

I would like to capture the value of used_memory_peak_human =>"26.28M" as it increases or decreases from all servers....

by New Member in

How to extract a JSON part from an incoming stream from journald to output only one value with /opt/splunk/etc/slave-apps/_cluster/local/transforms.conf

The JSON part to extract is MESSAGES. We created a REGEX which works in the search, but it should be also added perma...

by New Member in

Is there a difference between guided and manual mode? Is there a difference between real-time and continuous?

Guided and Manual Mode? Real Time and Continuous? Is one more efficient then the other? Thank you. Frank

by New Member in

Graph from key/value pairs

Hello, I am extracting from a database the list of the largest 20 tables. The format would be something like =: ...

by New Member in

Is there away to reload the value of the servername key in etc/system/local/server.conf ?

Hi All Currently we are facing an issue for Some of the universal forwarders have had their hostname updated, but it ...

by Motivator in

Only include certain rows in appendcol- need help building search

So i am trying to convert some of my searches from joins to appendcol to improve performance but I am running into so...

by Path Finder in

How to use a different field other than _time to group events based on a desired time interval (e.g. 1 week)

I'm working with ServiceNow incident logs and I'm trying to group events weekly, based on their final state in the we...

by Path Finder in

Why are some undefined field searches faster than searches where you define the field and value you are looking for?

So I noticed that when I run two searches like the following and I am looking for a value, in this case some computer...

by Contributor in

Seems to be complicated regex day

Hi, I have this data 10.210.192.15 - - [26/Sep/2017:19:59:59 -0400] "POST /rest/icontrol/sites/315568/network/i...

by Motivator in

search string query

Hi I can use the search string to get the statistics output index=data sourcetype="data1" host=HOSTA | stats coun...

by Explorer in

Can I use dedup to remove a duplicate value in my report and to show only the last log? Other options?

hi i have one problem in making report. in my report result i have repeated name how can I avoid to not show the rep...

by Explorer in

Create a table with _time and a custom fields

I'm lost. I'm trying to capture the _time and UserName (custom field) from a search and use the _time to find events ...

by Engager in

Extracting multiple values from a Field

I have a field in Windows Backup Events named VolumesInfo Sample: <VolumeInfoItem Name="System" OriginalAccessPath...

by Builder in

Help with writing this search to detect users accessing unauthorized devices?

Hello, I am trying to create a correlation search that will detect users accessing devices for which they aren't a...

by Explorer in

Help extracting a field from raw data and generating a count

For a simple query - index=app_au ms.ab=true I have a raw output of - {"dtm":"2017-09-27 10:44:42.389 PDT",...

by New Member in

Parse field from JSON logs and build a stats table with data

Hi all, Very close with the offerings in other JSON/SPATH posts but just not getting it done. We have a JSON fo...

by Path Finder in

Splunk lookup using csv-keys as input and csv-values as output

I have event data as follows: a,b,",1,2,3,",c,d And I have lookup table as follows key, value 1, one ...

by Path Finder in

missing users.ini file

I have been getting a message that says that a file has been improperly modified or missing. The result of the integr...

by Communicator in

Can I perform stats count on a substring using regex?

I have log events such as activity:http://xyz/rest/876 http://xyz/rest/223 http://xyz/rest/263 http://xyz/rest/4534 h...

by Engager in

Is it possible to use a column from a .csv lookup file as a column in the results?

So, I tried https://answers.splunk.com/answers/480296/how-to-add-an-additional-column-in-my-results-from.html?utm_sou...

by New Member in

How do we find the first non-zero packet loss event?

example dated newest to oldest : { "ip_address": "255.255.255.255","loss_pct": 0, "device_id": "ABC"} { "ip_address":...

by New Member in

Are function names case-sensitive?

The following query did not return any results: ... | stats count(EVAL(error_code=2000)) ... I had to use lowe...

by Communicator in

Merge two tables from two different sources

i have a requirement to merge two tables **table 1** appname | source app1 | src1 app2 |...

by New Member in

Custom Trigger Condition for alert if not specific destination IP

I am attempting to create a custom trigger condition for the alert below that will only trigger if the dest_ip does n...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Another regex

Timechart function and graphing specific field?

How to extract a JSON part from an incoming stream from journald to output only one value with /opt/splunk/etc/slave-apps/_cluster/local/transforms.conf

Is there a difference between guided and manual mode? Is there a difference between real-time and continuous?

Graph from key/value pairs

Is there away to reload the value of the servername key in etc/system/local/server.conf ?

Only include certain rows in appendcol- need help building search

How to use a different field other than _time to group events based on a desired time interval (e.g. 1 week)

Why are some undefined field searches faster than searches where you define the field and value you are looking for?

Seems to be complicated regex day

search string query

Can I use dedup to remove a duplicate value in my report and to show only the last log? Other options?

Create a table with _time and a custom fields

Extracting multiple values from a Field

Help with writing this search to detect users accessing unauthorized devices?

Help extracting a field from raw data and generating a count

Parse field from JSON logs and build a stats table with data

Splunk lookup using csv-keys as input and csv-values as output

missing users.ini file

Can I perform stats count on a substring using regex?

Is it possible to use a column from a .csv lookup file as a column in the results?

How do we find the first non-zero packet loss event?

Are function names case-sensitive?

Merge two tables from two different sources

Custom Trigger Condition for alert if not specific destination IP

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions