Splunk Search

Discussions

Thread Info

How do I delimit multivalue fields?

Dear All, We have a scenario, where For each Application_ID, Application_Name is having multi-value and delimited....

by Explorer in

How do you compare sets of field values from two searches?

I'm basically trying to identify whether some of my hosts are not doing something successfully as it should be in a d...

by Explorer in

Single value with trend for duration?

I have been searching about this for the last couple of days. I don't think Splunk have this feature but I just want ...

by Contributor in

When I search for top public IP addresses results include my LAN subnet

Hi mates, I'm figuring out the reason, why I'm looking LAN addresses as source IP if my search is clearly filterin...

by New Member in

Rex command to extract multiple values from base query

I have below text and i need to extract "Successfully Sent" FTP Ipaddress and store number. I could extract first por...

by Communicator in

How to split multivalue fields after lookup?

Hello after a search like this: index=myindex|lookup mycsv.csv host_ip I have the following output: ...

by New Member in

Can I join a data model with a lookup using a wildcard character (*)?

Hi I have an issues where I am joining a Data-model with a lookup table and its working very well. We are looking ...

by Motivator in

Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file

I have two lookup csv files. file1.csv and file2.csv 1st query results me with field1 which has a pattern match i...

by Communicator in

How to combine Fw: and Fwd in email Subjects

Let's say I had used a search like: index=mail RecipientUserDomain=user@domain.com | stats count by Subject | sort...

by New Member in

Can you remove a unit of measurement from a field value?

I'm trying to calculate man hours, but my field format is "12 Mins" not simply "12". How can I either calculate this ...

by Engager in

Option to extract one specific field from different patterns in one go ?

For the same sourcetype, I have a lot many different patterns from which I want to extract one specific field. Is the...

by New Member in

Joining 2 sourcetypes ( 2 types of events ) based on time range

We have 2 sourcetypes that we would like to somehow do a join based on if sourcetype2 has a ArrivalDateTime that fall...

by New Member in

How to count the occurrence of a field/string per transaction for events grouped with the transaction command?

I have custom log file in which we all logging various activities in a transaction context (correlation ID). In this ...

by Explorer in

Need help with regex to extract "error" from "url :/test.com/error.html"

How to capture only word that has white the start and end : - 1) ERROR 2) url :/test.com/error.html 3) this is my...

by New Member in

FEATURE REQUEST: Trellis timechart with color by field

Ok, I've figured this out for pie charts, but it seems I'm not able to do this for timecharts in trellis? I'd like to...

by Motivator in

Custom field extraction and table output

Hi Team, I have the below sample log file. I want to filter all the lines starting with "NET," and also want to cr...

by Engager in

Dynamic number of timecharts of field values by another field

Sorry if the description isn't clear. Essentially, I'm making a dashboard to display the trends of a project from a l...

by Communicator in

Search query using spath and mvexpand on multi-value nested JSON doesn't scale

Hi Splunk Experts, I am sending events to Splunk Enterprise in the following nested JSON format: { complia...

by Explorer in

inner join/append with two Where commands.

I want to join two search's for an alert, I want to alert when the "difference " is above 30 AND the "Total_GB_Used "...

by Contributor in

Search syntax for comparing events over 30-day timespan

The purpose of the query is to identify those events that occurred after 10/14/2017 01:00:00 that had not occurred in...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I delimit multivalue fields?

How do you compare sets of field values from two searches?

Single value with trend for duration?

When I search for top public IP addresses results include my LAN subnet

Rex command to extract multiple values from base query

How to split multivalue fields after lookup?

Can I join a data model with a lookup using a wildcard character (*)?

Search for a pattern in a lookup CSV file which is received from first search from another lookup CSV file

How to combine Fw: and Fwd in email Subjects

Can you remove a unit of measurement from a field value?

Option to extract one specific field from different patterns in one go ?

Joining 2 sourcetypes ( 2 types of events ) based on time range

How to count the occurrence of a field/string per transaction for events grouped with the transaction command?

Need help with regex to extract "error" from "url :/test.com/error.html"

FEATURE REQUEST: Trellis timechart with color by field

Custom field extraction and table output

Dynamic number of timecharts of field values by another field

Search query using spath and mvexpand on multi-value nested JSON doesn't scale

inner join/append with two Where commands.

Search syntax for comparing events over 30-day timespan

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Splunk query usecase on IP scanners

Splunk searches using lookup might get affected if...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?