Splunk Search

Ask a Question

Discussions

Thread Info

REX IP Address extraction

Hi, I have this search in attempting to extract the IP address, but no luck. blah....|rex "beta.icontrol.com\s(...

by Motivator in

What is a regular expression that ignores whitespace and text, and captures only numbers of varying lengths?

I'm trying to write a regular expression that will find only the numbers in the string of text below: MemTotal: 16...

by New Member in

How to extract a string from a field to use in another search?

So I am new to Splunk, but cannot seem to find the answer to this likely simple search question. So I need to search ...

by Explorer in

Are there best practices with handling duplicate hostnames/IPs across multiple data centers in Splunk?

I was talking with someone who may have assets with the same IP across multiple data centers. In other words, the sam...

by Splunk Employee in

How can I get time span buckets to be relative to now?

I have a query like the following that I am using to trend the number of users active in an application during a give...

by Builder in

Get different element between 2 sources with join or other command?

Hi guys, I have 2 sources, historical and current, i need to catch the new events in my monitor, so i compare curr...

by Path Finder in

Whitelist regex in Windows Universal Forwarder don't work

Hello. I need to monitor events with EventCode="4656 on windows server. But only events with string "ObjectType: F...

by Explorer in

Error message in sourcetype

i have a file with filed date like 03/08/2016 09:25 GMT+02:00 My sourcetype doesn't work with %d/%m/%Y %H:%M %Z%z...

by New Member in

comparing two field not working with eval case

I have search below .. |inputlookup biweekly_backup | join type=outer max=0 host [search index=tsm sourcetype="tsm...

by New Member in

How to edit my regex to extract all expected fields from my sample Blue Coat log?

I'm using the following regular expression: (?<timestamp>:"(\d{1,4}\-\d{1,2}\-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2})"|(...

by Explorer in

How to highlight a cell in a table

I have a table and one of the column is for URLs. I want to highlight the URLs in blue color. Please let me know how ...

by New Member in

Are data model summaries linked to the original events? Can tstats access them?

With tstats, I can't seem to get access to the original events. Even in "verbose" mode, the "Events" tab contains onl...

by Contributor in

How to change the font color in Simple XML for each line series in a timechart?

I have a timechart with 3 line series: A,B and C Now, I have used series colors in Simple XML to change the colors...

by Champion in

How to get a field from a lookup

ok, here is my dilemma I have a lookup table like this: _raw,sourcetype,alertMessage,severity *Reloading repos...

by Contributor in

Join not working for two different searches

Hi, I'm doing two searches with custom rex extraction of fields. For both searches, I have named all the fields I ext...

by Communicator in

How to find the number of times a specific field value has been present over time

I'm trying to find the average time (in weeks) it takes to patch specific network vulnerabilities. I take in data fro...

by New Member in

How can I do timechart (or something similar) starting from a specific minute?

I have an alert that runs every hour at the half hour mark. So at 1:30, 2:30, etc... When I run the timechart command...

by Communicator in

How do I create a field that contains only specific values to disregards events that could be considered a match?

I am trying to create new fields to search across multiple sources. I have two problems: When searching for data o...

by New Member in

How to match match IP addresses with a lookup table that only contains IP subnets?

Dear Team, What i am trying to achieve is like this: I have a lookup table with many subnets. I am trying to match...

by Explorer in

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

Hello, I'm working on a search for blackboard that will return users who have failed to log in more than 3 times i...

by Path Finder in

How to edit my search to create a field using eval?

Currently working on an integration betweek Splunk and RSA Archer eGRC. We are working with the security operations m...

by New Member in

How to get rangemap to change the color of bars based on evaluated heap percentage used?

how do I change the colors of my bar chart to red, yellow, and green? Here is my query: index=xyxy env=PROD profil...

by Path Finder in

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

Hi, I have a table with 3 fields in it MSO (a name field) Trend (a Sparkline) Percentage (numeric) When a us...

by Motivator in

How can I optimize and improve the performance of my search?

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_d...

by Explorer in

How do I use results from a search in my custom command?

I'm trying to use data from a search in a custom command. source | scrapy url=uri This gives me the following ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

REX IP Address extraction

What is a regular expression that ignores whitespace and text, and captures only numbers of varying lengths?

How to extract a string from a field to use in another search?

Are there best practices with handling duplicate hostnames/IPs across multiple data centers in Splunk?

How can I get time span buckets to be relative to now?

Get different element between 2 sources with join or other command?

Whitelist regex in Windows Universal Forwarder don't work

Error message in sourcetype

comparing two field not working with eval case

How to edit my regex to extract all expected fields from my sample Blue Coat log?

How to highlight a cell in a table

Are data model summaries linked to the original events? Can tstats access them?

How to change the font color in Simple XML for each line series in a timechart?

How to get a field from a lookup

Join not working for two different searches

How to find the number of times a specific field value has been present over time

How can I do timechart (or something similar) starting from a specific minute?

How do I create a field that contains only specific values to disregards events that could be considered a match?

How to match match IP addresses with a lookup table that only contains IP subnets?

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

How to edit my search to create a field using eval?

How to get rangemap to change the color of bars based on evaluated heap percentage used?

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

How can I optimize and improve the performance of my search?

How do I use results from a search in my custom command?

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Answers Content Calendar May 2025!

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions