Splunk Search

Discussions

Thread Info

How to extract this field which may have multiple values separated by pipes? (offerId="ABC_79|ABC_80|ABC_81|ABC_56" or offerId="ABC_79")

Hi, Can you help me with the search to extract the following? The offerId may come in the log as offerId="ABC_79|...

by Path Finder in

How to build a datamodel like this ?

My data consists of pairs of files, lets call them file_A_1...file_A_n, and file_B_1...file_B_n, where file_A_1 is co...

by Communicator in

Join Search Hitting Row Limit - Stats Alternative

HI, I wonder whether someone may be able to help me please. I'm trying to put together a query which looks for two...

by Motivator in

Can I get field extraction for XML data that is a data field in a JSON event?

I have event data coming into Splunk as JSON, that's all fine and works great, but one of the fields they are going t...

by New Member in

splunk chart issue

Hi , In splunk, I am trying to create chart for each day (24 hrs) with span of every minute. e.g. index="monito...

by Communicator in

Help Needed with Regular Expression

Hi All, i am newbie to splunk platform and seeking some help in writing a regular expression to pull a "" value f...

by Explorer in

How to edit my search to identify blocked network traffic and top the worst offenders?

Hello, I am trying to identify worst offenders for blocked traffic and then identify all of the locations they are...

by Explorer in

How do I search the network data model to track certain ports?

I'm very new to searching data models in Splunk and I want to search within my network data model to monitor certain ...

by New Member in

How to count a specified keyword?

I have some syslog string like that: Jan 29 14:26:12 10.9.8.10 Jan 29 14:06:32 C420-PLOI91903V0YL fault-engined: %...

by Path Finder in

How to use substr to extract the first character of a string and keep all characters up until the first space character?

I have a string nadcwppcxicc01x CPU Usage has exceeded the threshold for 30 minutes &I where I would like to create a...

by Explorer in

Regex search not working

So I have a couple of lines that I am trying to get info out of using regex and it's not going quite the way I was ho...

by Engager in

HTTP Event Collector: How do I resolve error "x509: cannot validate certificate because it doesn't contain any IP SANs"

I'm trying to submit logs to the HTTP Event Collector from a go application. I've correctly setup the Event Collector...

by Engager in

How do I add event time fields from email logs to my search output?

Scenario: I am looking for all recipients and senders of a specific email subject using the following search. (UI...

by Contributor in

XML field extraction not working on distributed search head

I have a 3 node search head cluster that backs on to a single indexer (its a test environment). All servers are 6.3.2...

by Influencer in

How to extract and create a new field from my sample event?

Hi, Need some help with Field extraction in the following event: [{\"email\":\"admin@yourstore.com\",\"smtp-id...

by Communicator in

On the visualization tab for the Search & Reporting app, how do I remove the table and only view the chart?

On the visualization tab for the Search app, how do I remove the table? I just want to view the chart. Real goal is t...

by Path Finder in

Is there a way to APPEND events based on a field value from main search?

I have a use case where a user will input a username and Splunk should return results for that username. But, there a...

by Builder in

How to calculate the difference between the counts from multiple searches?

How do calculate the difference between the count of the following searches. Tried to use the eval, but does not retu...

by Communicator in

How do I write the regex to extract the date portion of this search result?

I'm new to the Splunk community. I'm trying to extract the date portion of this search result M91040FA7104_Tue Jan...

by New Member in

Is it possible to know the amount of data passing through an ASA firewall

I would like to identify data ex filtration through my Cisco ASA firewalls. Is this possible? Can you provide a sampl...

by Path Finder in

Splunk Search

Discussions

How to extract this field which may have multiple values separated by pipes? (offerId="ABC_79|ABC_80|ABC_81|ABC_56" or offerId="ABC_79")

How to build a datamodel like this ?

Join Search Hitting Row Limit - Stats Alternative

Can I get field extraction for XML data that is a data field in a JSON event?

splunk chart issue

Help Needed with Regular Expression

How to edit my search to identify blocked network traffic and top the worst offenders?

How do I search the network data model to track certain ports?

How to count a specified keyword?

How to use substr to extract the first character of a string and keep all characters up until the first space character?

Regex search not working

HTTP Event Collector: How do I resolve error "x509: cannot validate certificate because it doesn't contain any IP SANs"

How do I add event time fields from email logs to my search output?

XML field extraction not working on distributed search head

How to extract and create a new field from my sample event?

On the visualization tab for the Search & Reporting app, how do I remove the table and only view the chart?

Is there a way to APPEND events based on a field value from main search?

How to calculate the difference between the counts from multiple searches?

How do I write the regex to extract the date portion of this search result?

Is it possible to know the amount of data passing through an ASA firewall

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

"Page not found" when trying to search through RES...

Splunk chart select zoom & reset zoom permanent

Calculate time taken from each failed task to next...

Using both earliest(_time) and latest(_time) toget...

InfoSec - Continuous Monitoring - Intrusion Detect...

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >