Splunk Search

Discussions

Thread Info

Simple example of passing Splunk search results to an R script and displaying the results?

The example provided by SPLUNK for an R script uses the addr.r script that does not use SPLUNK search results. Can yo...

by Explorer in

How to run a search if another search does not return any results?

Hey all, I have two searches that both run independently of one another. They both work fine by themselves. Now, I...

by Explorer in

rex expression without resorting to mode=sed

Hi! I am changing a string in the host field of output with this format ZX3B1093200198A ZX3B1093200198B The...

by Explorer in

How to use rex for search time field extraction for syslog events?

Im trying to run a search time query on some syslogs and having issues with the format and Im new to regex. Below ...

by Path Finder in

How to check if a field only contains a -z and doesnt contain any other characters using rex?

How to check if a field only contains a-z and doesn't contain any other character using Rex.

by Path Finder in

How to set missing data values to zero?

Hi, I want to track good requests (http=200) vs bad requests (http>399)and i have used the below query. But someti...

by Contributor in

results greater then a stat's column

Splunk big time NOOB here. I'm trying to find IP's that are logging into our FTP server with more then one FTP Use...

by Explorer in

How to autofill field name with field extraction or dynamic rex statement?

So I have the following data in the log file and would like to be able to search on the specific field name, but unfo...

by Explorer in

format splunk table

I have 3 fields date, hour & count(X). can someone please tell me how to forma table like below...count of X ...

by Path Finder in

Conditional search for multiple IP ranges

Hello there! We´re trying to plan the best way to search multiple IP ranges that possibly can going through squid ...

by New Member in

Not creating iis fields (time-taken) with splunk 6.1 and iis 7 w3c logs

Looking at documents it appears that IIS w3c logs should auto create all the fields in the header. Am I wrong about t...

by New Member in

How to join two indexes by non unique fields?

Index1 with fields (name, "team id", surName) Index2 with fields (userId, correlationId, operation) Questions1: I ...

by Path Finder in

How to get where function to work with inputlookup?

In an attempt to reduce the number of lookup tables we use we have created a master lookup table that has many column...

by Builder in

How to categorize phone numbers in VOIP PABX logs in Splunk ?

Hi Splunkers, We have an VOIP PABX that is generating logs. Those logs are being indexed by Splunk. In those logs...

by Communicator in

Rex command: Help with regex to extract fields containing credit card numbers

Hello, I have a problem with splunk search. What I need to do is to do a search from the fields containing CC num...

by Explorer in

How to remove a field from WMI search query results in Splunk?

I have configured below query in wmi.conf wql = select Caption,State from Win32_Service where Name like '%BlackBer...

by Communicator in

How to get stats command to calculate with precision for numbers in scientific notation?

I have found that the stats command's output doesn't use scientific notation. This means that if I need to calculate ...

by Communicator in

Why am I getting blank rows extracting a multi line XML file with xmlkv and regex?

I am trying to extract a multi line XML file with many <title>blah</title> elements. Using sourcetype="schedule" ...

by New Member in

How make a table with key and value columns and change a field's name?

The table we want to make looks something like this: ---------- key | value -------- someName | someValue so...

by Explorer in

Invalid latest event date in the Home ->Data section?

We are indexing data into Splunk every day and its coming in the search results, but Splunk home page (Splunk version...

by Builder in

How to configure props.conf to extract fields and line break multiple XML files?

Hi I'm new to splunk. I'm trying to index multiple XML files that look like: <?xml version="1.0" encoding="UTF-...

by New Member in

How to extract dynamic key value pairs in mixed data from DB Connect app?

I am indexing a string for the DBConnect where one of the fields stores a modified data in one of the cells. In a sub...

by New Member in

Distinct count of all unique email addresses which do not end with certain domain names

I want to count all unique email addresses in a multi-value "to" field which do not end with certain domain names. ...

by Motivator in

Multiple drilldown from a chart to a table to a table

I have a bar chart and the user clicks on a bar and it then displays a table corresponding to the bar that was clicke...

by Contributor in

Read time out while opening Job manager in Splunk UI

Hi, I am getting the below error while opening Job manager in splunk UI. [JobManager module] Splunkd daemon is ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Simple example of passing Splunk search results to an R script and displaying the results?

How to run a search if another search does not return any results?

rex expression without resorting to mode=sed

How to use rex for search time field extraction for syslog events?

How to check if a field only contains a -z and doesnt contain any other characters using rex?

How to set missing data values to zero?

results greater then a stat's column

How to autofill field name with field extraction or dynamic rex statement?

format splunk table

Conditional search for multiple IP ranges

Not creating iis fields (time-taken) with splunk 6.1 and iis 7 w3c logs

How to join two indexes by non unique fields?

How to get where function to work with inputlookup?

How to categorize phone numbers in VOIP PABX logs in Splunk ?

Rex command: Help with regex to extract fields containing credit card numbers

How to remove a field from WMI search query results in Splunk?

How to get stats command to calculate with precision for numbers in scientific notation?

Why am I getting blank rows extracting a multi line XML file with xmlkv and regex?

How make a table with key and value columns and change a field's name?

Invalid latest event date in the Home ->Data section?

How to configure props.conf to extract fields and line break multiple XML files?

How to extract dynamic key value pairs in mixed data from DB Connect app?

Distinct count of all unique email addresses which do not end with certain domain names

Multiple drilldown from a chart to a table to a table

Read time out while opening Job manager in Splunk UI

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...