Splunk Search

Discussions

Thread Info

rename everything not included in case()

I have eval category=case(false(),'category',like('test',"test_11%"),"11tests",like('test',"test_22%"),"22tests",like...

by New Member in

Is there a way to trim URL string from a table?

So, I want to create a table where it shows the time, source IP, and URL. sourcetype=* src_ip=* url=* | table _tim...

by Explorer in

I require rex which stops search on first match of word in string.

I have below raw text. \"LDCAccountNumber\":\"4346780895\",\"BudgetBilling\":\"N\",\"TaxExempt\":\"N\",{\"field\":\"B...

by Explorer in

How to merge multiple searches and combine the result in a tabular format

Hi All, I have the below independent search queries giving the count. ns=app1 Service='trigger1' id=100 | Searc...

by Explorer in

How does subsearch work?

Is it possible to create a new search based off of results of previous search. My example below I use regex to extrac...

by Explorer in

Transforms to mask a bank ID

Hi, I am writing the transforms to hide the bankID for the below event. 14:14:09,573 ERROR [J2DefaultEngine] [0...

by Path Finder in

Is it possible to pass an eval value to table command?

Hi, I have a string with fields that I want to show in a table. (eval -> my_fields) This is my search: | mak...

by Engager in

Does the map command run the entire command, then each row?

So I noticed this while using sendmail can somebody confirm that I understand the map commands functionality? I cant ...

by Explorer in

Backslash regex WinEventLog

Hi guys, I have the log below and need get the third part of the this log using regex. Can you help me with this? ...

by Contributor in

Why can't I use my lookup command after stats command in my search string

I am trying to use stats command to display data organized by My_Field where My_Field is populated by running lookup ...

by Explorer in

How to create a timechart with actual values instead of some function of the actual values (such as sum, avg) etc?

I have a splunk query of the following: <searc> | timechart avg(cache_size) by host_instance That will give me...

by New Member in

How to combine tstats with inputlookup?

I am trying to produce report to get total usage based on time and clientid from a lookup. Here is the regular ts...

by Builder in

How to perform math on a field extracted where there were multiple matches

Hello, I have a log entry with a variable number of possible matches with my regex. i had to use max_matches to ge...

by Contributor in

How to only display rows in table when one field changes?

Hey folks, I have a hard time believing this hasn't come up before, but I didn't find the right kinds of questions...

by Explorer in

Password Spraying Query

Hi, I am trying to create a query that would list all denied logons (EventCode 4625), from a single workstation to...

by Explorer in

Is it possible to push in logs from different customers to various indexes under one Splunk Cloud instance?

Hi, Is it possible to have a splunk SaaS instance like xxx.splunkcloud.com and push in logs from different custom...

by New Member in

Only include certain hours/days for a long term search

I'm looking to run a search over a 4 week period here I find the count of results per week but I want to look for a s...

by Path Finder in

query not allowing search command

I have a following splunk search query: "| datamodel ticket_feed_dm ticket_feed_obj search|dedup ticket_feed_obj.t...

by Path Finder in

Sum values from a table

Hi, I have created a table in splunk and 1 of the fields is numeric('sloc'). I would like to sum the values for ea...

by Contributor in

timeformat for AM/PM in MKTime

What is the timeformat symbol to specify that AM/PM is included in the string? %P appears to work, but results show a...

by Communicator in

Appending multiple search using appendcols

I have a combined search query using stats count and appendcols.I am able to display the combined search result in si...

by New Member in

How can I create a field for error messages?

Hello All, I am beginner of Splunk. I have a requirement like "we are having multiple applications in our syste...

by New Member in

Issue with count -- How can I search a large data set without Splunk truncating the data?

Hi, I would like query all data over the past year and then use "stats count by some fields" to calculate the coun...

by New Member in

Help with regex to extract fields with different patterns

Hello Experts, I am trying to extract some data from events of different patterns and saving in a field called Det...

by Builder in

splunk query help ?

How to write search query to find from particular host is sending any credit card data into splunk by using regex ? D...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

rename everything not included in case()

Is there a way to trim URL string from a table?

I require rex which stops search on first match of word in string.

How to merge multiple searches and combine the result in a tabular format

How does subsearch work?

Transforms to mask a bank ID

Is it possible to pass an eval value to table command?

Does the map command run the entire command, then each row?

Backslash regex WinEventLog

Why can't I use my lookup command after stats command in my search string

How to create a timechart with actual values instead of some function of the actual values (such as sum, avg) etc?

How to combine tstats with inputlookup?

How to perform math on a field extracted where there were multiple matches

How to only display rows in table when one field changes?

Password Spraying Query

Is it possible to push in logs from different customers to various indexes under one Splunk Cloud instance?

Only include certain hours/days for a long term search

query not allowing search command

Sum values from a table

timeformat for AM/PM in MKTime

Appending multiple search using appendcols

How can I create a field for error messages?

Issue with count -- How can I search a large data set without Splunk truncating the data?

Help with regex to extract fields with different patterns

splunk query help ?

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions