Splunk Search

Discussions

Thread Info

How to join 2 results and use transaction to display calls within a 3 second timespan for weblogic access logs?

in weblogic access log, i need to join 2 results and use transaction to display the calls within 3s timespan, but thi...

by Path Finder in

Help with hostname regex

I have concocted a basic regular expression to find all Splunk indexes from matching hosts. The idea of the regex is ...

by Engager in

How to build an external static lookup table for Firewall ACL auditing to match on dst_port and determine if the port matches an existing ACL rule?

Hello Splunk Answers, I am looking to build a static lookup table for Firewall ACL lookup. Essentially, I would li...

by Explorer in

How do I keep a sum total of events before a dedup?

Not sure if I am 100% clear in the question, but here is what I am looking to do. I have a stream of incoming message...

by Path Finder in

Why searching for a string with comparison operator "!=" returns the same source file name as "="?

Hello: I have a single source file that contains a string of interest. When I run this query I get a single cor...

by Engager in

How to write a search to use regex to extract multiple fields from a log line and find the total count of all matched patterns?

I've looked through several of the other questions related to this one, but they were either unanswered, or answered ...

by Explorer in

How to truncate a field value after a regex pattern?

How can I truncate a field value after a given pattern. For example, if I am looking at web page logs, how can I trun...

by Explorer in

How to write the regex to break before my multiline event?

I have two types of events. The first type is one-line: Aug 17 2014 00:03:17 IBRA-S-CX600-2 HWCM/4/CFGCHANGE:OID 1...

by Engager in

Regex to remove single quote

index=whatever* sourcetype=server earliest=-3d | table USERNAME CLIENT_VERSION_IN |where NOT isnull(SU_USERNAME_IN...

by Explorer in

case and isnull for multiple fields

HI, Working on a query that if one field is null then it uses another field and if that field isnull it uses anoth...

by Contributor in

Excels' Networkdays equivalent in Splunk

Is there an equivalent or something like Networkdays from excel in Splunk?? I want to calculate the duration between ...

by Explorer in

How to set the color of bars in a bar chart?

I need a help. For the below mentioned bar chart, I want to change the colors of bar. Like: No_of_Mod_Ops =...

by Explorer in

Why is the same search query used before & after the appendcols command producing different results in those 2 columns?

When I run "index=abc | table bytes | head 10", it returns: bytes 1665 1369 2252 893 3920 356 1803 1718 2833 533 ...

by Explorer in

How can I get actual host names or IPs for Rapid7 Nexpose data in Splunk?

The Nexpose app uses the API to get data into Splunk. The problem is that the vulnerability events don't have actual ...

by SplunkTrust in

How to sort by row totals from highest to lowest?

Hi Folks, I'm having problems sorting a chart. I want to take the overall totals in one row and sort by that. Here's ...

by Communicator in

How to display a table with bandwidth by category for Cisco WSA data?

Hi everyone, I have a Splunk server receiving Cisco WSA data. I need to display in a table bandwidth by category, ...

by Communicator in

How to search multiple indexes and join field values that don't exactly match?

Hi, I need to search in multiple indexes but the field values won't match exactly so a straight join will not prod...

by New Member in

How to build a regex for a field extraction that will match a portion of the domain for the field?

I'm looking at sendmail logs and I'm trying to pull out a portion of the domain name based on the relay. I've tes...

by New Member in

Is there a way to determine if transactions overlap?

Is there a way to determine if transactions overlap, and if so which transactions? If so, can any interesting things ...

by Contributor in

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

I've been reading over the 6.2 documentation for the KV store and I'm not entirely clear on what the benefits are com...

by Builder in

Using a subsearch to match a string and a field.

Hi, In one of my indexes I've got a series of pipe separated fields which has one value expressed as so: 31.22:...

by Contributor in

Reusable knowledge objects

Fields created using the below methods will persist as a knowledge objects and are reusable in multiple searches ? ...

by Motivator in

Piping/nesting Transactions - is it possible?

Problem: I need to carry out a time-based correlation across three chained sourcetypes, sourcetype A and sourcetyp...

by Explorer in

Find like strings to detect phishing

I would like to run a search on my logs so they detect fuzzy like strings. So in my current example we received a phi...

by Path Finder in

Field Extractions off host name

Hello, Our naming convention has a relatively strict set of rules on it. e.g. datacenter+envionmentnumber+sec...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to join 2 results and use transaction to display calls within a 3 second timespan for weblogic access logs?

Help with hostname regex

How to build an external static lookup table for Firewall ACL auditing to match on dst_port and determine if the port matches an existing ACL rule?

How do I keep a sum total of events before a dedup?

Why searching for a string with comparison operator "!=" returns the same source file name as "="?

How to write a search to use regex to extract multiple fields from a log line and find the total count of all matched patterns?

How to truncate a field value after a regex pattern?

How to write the regex to break before my multiline event?

Regex to remove single quote

case and isnull for multiple fields

Excels' Networkdays equivalent in Splunk

How to set the color of bars in a bar chart?

Why is the same search query used before & after the appendcols command producing different results in those 2 columns?

How can I get actual host names or IPs for Rapid7 Nexpose data in Splunk?

How to sort by row totals from highest to lowest?

How to display a table with bandwidth by category for Cisco WSA data?

How to search multiple indexes and join field values that don't exactly match?

How to build a regex for a field extraction that will match a portion of the domain for the field?

Is there a way to determine if transactions overlap?

What are the benefits of the KV store vs a traditional lookup table in Splunk 6.2?

Using a subsearch to match a string and a field.

Reusable knowledge objects

Piping/nesting Transactions - is it possible?

Find like strings to detect phishing

Field Extractions off host name

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions