Splunk Search

Discussions

Thread Info

I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value?

by New Member in

How can I identify duplicates in a multivalue field based on the value of another field?

I need to be able to identify duplicates in a multivalue field. The difficulty is that I want to identify duplicates ...

by Builder in

Tokens and Evals

I am trying to set up a form input and I feel like I'm missing some basic understanding of how tokens work. Our data ...

by Communicator in

How do I display fields in two separate indexes

I have two separate indexes for example index A and index B. I need to display one field from index A and one field f...

by New Member in

How to split a row by 2 field values

I have a sample data which I am trying to split over 2 fields. For Example: In above image we have a te...

by Explorer in

Transaction with multiple startswith conditions

Hi, I'm looking to get a duration for a transaction that has multiple startswith conditions they are BUFFERING ...

by Motivator in

Makemv command question

What is the best way to use the Makemv command when my logs have no delimiter? For example: field=abcd Where a,...

by Path Finder in

How can I monitor the usage of hundreds of specific email addresses?

I want to upload hundreds of email addresses in some format, so as to track the activity of each of those email addre...

by Explorer in

Detect identical events but different hosts

Hello, I am searching all identical events that came from 2 different hosts. Dedup is not working because the ...

by New Member in

stats by date_hour and by another field add zero count for hours with no events

Hello, I'm working on a search to report the count of data by hour over any specified time period. At the moment i...

by New Member in

How to work out Total Staff numbers Entering Buildiing Each Day and Weekly Total

Afternoon Splunk Community Can you help me solve a problem? I have been asked to supply a report showing number...

by New Member in

i have 40 use cases to evaluate status or incidents in a log file? What programming approch should i follow, how can i use CASE statement here?

I have 40 usecases. I have 800+ incidents in incident log file Every inicident should be evaluated by these 40 useca...

by New Member in

Problem pulling multiple values from field-extraction within a subsearch

Good day. I am trying to use a subsearch to extract SSL certificate Subject Alternative Names (SAN) from Nessus scan ...

by Explorer in

multivalue field search time extraction

Here is part of two raw log messages "memberOf=CN=AU-SG NAT_ClientReadyApp,OU=UniversalGroups,OU=Groups,DC=au,DC=t...

by New Member in

SPL to take a field and make it a different "word"

Palo Alto has a field called “flags”. It can have several hex type entries, but what I’m interested in is whether or ...

by New Member in

Regular expression and aggregate the result

Assume the following records: Nov 17 19:24:51 x.x.x.x Nov 17 19:24:51 myserver (appx): 1510943091.801 520 192.168....

by Explorer in

Query return value if NULL event

I have a query I'm working on where not all the values I feed it are in the index I am querying against. For exam...

by New Member in

Table showing when a a user started an action but didn't finish it with the first and last event times

Hey guys, Looking for some help with a search. When a user starts first logs into an application to on board thems...

by Communicator in

Two queries with different timeframes using join. Is there a more efficient way?

Hi there. I am new to SPL and wondering how to make a particular query more efficient. In particular, I want to creat...

by New Member in

Where do the automatic lookups reside?

We have a couple of automatic lookups and I don't see them in the SH under /opt/splunk/etc/apps/<app_name>/lookups ...

by Ultra Champion in

Get Updates on the Splunk Community!

Splunk Search

Discussions

I've a log in which instead of X=Y, it is present as "X":"Y". How do I extract X as a field and Y as its value?

How can I identify duplicates in a multivalue field based on the value of another field?

Tokens and Evals

How do I display fields in two separate indexes

How to split a row by 2 field values

Transaction with multiple startswith conditions

Makemv command question

How can I monitor the usage of hundreds of specific email addresses?

Detect identical events but different hosts

stats by date_hour and by another field add zero count for hours with no events

How to work out Total Staff numbers Entering Buildiing Each Day and Weekly Total

i have 40 use cases to evaluate status or incidents in a log file? What programming approch should i follow, how can i use CASE statement here?

Problem pulling multiple values from field-extraction within a subsearch

multivalue field search time extraction

SPL to take a field and make it a different "word"

Regular expression and aggregate the result

Query return value if NULL event

Table showing when a a user started an action but didn't finish it with the first and last event times

Two queries with different timeframes using join. Is there a more efficient way?

Where do the automatic lookups reside?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month