Splunk Search

Discussions

Thread Info

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

I've been reading over the 6.2 documentation for the KV store and I'm not entirely clear on what the benefits are com...

by Builder in

Using a subsearch to match a string and a field.

Hi, In one of my indexes I've got a series of pipe separated fields which has one value expressed as so: 31.22:...

by Contributor in

Reusable knowledge objects

Fields created using the below methods will persist as a knowledge objects and are reusable in multiple searches ? ...

by Motivator in

Piping/nesting Transactions - is it possible?

Problem: I need to carry out a time-based correlation across three chained sourcetypes, sourcetype A and sourcetyp...

by Explorer in

Find like strings to detect phishing

I would like to run a search on my logs so they detect fuzzy like strings. So in my current example we received a phi...

by Path Finder in

Field Extractions off host name

Hello, Our naming convention has a relatively strict set of rules on it. e.g. datacenter+envionmentnumber+sec...

by Builder in

How to write a search to return hosts that have no results in a map search?

I have a search, lets say: sourcetype=foo earliest=-1d@d | map search="search host=$host$ earliest=@d sourcetype=b...

by Path Finder in

How can I extract a field value from a folder name?

I have a file that Splunk monitors stored in F:/xxx/2014/file.csv. Is there any way to dynamically take the 2014 fold...

by Communicator in

How to search for and remove indexes in Splunk that are not being used/searched by users?

Ideally I'd like to search Splunk to determine if anyone is searching a particular index. My use case is that I'd ...

by Engager in

How do you anonymize two recognized fields in Splunk?

Hello Splunkers, I am trying to follow the logic from the below URL to anonymize some field data on the fly. http:...

by Communicator in

How to extract a complex field

I have a log that has the following: Blah blah bloh HandleBusInfoMessage=31951592=460892.509; nextcommand Blah Handle...

by Explorer in

How to break events and extract fields from Scripted Input

Here is the sample data AppPoolName : TestApp PrivateMemory : 2000 State : Started Application : IdentityType : Ne...

by Path Finder in

Why isn't this regex returning anything?

When running the regex below, the search doesn't return any results even though the reg ex string works well on the e...

by Path Finder in

External IP location

Hi, We have set to receive alerts like Brute force, Port Scanning from external IPs. Is there anyway or query ...

by Explorer in

How to use regex to extract the last value in a line from a known field of a data model?

Hi guys, How to extract one portion of the data model when I have the name of the field. Sample: field: status, w...

by Contributor in

How to correct my regex to extract text from two or more lines?

Hi, Please let me know the regex to extract text from 2 or 3 more lines. For below log text : ClientIp=06516...

by Explorer in

Regex to extract exceptionmessage

Hi, I have five different types of exceptions and for that messages are logged as shown below : ClientIp=065162...

by Explorer in

Regex for two similar statements to put in transforms.conf ?

Hello, thanks for everyones assistance on MV_ADD=True response on my last question regarding multivalued pairs.. Now ...

by Communicator in

Can I disable clicking on items in table view when sharing search results?

When sharing a search result I would like to disable clicking on the individual table cells. I would still like to be...

by Path Finder in

How to get only first 3 events as a result for each event/Field?

I am attempting to get first 3 events for each user field for which user count>3. Basically what I am looking for...

by Path Finder in

"| delete" after lookup command

Hi, is it possible to use the delete command after a lookup? sourcetype=sourceA | lookup delete_lookup.csv ke...

by Motivator in

データサマリーから不要なデータを削除する方法

データサマリーで表示されるホスト、ソース、ソースタイプにおいて、不要なデータを削除しようと思います。現在V6.1.4（Windows 7)ですが、昔(V5)は、"| delete"を指定した場合、論理削除だけで物理削除は行われず表示...

by Explorer in

How can I replace only the field value if found using Automatic lookups?

I have a problem with my checkpoint logs and automatic lookup tables (although the problem is not specific to checkpo...

by Explorer in

Extract xml

Hi Splunkers, I would like to extract the following xml while indexing.. fields: host=0.0.0.1 source=mysourc...

by Motivator in

Selected fields in fields side bar

In order to be a selected field , doest that field must exist in every events ? Now host, source, sourcetype are t...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

Using a subsearch to match a string and a field.

Reusable knowledge objects

Piping/nesting Transactions - is it possible?

Find like strings to detect phishing

Field Extractions off host name

How to write a search to return hosts that have no results in a map search?

How can I extract a field value from a folder name?

How to search for and remove indexes in Splunk that are not being used/searched by users?

How do you anonymize two recognized fields in Splunk?

How to extract a complex field

How to break events and extract fields from Scripted Input

Why isn't this regex returning anything?

External IP location

How to use regex to extract the last value in a line from a known field of a data model?

How to correct my regex to extract text from two or more lines?

Regex to extract exceptionmessage

Regex for two similar statements to put in transforms.conf ?

Can I disable clicking on items in table view when sharing search results?

How to get only first 3 events as a result for each event/Field?

"| delete" after lookup command

データサマリーから不要なデータを削除する方法

How can I replace only the field value if found using Automatic lookups?

Extract xml

Selected fields in fields side bar

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions