Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Splitting a Field into multiple values - separating date from time

Hi, I have a field called Submit Date and it's format is like this: 10/21/2014 11:26:05 AM I'm trying to separate ...

by Builder in

How to get a year over year comparison in a search?

using this articles advice (http://blogs.splunk.com/2012/02/19/compare-two-time-ranges-in-one-report/) i am tryin...

by Explorer in

How to join two sets of data on a field and get the results that don't have corresponding matching data?

I have two sets of data, both sets have a common field with common value, when i use join command i am able to find t...

by Path Finder in

Can the universal forwarder monitor event logs and filter out events using regex in whitelist?

Can the universal forwarder monitor event logs and filter out events using REGEX in whitelist for eg: [WinEventLog://...

by Path Finder in

how to replace a multiple character to one character

Hi, I want to replace all ":*" character means :: ::: :::: and so on with only singel ":" character. for Location ...

by Contributor in

How to combine and chart data from multiple files in the same folder, but only if a certain type of file exists?

Hi, I am new to splunk and need help with my use case below. Whenever a request is made to my application, it will...

by New Member in

Searching transactions for field/values set in the same event

I have records of 3 forms: { "event": "START|MIDDLE|END", "wasSuccessful": true/false, "trans_id": <int> } How...

by Explorer in

How to write a search for the most occurring field value per record and calculate their probability percentage?

Device Table1 Table2 Table3 Table4 Table5 Name1 XP XP XP XP XP Name2 7 7 XP Null ...

by Engager in

How to create an eval column in a table that says "yes" or "no" if the value in another column has changed from the previous row?

I have a table which stores updates done on a database (see my previous questions for more details). I want to create...

by Communicator in

Which is a faster search strategy for filters on multiple columns?

I have a table which returns multiple columns and I want to implement a text filter on each of these columns. Current...

by Communicator in

Creating a search to take id values from one day, and search for them in the following days

Hi, I currently need to create a search which takes the id values from a new_user event on 1 day, then searches fo...

by Explorer in

How to convert decimal time to a human readable format in a search?

Hello, I've a decimal time in my logs like 1.51 that equal 1h30/1:30 or 4.3 equal 4h20/4:20 So i try to get a n...

by Path Finder in

How to calculate set flags in a numeric value in a search?

I have a numeric value representing flags. It is the value in userAccountControl defined as follows: typedef enum ...

by Motivator in

What features will be disabled in trial version of Splunk after 60 days?

What features will be disabled in trial version of Splunk after 60 days? And What are the features which Enterprise h...

by New Member in

I am trying to get a bar chart to display a stats count of each violation split by the request status, so for it to display both, how much was blocked or alerted. What am i doing wrong

index="bigip-asm" web_application_name=HTTPCLASS_PROD_SOAENTRYPOINT_EXTERNAL_LIVE request_status=alerted OR blocked |...

by Engager in

rex n replace or rex and optional find

cs_username field contains multiple formats of username in the form of: username domain\usernam username@domain.com ...

by Communicator in

Calculate Average for multiple fields

My logs currently capture transaction summaries. The transaction summaries can have 0 to n number of integration. ...

by Explorer in

How to mask both index and search time data and how to verify if it is masked?

How to mask index and search time data? How to verify if it is masked?

by Explorer in

Is it possible to tell Splunk to group events based on a column?

This is an extension of the question http://answers.splunk.com/answers/171571/using-splunk-to-create-and-view-table-m...

by Communicator in

Combine searches through field

I have a query that pulls up IPs' but with no hostname. I have a separate query that can correlate each IP to a host ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splitting a Field into multiple values - separating date from time

How to get a year over year comparison in a search?

How to join two sets of data on a field and get the results that don't have corresponding matching data?

Can the universal forwarder monitor event logs and filter out events using regex in whitelist?

how to replace a multiple character to one character

How to combine and chart data from multiple files in the same folder, but only if a certain type of file exists?

Searching transactions for field/values set in the same event

How to write a search for the most occurring field value per record and calculate their probability percentage?

How to create an eval column in a table that says "yes" or "no" if the value in another column has changed from the previous row?

Which is a faster search strategy for filters on multiple columns?

Creating a search to take id values from one day, and search for them in the following days

How to convert decimal time to a human readable format in a search?

How to calculate set flags in a numeric value in a search?

What features will be disabled in trial version of Splunk after 60 days?

I am trying to get a bar chart to display a stats count of each violation split by the request status, so for it to display both, how much was blocked or alerted. What am i doing wrong

rex n replace or rex and optional find

Calculate Average for multiple fields

How to mask both index and search time data and how to verify if it is masked?

Is it possible to tell Splunk to group events based on a column?

Combine searches through field

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

Walklex Timespan

How to use MLTK to tune DNS Query Length Outliers ...

Optimizing metrics based searches?

How to use fit command together with foreach?

How to detect T1036.002: Masquerading (Right-to-Le...