Splunk Search

Discussions

Thread Info

Writing rex to grep a value from the field

I have 3 different values to be extracted. Please help me in writing rex command here is the field values name="as...

by Explorer in

Splitting Entries into 2 columns for same field

I need AD auth events and some have multiple entries for Account Name field. One entry is a hyphen (-). Can someone h...

by New Member in

split fields upon indexing/ use regex to split fields

Hi, I have source data comma delimited like this from JMeter: timeStamp,elapsed,label,responseCode,responseMess...

by Path Finder in

Query to find the license usage by a particular host or index on a daily basis

I need to know the license usage of 5 indexes on a daily basis. All the options I have been trying gives me the licen...

by Path Finder in

How to extract particular value using regular expression?

In the below event "status" key has the value either "1" or "0" . I am looking out to extract those "status" having t...

by Explorer in

Search Time Range

Hi, I have a simple question, what is the difference between earliest=-15m with earliest=-15m@s? I could not fi...

by Explorer in

How to search currently active VPN sessions?

So my data has, for example, code 001 for connected and 002 for disconnected. Also, each VPN session has a unique ses...

by Explorer in

Why does my regular expression work in search, but it does not work in transforms.conf?

I'm having trouble converting a search string into a working regular expression in transforms.conf to send events to ...

by Path Finder in

How to find thrput of data being searched in Splunk?

We are planning to for a F5 load-balancer to be placed in front of the search heads. For sizing, how can I find out t...

by Communicator in

Why does the timechart command display inconsistent results when the time range is changed?

When I use the following search (some criteria obfuscated for security): index=main sourcetype=transaction applic...

by Path Finder in

Field Aliasing and any performance impact

Good morning! I am having to parse out Bro log files and with the help of the forum I was more than successful at doi...

by Builder in

How do I get a distinct list of users within the span of 1 day over 30 days?

I'm working on creating a report to monitor VPN usage based on unique user per day. I was able to get the format I wa...

by Communicator in

Lookup using an indexed log file

Hi guys I'm not an expert of Splunk. I was wondering if I can use a lookup to reference fields that are stored int...

by Communicator in

How to use timechart command to calculate the average of a field?

My raw data: Feb 7 18:18:23 impact 1 Gbps/137.54 Kpps, importance 2... Feb 7 18:18:23 impact 3600 Mbps/137.54 Kp...

by Path Finder in

Regex field != expression not matching

I have a query where I am performing regex matching on two different fields, field1 and field2. index=proxylogs uri!=...

by Explorer in

What exactly is a tsdix file?

what exactly is a tsidx file? Can someone explain please? I don't quite understand the definition: "A tsidx file ...

by Path Finder in

What are the differences between Splunk vs HP Arcsight as a SIEM tool?

Hi All, I am planning to start learning about Splunk. I wanted to know the difference between Splunk and HP Arcsig...

by Path Finder in

How can I show results for a field that is disabled and not re-enabled in a certain amount of time?

How can I show results for a field that is disabled and not re-enabled in a certain amount of time? I want to be a...

by Engager in

Values(x) showing too many results. Is there a way to limit the number of results to a field?

I am trying to limit the number of results shown when I use the values command. Here is my search: index="mydata" ...

by New Member in

How to generate a stats count search on field with interchanging values?

hi, looking to do a stats count something like below. Field1: A,B A B,A B,A,C A,C each row accounts for dif...

by Explorer in

Rex Help for fields extraction

Please help me with rex i have key and value in json format {"context":{ "sessionID":"1234567890", "eventSeverity...

by Communicator in

How to have a notable event search DHCP logs based on source in FW logs?

Hello i have been trying to figure this out for days now. i have logs coming in from multiple sources that only...

by New Member in

How to generate a search to compare the number of hosts in a CSV file to the number of hosts we are actually getting events from?

I have a list of Hostnames in a CSV. There are 2 fields 1) cn (hostname) and 2) ComputerType. I would like to compare...

by New Member in

How to edit my search to get the status of a log script?

log file:testscripts.log Date = 02/10/17 14:15:00,script = testscript, id = 29251, log=Script started Date = 02/10...

by New Member in

time difference of events

eval test_time = time() - _time | search (test_time > 1800 AND test_time < 86400)| I'm trying to see if the events...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Writing rex to grep a value from the field

Splitting Entries into 2 columns for same field

split fields upon indexing/ use regex to split fields

Query to find the license usage by a particular host or index on a daily basis

How to extract particular value using regular expression?

Search Time Range

How to search currently active VPN sessions?

Why does my regular expression work in search, but it does not work in transforms.conf?

How to find thrput of data being searched in Splunk?

Why does the timechart command display inconsistent results when the time range is changed?

Field Aliasing and any performance impact

How do I get a distinct list of users within the span of 1 day over 30 days?

Lookup using an indexed log file

How to use timechart command to calculate the average of a field?

Regex field != expression not matching

What exactly is a tsdix file?

What are the differences between Splunk vs HP Arcsight as a SIEM tool?

How can I show results for a field that is disabled and not re-enabled in a certain amount of time?

Values(x) showing too many results. Is there a way to limit the number of results to a field?

How to generate a stats count search on field with interchanging values?

Rex Help for fields extraction

How to have a notable event search DHCP logs based on source in FW logs?

How to generate a search to compare the number of hosts in a CSV file to the number of hosts we are actually getting events from?

How to edit my search to get the status of a log script?

time difference of events

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

How to extract elements of a json (not a json arra...

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions