Splunk Search

Discussions

Thread Info

Help extracting from L15= so

Please help me extract NGN4000000 from L15= so I can have a field of TotalCash_In_ATM=NGN4000000. 2019-10-29 12:5...

by New Member in

Forcing a zero count in Time Chart

I'm producing a report for some service owners. It is designed to give them a breakdown of successes and failures spl...

by Contributor in

Search query result from two log statements.

Hi, I wanted to search result as count from two log statements. one log statement has value "...Out of stock ..." ...

by New Member in

Is it possible to use if else condition based on the search to create stats?

index=concourse sourcetype="deployments: csv" if project = * and team=$team$ | stats count by project, team elif team...

by New Member in

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

All my dashboards panels, written in Simple XML, default to Search Mode "Fast" when the "Open In Search" icon is sele...

by Explorer in

Help with some basic REGEX please?

In this string: Version=\x221.7.53a\x22 I want to capture everything in between \x22 and \x22 so the result on this s...

by Path Finder in

inverse join in Splunk

I have a search between two data sets using join, let's say sourcetype A and B. My search looks like this: sourcetyp...

by Explorer in

How to determine if forwarder weight distribution is good from search?

I need help figuring something out. Got this search during .conf19 to be used to do a Forwarder weight distribution s...

by New Member in

How can we find out whether a string has three open parentheses characters?

We would like to find out whether a certain string has three open parentheses characters in any order. Can we do it w...

by Motivator in

Help with Regex - Removing Text from Field

I have a field where results are 'some letter & number combination of 3 or 4 characters' that includes txt on the end...

by Path Finder in

How to regex match on back slash in character class?

I am trying to use a regex to extract a PowerShell script that is being executed in a way that also includes the dire...

by Path Finder in

dedup events with same timestamp ?

I am facing issues wherein the events with same timestamp are not showing in results, when I dedup based on time, but...

by Builder in

Need help getting grandparent/parent/child relationships to table

Hi, I have data in the following format from Microsoft Windows OS process executions: FileName,ProcessID,Parent...

by Explorer in

Help searching with not

Hi all, For some reason, my search doesn't work properly. The search is as the one below: ....| search NOT (x=3 ...

by Communicator in

Why is the same search producing different results on same dashboard?

I have created a dashboard with two separate graphs one which counts the total number of calls made to the hosts and ...

by New Member in

URL Decoding

i tried all splunk answers and doesn't seems like working for me. i have this search | rex mode=sed field=mess...

by Explorer in

Why does adding a comment change the number of rows returned by a search?

Using Splunk Enterprise 7.3.2 on a MacBook. Two searches on the same static (loaded-once) search index, same date ra...

by New Member in

How to get a multiselect form input to pass two types of values?

When creating a search using pivot/data model, I can add a filter that looks something like: FILTER Brand in (bra...

by Communicator in

Use a lookup file to tag IP blocks

So what I want to do is tag all IPs that belong to certain AWS regions and filter out those IPs. I want to try and ta...

by New Member in

How to make a string date UI sortable like _time?

I have a string date field and would like to sort it in a table by clicking the field. No, I do not want it displa...

by Motivator in

Splunk Search

Discussions

Help extracting from L15= so

Forcing a zero count in Time Chart

Search query result from two log statements.

Is it possible to use if else condition based on the search to create stats?

How to get searches to run in Smart or Verbose mode when selecting "Open In Search" from a dashboard panel?

Help with some basic REGEX please?

inverse join in Splunk

How to determine if forwarder weight distribution is good from search?

How can we find out whether a string has three open parentheses characters?

Help with Regex - Removing Text from Field

How to regex match on back slash in character class?

dedup events with same timestamp ?

Need help getting grandparent/parent/child relationships to table

Help searching with not

Why is the same search producing different results on same dashboard?

URL Decoding

Why does adding a comment change the number of rows returned by a search?

How to get a multiselect form input to pass two types of values?

Use a lookup file to tag IP blocks

How to make a string date UI sortable like _time?

Splunk Search

Problem replicating config (bundle) to search peer

Trying to get Variance by test type

Measure Memory Available_Bytes using sai_metrics_i...

search on aggregation