Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to extract data from log message data using rex field=_raw? Sample data is

How to extract data from log message data using rex field=_raw? Sample data is Instance Name : ABCDEFGH1Connecting ...

by Explorer in

What would be the regular expression when using rex to match fields that end with a range of values?

What would be the regular expression when using rex to match fields that end with a range of values? Sample:"var0"...

by Path Finder in

How to find and extract a json object from a json array based on other json field?

Hi, I have rows that are json based. each row has a field that looks like this: { "students" : [ {"id":"1...

by Explorer in

Referencing a json element- how do I convert "data" into a parsed json?

Hi guys, I'm trying to do something that I expected to be very simple, so I guess I'm missing something big. Th...

by Explorer in

Help with Regex to extract values

Hello Splunk Ninjas! I'm new to the group (and to the splunk) and will require your assistance with designing my re...

by Explorer in

What is the difference between maxspan and timelimit?

the transaction is identified as jsessionid .the spl query to find all transactions which lasted less than 5 sec : ...

by Loves-to-Learn in

If i want to create a macro, do i use ' ' or dollar signs?

when i was studying about macro i sometimes see that we put our arguments between ' ' and sometimes between $ ...

by Loves-to-Learn in

How many email triggered in a day and how to schedule a report to the user?

Hi All i am using the below query and it works fine. i.e how many emails were triggered to a Distribution list in ...

by Explorer in

TimeChart round values: How to create search?

I need to round the max(Delay) and avg(Delay) to 3 decimals in the following command:my search | timechart span=5m av...

by Path Finder in

How to create timechart with 4 count values?

Hi, I'm new as Splunk user,I'm asking your help  I would like to create an easy dashboard with VPN datas....

by Loves-to-Learn Everything in

How to use tstats where with structured data source?

tstats shows an error if I include a JSON field in "where" clause. Same happens to CSV fields. For example, if my s...

by SplunkTrust in

mvexpand multiple multi-value fields: How do I turn my three multi-value fields into tuples?

I have a query that extracts useful info from a storage system report. rex "quota list --verbose (?<fs>[A-Z0-9_]+)...

by Explorer in

How to modify query to tabulate error codes and percent failure?

I am trying to create a query that returns a table showing counts of different error codes and percentage of transact...

by Explorer in

Help with a search for barcodes based by group?

I have a customer that would like to use Splunk to search for a set of devices by their respective barcodes. The d...

by Path Finder in

How to extract as below using universal forwarder props.conf?

I want to extract as below using universal forwarder props.conf Whatever data I have ...

by Communicator in

How to Capture & Compare _time from two searches using append ?

I am performing two searches in an attempt to calculate the duration, but am having some issues. Here is what I ha...

by Communicator in

Help with extracting JSON fields

Hi Team,I have the event in the below format and want to extract the key-value pairs as fields. Please help extrac...

by Path Finder in

Regex Issue using Rex command?

Hi,I have a field X with values similar to the following "device-group APCC1_Core_Controller pre-rulebase application...

by Builder in

Nested comparisons (using AND / OR with IF / CASE functions)- How would I add a second condition?

Hi everyone, I am attempting to implement some logic in my alert searches but I can't seem to figure out how ...

by Path Finder in

Why the error "sh: /opt/container_artifact/splunk-container.state: Permission denied"?

we are using ocp-4.10 deploying splunk/splunk:7.2.2 image but pod is going into crashbakloopoff state and in logs we ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to extract data from log message data using rex field=_raw? Sample data is

What would be the regular expression when using rex to match fields that end with a range of values?

How to find and extract a json object from a json array based on other json field?

Referencing a json element- how do I convert "data" into a parsed json?

Help with Regex to extract values

What is the difference between maxspan and timelimit?

If i want to create a macro, do i use ' ' or dollar signs?

How many email triggered in a day and how to schedule a report to the user?

TimeChart round values: How to create search?

How to create timechart with 4 count values?

How to use tstats where with structured data source?

mvexpand multiple multi-value fields: How do I turn my three multi-value fields into tuples?

How to modify query to tabulate error codes and percent failure?

Help with a search for barcodes based by group?

How to extract as below using universal forwarder props.conf?

How to Capture & Compare _time from two searches using append ?

Help with extracting JSON fields

Regex Issue using Rex command?

Nested comparisons (using AND / OR with IF / CASE functions)- How would I add a second condition?

Why the error "sh: /opt/container_artifact/splunk-container.state: Permission denied"?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

Get new exceptions stats by comparing two time ran...

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?