Splunk Search

Community Activity

	How to exclude data from a field? Is there a way to exclude specified data from a single field. The example I have is on Destination IP addresses from ... by MR1992 Explorer in Splunk Search 04-20-2023 0 4	0	4
	How to remove double quotes from extracted field values Filed extracted like rex field = msg " student information\" : (?<studentname>.*?)," Student name getting like below"... by Sekhar Explorer in Splunk Search 04-20-2023 0 3	0	3
	Matching field from two different index and source I have two event start event having extracted fields from log managerid ,branch I'd,empname using index = emp source... by Sekhar Explorer in Splunk Search 04-20-2023 0 1	0	1
	How to remove repeated duplicate values? I am trying to remove duplicates in my result using the \|dedup command. Even though I am seeing 2 entries in my resul... by alexspunkshell Contributor in Splunk Search 04-20-2023 0 6	0	6
	How to achieve auto filed value extraction? Hi Team, I have to do auto field extraction of the fields coming inside the payload under <mTypes>....</mTypes> to th... by pm2012 Explorer in Splunk Search 04-20-2023 0 5	0	5
	How would I value map ip addresses? I have an example data on csv named invent.csv like this: I want to map ip values to host output using lookup usin... by f_666dhn Explorer in Splunk Search 04-19-2023 0 1	0	1
	How to write this query in Splunk? This is application insight query which i need to write in splunk , can some one help me please let a=traces\| where c... by Anidy21 Engager in Splunk Search 04-19-2023 0 7	0	7
	How can I find results only iff the previous queries returns results? I calculate the requests per second for my application using the following query: method!=GET process="start" \| tim... by yk010123 Path Finder in Splunk Search 04-19-2023 0 1	0	1
	Querying log events based on field values nested inside a escaped raw JSON property Hi, I need some help with querying log events based on field values nested inside a escaped raw JSON object property.... by btsr Explorer in Splunk Search 04-19-2023 0 4	0	4
	How to reliably use a \| rex command in a dashboard? Hi, I regularly have the problem, that I save searches containing regexes with $ characters to a dashboard where they... by bitnapper Path Finder in Splunk Search 04-19-2023 0 11	0	11
	Search Keywords with search button I am currently working on a search dashboard. I have the dashboard created and the search (Submit Button). In this ... by ASR1022 Loves-to-Learn Lots in Splunk Search 04-19-2023 0 4	0	4
	VT4Splunk APP correlation with paloalto Hi, I have installed the virustotal add-on for Splunk.When I enter the dashboards that are already pre-built I find t... by splunkcol Builder in Splunk Search 04-19-2023 0 0	0	0
	How to whitelist through subsearching with out lookups? So there's ton of documentations of whitelisting through the subsearch approach using lookups, however, is it possibl... by Henesys New Member in Splunk Search 04-19-2023 0 3	0	3
	What timeframe do REST API searches use? I need to count the number of times an alert has triggered in a specific time window (say, last 24 hours). I am tryi... by random_event Explorer in Splunk Search 04-19-2023 0 3	0	3
	Rex field extraction I have a field called 'description'. I want to be able to extract MD5, SHA1, SHA256 values present in this field.Need... by zacksoft_wf Contributor in Splunk Search 04-19-2023 0 3	0	3
	How to search for values greater than 90 days? index=test sourcetype=csv source=prtg.csv host=prtg device=all "Down for"=*\| rename "Down for" AS Downtime\| eval "Dow... by willsy Communicator in Splunk Search 04-19-2023 0 7	0	7
	How to replace blank values with "0"? Trying to replace the blank values on my dashboard with 0s. If table is empty, should display 0. On the logs data, it... by harshparikhxlrd Path Finder in Splunk Search 04-18-2023 0 2	0	2
	How to handle eval searchmatch with question-mark? Hello Using the below query, I am trying to build a response index=my_index openshift_cluster="cluster009" sourc... by super_edition Path Finder in Splunk Search 04-18-2023 0 2	0	2
	How to combine CMDB tables? We have two CMDB tables logs in to Splunk 1. CMDB Business application - Business related info 2. CMDB Rel - Relatio... by navb Loves-to-Learn in Splunk Search 04-18-2023 0 3	0	3
	How are strings from an UI-"input" interpreted in another string search? I have the following search string in my chart panel. "Arguments.category{}"= "$TestSuite$" TestSuite is defined by ... by GaryZ Path Finder in Splunk Search 04-18-2023 0 7	0	7
	How to extract data from quotation marks? Hello, I am trying to extract the data from the following message:the header data is in quotes and for each header da... by Lazous Engager in Splunk Search 04-18-2023 0 5	0	5
	Why is ISNULL functionality not working? I am trying to get the data only when my lastlogon(field name) is Null. but the above query is still giving me data f... by Keerthi Path Finder in Splunk Search 04-18-2023 0 2	0	2
	How to count for all hosts from lookup? I have a query that I am using to get the count of events index=system source=/var/log/syslog/* \| rex field=source "... by Skysurfer Explorer in Splunk Search 04-18-2023 0 2	0	2
	How to format as percent with 2 decimal places and no rounding? How do you convert .34999832 to 34.99% or .399345 to 39.99% I need to see the .99 and not have it round up by mbtsoltis Explorer in Splunk Search 04-18-2023 0 3	0	3
	How to speed up Splunk query that uses appendcols? Hi, I have the following Splunk query:index=ABC sourcetype=DEF dv_assignment_group="SECURITY-NETWORK-L3" \| table _tim... by POR160893 Builder in Splunk Search 04-18-2023 0 3	0	3