Splunk Search

Ask a Question

Discussions

Thread Info

Please help me with the search command that will only display the list of last 30 days events

Hello, Please help me with the below:- 1) search command that will only display the list of last 15 days events...

by New Member in

Splunk Asset Filtering and Enrichment (at scale)

Hi, I'm still fairly new to Splunk (come from an ArcSight background) so apologies if this is a silly question. ...

by New Member in

Base search query for different dashboard panels

Hello Everyone, I am new to base search and need some help from you. With the help of base search, I want to ...

by Path Finder in

How to write a regular expression to extract this field from my sample sysmon log?

I am cannot quite get the regex working that I am looking for. I want to extract AcroRd32.exe Here is the sample t...

by Explorer in

A single event has two dates. How do I count the number of days excluding weekends and holidays between these two dates?

A single event has two dates. How do I count the number of days excluding weekends and holidays between these two dat...

by Explorer in

regex help!

How to extract the IP OR hostname from the field "source"? source=/opt/var/log/splunk/ciscoasa/11.12.22.345/2017_0...

by Builder in

change hostname in data summary

hi i have problem in splunk.our company has firewall and the logs of firewall is sending to splunk,i want to change t...

by Explorer in

i want to cut all the words after Modified at first present. i used the command its only cutting Modified value others are still presents. | rex field=ER mode=sed "s/Modified\S+//g "

Extesnded value Associaated With destiny: "LineIces" - "Actio1n Cod2e"; Modified: Extends Aribute - "Action"; Old Val...

by Builder in

i want to ignore the text before modify and want to text after that. i want to pick from the first modify present and want entire text. it should not start from 2nd modify if present

Ex : hello how are you. pls modify the request and update. modify request cant be done and failed.

by Builder in

Problems with concurrent searches

When I perform a search it shows me the message of having exceeded the limit of concurrent searches, however in the j...

by New Member in

Unable to sendmail to multiple recipients

Unable to send email to multiple people. How to send to multiple email recipients ? index="customscripts" sourcety...

by Communicator in

Reading in a list of username, counting them and create comparison to previous month

I need to read in a file of exchange mailboxes and usernames/accounts, provide the total number of mailboxes, usernam...

by Explorer in

Success vs Entry (Effectiveness interval problem)

Hi! I'm having trouble creating effectiveness indicators (focused on the end user) because some cases begin at the...

by Explorer in

ESA field extraction using regex!

Hi How to extract the field for the below sample ESA logs. Sun Jun 11 17:33:36 2017 Info: Double bounce: MID 11...

by Builder in

replacing parts inside string

I had a field of this value nameSpaces = ["url1"] nameSpaces = ["url1", "url2"] I got rex to change ["url1",...

by Path Finder in

Regex a field into more fields

For some reason the builtin field extractor is not working for me, and I am unable to successful create a .conf stanz...

by Contributor in

How to search a list of words from csv file (lookup) in specific index events

I have a lookup table which contains only one column with hundreds of entries, now I would like to search every word ...

by Explorer in

Handling XML Events With Embedded Carriage Returns

I'm getting events from a device and on rare occasions the event data contains an embedded carriage return. I've trie...

by Contributor in

Multiple line charts representing a single field for multiple hosts

I have the log files of several hosts and wish to represent a single field CPU usage for each of them as a separate l...

by Explorer in

Regex help involving double quote

I have a whole bunch of these and I need what comes after ?desktop= and before the " - for this particular log I need...

by Motivator in

Merge 2 columns into one

I have a query that returns a table like below Component Hits ResponseTime Req-count Comp-1 100 2.3 Comp-2 5.6 240...

by Path Finder in

Ignoring multiple values from field

Brain must not be working today. This should be a simple one. I am trying to ignore multiple values from a field... T...

by Contributor in

Add count to user journey flow in Splunk App for Web Analytics

Dear Community, I have a problem. I'm trying to add the count per bar to my user journey flow in "Splunk App for W...

by Path Finder in

grouping by host

I have to calculate the change of a field(xyz) over the past 6 hours on a per host basis. I have calculated the same ...

by Explorer in

Compute row differences

Hello everyone! I have a very simple result table that looks like this: _time s duration 2/10/13 12:20:22.000 P...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Please help me with the search command that will only display the list of last 30 days events

Splunk Asset Filtering and Enrichment (at scale)

Base search query for different dashboard panels

How to write a regular expression to extract this field from my sample sysmon log?

A single event has two dates. How do I count the number of days excluding weekends and holidays between these two dates?

regex help!

change hostname in data summary

i want to cut all the words after Modified at first present. i used the command its only cutting Modified value others are still presents. | rex field=ER mode=sed "s/Modified\S+//g "

i want to ignore the text before modify and want to text after that. i want to pick from the first modify present and want entire text. it should not start from 2nd modify if present

Problems with concurrent searches

Unable to sendmail to multiple recipients

Reading in a list of username, counting them and create comparison to previous month

Success vs Entry (Effectiveness interval problem)

ESA field extraction using regex!

replacing parts inside string

Regex a field into more fields

How to search a list of words from csv file (lookup) in specific index events

Handling XML Events With Embedded Carriage Returns

Multiple line charts representing a single field for multiple hosts

Regex help involving double quote

Merge 2 columns into one

Ignoring multiple values from field

Add count to user journey flow in Splunk App for Web Analytics

grouping by host

Compute row differences

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Stats tables showing empty cells

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas