Splunk Search

Discussions

Thread Info

How to make regex not search specific fields?

Basically, I want to perform a regex search for a number that is, for example, 50 digits long, but I know for sure th...

by Explorer in

Multi-line event and props.conf

I've got something that is confusing me. I've got a file, /logs/oud_ds/audit, of raw events that looks like this #...

by Contributor in

Search lookup for non-matching values

I have the following search (MySearch), which is tied to an alert. index=exchange_smtp Context=authenticated OR E...

by Engager in

Substring of URL in own field - remove everything prior to first / and everything after ?

I am trying to pull out a substring from a field and populate that information into another field. Its a typical URL ...

by Explorer in

Comma separated field value, adding a carriage return

Hi folks, I think this should be easy, but it is hard to search for the solution because the terms I'm using are b...

by Communicator in

how to rex field number of infected file for clamav scan report?

Jul 10 06:59:22 icopenstack01 clamav[9040]: Infected files: 0 source = /var/log/remote/icopenstack01.log sourcetype =...

by Explorer in

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

The following search: sourcetype=my_log_type | timechart count by conn_type generates the chart I want, with o...

by Builder in

What kind of syntax is limit and span?

I noticed that limit and span always turn green. What kind of component are they? For instance: blue is used for c...

by Path Finder in

Work of OR/AND condition search query based on the match & should give the result.

Hi Team, I am trying to populate a panel on the dashboard on the basis of two input fields Profileid & Transact...

by Explorer in

Unrelated lookup table goes missing after setting [replicationBlacklist]

Hi all, we have a non-clustered distributed Splunk. It has a number of big lookup files that are updated regularly. A...

by Path Finder in

Regex help in transforms : key-value extraction and assigning to key

I'm trying to match key-value pair within an SNMP trap message whereby the KEY and VALUE are present in two fields ...

by Super Champion in

How to edit my search to create a table grouped by User based on multiple events?

Hi, I am struggling with the correct way to approach this. I have VPN data that performs 5 posture checks before c...

by Explorer in

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Can you please help with the following search? It returns 0 events. I want all the errors that occurred today, and no...

by New Member in

Best practice for forwarding data to a differently named index?

I have three independent geographic sites, A, B, C. A forth site, Z, needs a searchable copy of all data from A, ...

by Engager in

Does transforms.conf support a regex group based rerouting?

Hi all; I am trying to build some logic for a docker/k8s integration that we are doing through fluentd. Basically ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to make regex not search specific fields?

Multi-line event and props.conf

Search lookup for non-matching values

Substring of URL in own field - remove everything prior to first / and everything after ?

Comma separated field value, adding a carriage return

how to rex field number of infected file for clamav scan report?

How do you make output from xyseries generate the same _time-based X-axis labels as timechart?

What kind of syntax is limit and span?

Work of OR/AND condition search query based on the match & should give the result.

Unrelated lookup table goes missing after setting [replicationBlacklist]

Regex help in transforms : key-value extraction and assigning to key

How to edit my search to create a table grouped by User based on multiple events?

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Best practice for forwarding data to a differently named index?

Does transforms.conf support a regex group based rerouting?

Enterprise Security Content Update (ESCU) | New Releases

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

BotS member needed !

To set up alert using saved search and map command

How to compare 2 lookups and highlight any changes...

How to change pie chart font color from within Spl...

Users with the same roles, in the same app, and sa...