Splunk Search

Discussions

Thread Info

Removing punctuation from multivalue field and put value in own event?

I'm pretty sure the answer to my question is regex but I'm not too savy with it. I have a few values in an IP field f...

by Path Finder in

How do I get arbitrary nested key-value pairs from JSON?

I have some JSON that looks similar to this: { "foo": "bar", "x": { "hello": "world", "y": { "A": 40...

by Explorer in

Data extraction for msexchange subject field?

Hi Team, I need a rex command to extract subject field from the event _raw.. Currently i am splitting the fie...

by Path Finder in

Part2: How to join two different result sharing common field?

Let say I have a result belowindex = indextestsource=stest bunch of evals = evals sourcetype=sttext| table ID Sta...

by Path Finder in

Why does xmlkv only select last field?

Hello fellow splunkers, I'm posting here because I would gladly have help with the following query. Let's say I...

by Engager in

How to TimeChart for average function avg()?

I have this search that is working and returning a average Delay value:Search Command | eval epoch_timestamp=s...

by Path Finder in

Is it possible to add the same action to all of the alerts in one time?

Hello I need to add alert action to many alerts,Is it possible to add the same action to all of the alerts in one ...

by Communicator in

Why is my regex not matching?

My regex from the message field looks like this. | rex field=Message "\W(?<Hostname>\S+)\s\w+\W(?<Build>\...

by Communicator in

How to display fields from two queries only if timestamps match?

Hi, I have a query that is making two different searches and displaying the stats of each. Example:index="example"...

by Explorer in

How to create a table for number of uploads for the top users?

Hello All, I have been able to create a table that lists the top users that have been uploading files the most to ...

by Communicator in

How to extract fields from txt format?

Hello, I want to extract fiends from below log format. Can someone please help. Log format - 2023-03-21 04:14:1...

by Explorer in

How to use a Lookup File with Multiple Static or Dynamic Values?

We have a standard configuration for our workstations. Several of the fields are static but some are dynamic (but the...

by Path Finder in

How do I get the dashboard to show ONLY the highest count for the day?

HI So I have this dashboard showing the below. HBSS ACAS CMRSACAS CMRSHBSS89 92 ...

by Path Finder in

How to join two different result sharing common field?

Search 1. | inputlookup test1.csv | table ITEM1 ITEM2 Search 2. | inputlookup test2.csv | table I...

by Path Finder in

How to Make a Table for JSON Data?

I have the following JSON structure in my events. I am trying to figure out an SPL Query to format the JSON in a tabl...

by Explorer in

Fetch data from json string[]

I have a curl response which is json string[], I am able to fetch the data using split(), mvexpand() and then substri...

by Explorer in

How to Convert Epoch Time?

I'm running the below query to find out when was the last time an index checked in. However, in using this query the ...

by Communicator in

How to create two new fields from a single field?

I have a log set from FW's. These logs have a field called "src." From what I can tell, this field is populated with...

by Path Finder in

How to replace random substring in path?

Hi all, I want to replace random substrings in path: C:\Users\sjfklsj\Appdata\.... -> C:\Users\---\Appdat...

by New Member in

How to compare fields "list" and "standard"?

Hello everyone In the result of my search I got such results (last command was stats values(list) as list, values(...

by Contributor in

How to merge two searches where initial output is fed to lookup table?

I am working to merge two searches. The first search outputs one or more account names: index=x sour...

by Path Finder in

Help with lookup table

Hi, looking for splunk query having field name similar to field in lookup file with respective value in lookup fi...

by Loves-to-Learn Everything in

Why are there empty fields after a left join?

Hello fellows!I have a sourcetype called cmdb with a field called BIA to any src_host. After this join index=la...

by Path Finder in

How to pass the time from one query to another query?

Actually I want to pass the time from first query to second and get results out on basis of first query time.First qu...

by Path Finder in

How to extract non-english column?

Hi everyone, I have a column called "SCRN_NM" (name of screen) and only want to extract English data, not non-En...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Removing punctuation from multivalue field and put value in own event?

How do I get arbitrary nested key-value pairs from JSON?

Data extraction for msexchange subject field?

Part2: How to join two different result sharing common field?

Why does xmlkv only select last field?

How to TimeChart for average function avg()?

Is it possible to add the same action to all of the alerts in one time?

Why is my regex not matching?

How to display fields from two queries only if timestamps match?

How to create a table for number of uploads for the top users?

How to extract fields from txt format?

How to use a Lookup File with Multiple Static or Dynamic Values?

How do I get the dashboard to show ONLY the highest count for the day?

How to join two different result sharing common field?

How to Make a Table for JSON Data?

Fetch data from json string[]

How to Convert Epoch Time?

How to create two new fields from a single field?

How to replace random substring in path?

How to compare fields "list" and "standard"?

How to merge two searches where initial output is fed to lookup table?

Help with lookup table

Why are there empty fields after a left join?

How to pass the time from one query to another query?

How to extract non-english column?

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6