Splunk Search

Discussions

Thread Info

How do you anonymize two recognized fields in Splunk?

Hello Splunkers, I am trying to follow the logic from the below URL to anonymize some field data on the fly. http:...

by Communicator in

How to extract a complex field

I have a log that has the following: Blah blah bloh HandleBusInfoMessage=31951592=460892.509; nextcommand Blah Handle...

by Explorer in

How to break events and extract fields from Scripted Input

Here is the sample data AppPoolName : TestApp PrivateMemory : 2000 State : Started Application : IdentityType : Ne...

by Path Finder in

Why isn't this regex returning anything?

When running the regex below, the search doesn't return any results even though the reg ex string works well on the e...

by Path Finder in

External IP location

Hi, We have set to receive alerts like Brute force, Port Scanning from external IPs. Is there anyway or query ...

by Explorer in

How to use regex to extract the last value in a line from a known field of a data model?

Hi guys, How to extract one portion of the data model when I have the name of the field. Sample: field: status, w...

by Contributor in

How to correct my regex to extract text from two or more lines?

Hi, Please let me know the regex to extract text from 2 or 3 more lines. For below log text : ClientIp=06516...

by Explorer in

Regex to extract exceptionmessage

Hi, I have five different types of exceptions and for that messages are logged as shown below : ClientIp=065162...

by Explorer in

Regex for two similar statements to put in transforms.conf ?

Hello, thanks for everyones assistance on MV_ADD=True response on my last question regarding multivalued pairs.. Now ...

by Communicator in

Can I disable clicking on items in table view when sharing search results?

When sharing a search result I would like to disable clicking on the individual table cells. I would still like to be...

by Path Finder in

How to get only first 3 events as a result for each event/Field?

I am attempting to get first 3 events for each user field for which user count>3. Basically what I am looking for...

by Path Finder in

"| delete" after lookup command

Hi, is it possible to use the delete command after a lookup? sourcetype=sourceA | lookup delete_lookup.csv ke...

by Motivator in

データサマリーから不要なデータを削除する方法

データサマリーで表示されるホスト、ソース、ソースタイプにおいて、不要なデータを削除しようと思います。現在V6.1.4（Windows 7)ですが、昔(V5)は、"| delete"を指定した場合、論理削除だけで物理削除は行われず表示...

by Explorer in

How can I replace only the field value if found using Automatic lookups?

I have a problem with my checkpoint logs and automatic lookup tables (although the problem is not specific to checkpo...

by Explorer in

Extract xml

Hi Splunkers, I would like to extract the following xml while indexing.. fields: host=0.0.0.1 source=mysourc...

by Motivator in

Selected fields in fields side bar

In order to be a selected field , doest that field must exist in every events ? Now host, source, sourcetype are t...

by Motivator in

How to combine a search for all events with a stats subsearch for a certain event that exceeds a threshold within an hour?

I need to combine a normal search for 24 hr period with all events and a subsearch on threshold based event where it ...

by Explorer in

multi pattern string calculation on fields

I have log coming in this format. this value is dynamic and keep changing in terms of Form and numbers Counts=[100A=0...

by Path Finder in

Why the function "strftime" not working in my search query?

alt textIf I use this, no event return sourcetype=abc source="*"+strftime(now(),"%Y%m%d")+"*" But when I modif...

by Path Finder in

help span would result in too many rows

we are getting this error more frequently, can you please tell us the optimized settings to avoid this error, The ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you anonymize two recognized fields in Splunk?

How to extract a complex field

How to break events and extract fields from Scripted Input

Why isn't this regex returning anything?

External IP location

How to use regex to extract the last value in a line from a known field of a data model?

How to correct my regex to extract text from two or more lines?

Regex to extract exceptionmessage

Regex for two similar statements to put in transforms.conf ?

Can I disable clicking on items in table view when sharing search results?

How to get only first 3 events as a result for each event/Field?

"| delete" after lookup command

データサマリーから不要なデータを削除する方法

How can I replace only the field value if found using Automatic lookups?

Extract xml

Selected fields in fields side bar

How to combine a search for all events with a stats subsearch for a certain event that exceeds a threshold within an hour?

multi pattern string calculation on fields

Why the function "strftime" not working in my search query?

help span would result in too many rows

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Join all objects with specific object within the s...

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...