Splunk Search

Ask a Question

Discussions

Thread Info

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = ab...

by Builder in

Is there a search or command that will number rows in a table?

is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id...

by New Member in

Grouping a "time" span from one true value to another

I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a...

by Path Finder in

How to edit my search to format String to Number with fieldformat for all 60 columns?

Hey guys Is there a quick way to format data? I want to format data like this <search> |fieldformat test1a=tonumb...

by Path Finder in

Which users have done this but have not done that ?

Hello there, I'm struggling a little bit with the search language, booleans, eventtypes and stuff ... I can't find...

by Communicator in

How to exclude last 3 values in the search results.

Hi , I need exclude the values last 3 three values from the search results. Can someone please help me on this. ...

by Explorer in

SEDCMD: to filter the character between the user

Curently our proxy logs with user having special characters inbetween. ref: DC=local/bob\, tom I have created a pr...

by Path Finder in

OR operator problem

Hi all, Hey, what's wrong with the next search structure? I'm using OR operator because the field names are diffe...

by Path Finder in

Is there a way to speed up my search through millions windows security logs?

Doing some long-tail analysis and I am running in Fast Mode but the query for 24 hours is taking a long time. Plea...

by Contributor in

best tips for speeding up searches?

by Explorer in

Group full auditd (rlog) EXECVE commands by User?

Hello, I have been trying to write some custom searches against linux auditd logs to get a list of all commands ex...

by Engager in

inputlookup format to insert wildcard * is it possible?

inputlookup like: user mailbox smithj john smith bloggsj joe bloggs search string: | inputlook...

by Path Finder in

Need help on finding daily hourly max for a month for a timechart

Hi All, I am pretty new to splunk and trying to figure out a splunk search query. I am extracting a monthly report...

by Explorer in

unable to filter specific source with REX

i have data coming from different sources (catalina,sailpoint,accesslogs,etc) now i want to filter it into different ...

by Loves-to-Learn in

Extract out the first line of results from Transaction command

Hello guys, I have a sample log that looks like this: DATE, TIME, LOGIN, IP_ADDRESS, USERID, EMPLOYEE_ID, WORKS...

by Path Finder in

Show meesage if no results but continue applyng commands if there are results

I have a following query: index=main source=mylogsource.log "Response Message:*" "234998102" | ifnoresults ---> (...

by Engager in

Why does the timechart command give different values than stats command?

Hi, I am getting difference in count while using stats in piechart and with same search with timechart in line gra...

by Path Finder in

Splunk rex bring back sql query

Hi Guys, I'm hoping someone can help. I have log data which is generated from SAS EG. I want to create a report wh...

by New Member in

what is difference between if search head fetching data from stand alone indexer and index clusterding environment

Hi Folks, what is difference between if search head fetching data from stand alone indexer and index clustering en...

by Explorer in

For large lookups, should I use the kv store?

Hi, I am developing a dashboard and search that needs to utilize a large lookup file (75k lines) that gets generat...

by Champion in

Case insensitive field extraction and reporting

Hi, I am trying to extract a field from logs and generate report from it. Basically, I am trying to identify the a...

by Explorer in

EventCode 4672 extraction prob?

Hi, did anyone also figure out that the 4672 Windows Event is not completly extracted by splunk? 4672 is a impo...

by Path Finder in

Chart increment problem (decimal not integer)

Hello guys, I've a problem : I can't set integers for the X axis, I have sometimes decimal values : XML...

by Motivator in

Regex in transform.conf delete text in the middle

I'm having some trouble to delete the text in "plugin_set". Sample Incoming data: {"plugin_family": "somestuf...

by New Member in

Is there a way to auto adjust the Y-value to just show the significant part of the chart?

All, Often times I just want to see the delta, not the sum of a timechart. Any ideas on if there is a way have Sp...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

Is there a search or command that will number rows in a table?

Grouping a "time" span from one true value to another

How to edit my search to format String to Number with fieldformat for all 60 columns?

Which users have done this but have not done that ?

How to exclude last 3 values in the search results.

SEDCMD: to filter the character between the user

OR operator problem

Is there a way to speed up my search through millions windows security logs?

best tips for speeding up searches?

Group full auditd (rlog) EXECVE commands by User?

inputlookup format to insert wildcard * is it possible?

Need help on finding daily hourly max for a month for a timechart

unable to filter specific source with REX

Extract out the first line of results from Transaction command

Show meesage if no results but continue applyng commands if there are results

Why does the timechart command give different values than stats command?

Splunk rex bring back sql query

what is difference between if search head fetching data from stand alone indexer and index clusterding environment

For large lookups, should I use the kv store?

Case insensitive field extraction and reporting

EventCode 4672 extraction prob?

Chart increment problem (decimal not integer)

Regex in transform.conf delete text in the middle

Is there a way to auto adjust the Y-value to just show the significant part of the chart?

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions