Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

comparing two field not working with eval case

I have search below .. |inputlookup biweekly_backup | join type=outer max=0 host [search index=tsm sourcetype="tsm...

by New Member in

How to edit my regex to extract all expected fields from my sample Blue Coat log?

I'm using the following regular expression: (?<timestamp>:"(\d{1,4}\-\d{1,2}\-\d{1,2}\s\d{1,2}:\d{1,2}:\d{1,2})"|(...

by Explorer in

How to highlight a cell in a table

I have a table and one of the column is for URLs. I want to highlight the URLs in blue color. Please let me know how ...

by New Member in

Are data model summaries linked to the original events? Can tstats access them?

With tstats, I can't seem to get access to the original events. Even in "verbose" mode, the "Events" tab contains onl...

by Contributor in

How to change the font color in Simple XML for each line series in a timechart?

I have a timechart with 3 line series: A,B and C Now, I have used series colors in Simple XML to change the colors...

by Champion in

How to get a field from a lookup

ok, here is my dilemma I have a lookup table like this: _raw,sourcetype,alertMessage,severity *Reloading repos...

by Contributor in

Join not working for two different searches

Hi, I'm doing two searches with custom rex extraction of fields. For both searches, I have named all the fields I ext...

by Communicator in

How to find the number of times a specific field value has been present over time

I'm trying to find the average time (in weeks) it takes to patch specific network vulnerabilities. I take in data fro...

by New Member in

How can I do timechart (or something similar) starting from a specific minute?

I have an alert that runs every hour at the half hour mark. So at 1:30, 2:30, etc... When I run the timechart command...

by Communicator in

How do I create a field that contains only specific values to disregards events that could be considered a match?

I am trying to create new fields to search across multiple sources. I have two problems: When searching for data o...

by New Member in

How to match match IP addresses with a lookup table that only contains IP subnets?

Dear Team, What i am trying to achieve is like this: I have a lookup table with many subnets. I am trying to match...

by Explorer in

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

Hello, I'm working on a search for blackboard that will return users who have failed to log in more than 3 times i...

by Path Finder in

How to edit my search to create a field using eval?

Currently working on an integration betweek Splunk and RSA Archer eGRC. We are working with the security operations m...

by New Member in

How to get rangemap to change the color of bars based on evaluated heap percentage used?

how do I change the colors of my bar chart to red, yellow, and green? Here is my query: index=xyxy env=PROD profil...

by Path Finder in

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

Hi, I have a table with 3 fields in it MSO (a name field) Trend (a Sparkline) Percentage (numeric) When a us...

by Motivator in

How can I optimize and improve the performance of my search?

index=bigfix sourcetype=software | eval Hashes_allow_or_deny = if((sha256_allow_or_deny=="*deny*") OR (md5_allow_or_d...

by Explorer in

How do I use results from a search in my custom command?

I'm trying to use data from a search in a custom command. source | scrapy url=uri This gives me the following ...

by Explorer in

How do I write a search to filter out certain values for a field?

Hey Fellow Splunkers I have an issue when searching for similar events that are only unique by one character. ...

by Path Finder in

Using "stats count by" after "case eval", why am I not getting any results?

Hello, I'm trying to change a value of a field using eval case then do a stats count based on that field. I'm gett...

by Explorer in

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

I want to alert based off a current value and if that value increases over a threshold within a set time. I want t...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

comparing two field not working with eval case

How to edit my regex to extract all expected fields from my sample Blue Coat log?

How to highlight a cell in a table

Are data model summaries linked to the original events? Can tstats access them?

How to change the font color in Simple XML for each line series in a timechart?

How to get a field from a lookup

Join not working for two different searches

How to find the number of times a specific field value has been present over time

How can I do timechart (or something similar) starting from a specific minute?

How do I create a field that contains only specific values to disregards events that could be considered a match?

How to match match IP addresses with a lookup table that only contains IP subnets?

need help editing my search to find users who have failed to log in more than 3 times in 10 minutes, then successfully logged in

How to edit my search to create a field using eval?

How to get rangemap to change the color of bars based on evaluated heap percentage used?

How to customize a drilldown so users can only click on the field name in a table, not the sparkline or percentage?

How can I optimize and improve the performance of my search?

How do I use results from a search in my custom command?

How do I write a search to filter out certain values for a field?

Using "stats count by" after "case eval", why am I not getting any results?

How to create an alert to trigger based on a current value, and if that value increases over a threshold within a set time?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...