Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Receiving message "Field extractor name=extract-doublecolon-transform is unusually slow" How to optimize the regex for my field extraction?

We have events in below format.. [2014-11-17 05:00:00,876] [INFO] [EventTimestamp::2014-11-17T05:00:00.876-06:00|R...

by Contributor in

How do I extract fields from a json object (serialized) and put it back to splunk index?

Sample data: <167>1 2014-11-15T16:45:44.542-07:00 host.name.com neat 11151 gcm [meta@28281 sequenceId="43096" sysU...

by Path Finder in

Can I provide a default value for a |rex command field extraction?

Good Day! Insight would be much appreciated on the following... The data below may or may not have the occurren...

by Explorer in

Joining two log files that have two common fields

Hello, It would be very helpful for me if you could find out the solution for the following scenario. SELECT * ...

by New Member in

How to search for successful transactions only if a certain number of failed transactions are returned by client IP?

I'm looking to develop a table/report which shows me IP addresses in a HTTP access log whereby the client first gener...

by Contributor in

How to filter my search and only return results if response time is greater than median time?

Hi, I would like to get results only if response time is greater than median time. I have used below query. But fo...

by Contributor in

Why is stats more efficient and better supported with MapReduce than transaction?

I was told that stats is more efficent and better supported with MapReduce... is that true and if so why?

by New Member in

How to combine two searches in one timechart and show dynamic x-axis labels?

Hi All, I would like to combine below two searches in one timechart stacked with x axis showing date and total record...

by New Member in

How to create a custom macro / function inside the search query?

In the query below, for each host, I am searching for its performance data for each value for past 5 minutes. The ex...

by Explorer in

Why does my int field from mssql database not become an extracted field in Splunk when it is NULL?

I have an mssql database that I am importing using DB Connect. I have an int field type that could equal NULL or 1 th...

by Path Finder in

REX Question

Hi rex "(?i)\].*(?<test1>([^ ]* ){5})" I want to avoid numbers being returned but i don't want to avoid the ...

by Contributor in

How to write a search to omit transactions unless the URLs are different in the transaction?

I am using the below query, but i need to omit the transactions unless the URLs are different in the transaction. ...

by Path Finder in

Dedup Lookup Table Field Results for Table

I am trying to find a way to clean up the display of one of my searches. I use a lookup table to input a field from o...

by Path Finder in

How to join 2 results and use transaction to display calls within a 3 second timespan for weblogic access logs?

in weblogic access log, i need to join 2 results and use transaction to display the calls within 3s timespan, but thi...

by Path Finder in

Help with hostname regex

I have concocted a basic regular expression to find all Splunk indexes from matching hosts. The idea of the regex is ...

by Engager in

How to build an external static lookup table for Firewall ACL auditing to match on dst_port and determine if the port matches an existing ACL rule?

Hello Splunk Answers, I am looking to build a static lookup table for Firewall ACL lookup. Essentially, I would li...

by Explorer in

How do I keep a sum total of events before a dedup?

Not sure if I am 100% clear in the question, but here is what I am looking to do. I have a stream of incoming message...

by Path Finder in

Why searching for a string with comparison operator "!=" returns the same source file name as "="?

Hello: I have a single source file that contains a string of interest. When I run this query I get a single cor...

by Engager in

How to write a search to use regex to extract multiple fields from a log line and find the total count of all matched patterns?

I've looked through several of the other questions related to this one, but they were either unanswered, or answered ...

by Explorer in

How to truncate a field value after a regex pattern?

How can I truncate a field value after a given pattern. For example, if I am looking at web page logs, how can I trun...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Receiving message "Field extractor name=extract-doublecolon-transform is unusually slow" How to optimize the regex for my field extraction?

How do I extract fields from a json object (serialized) and put it back to splunk index?

Can I provide a default value for a |rex command field extraction?

Joining two log files that have two common fields

How to search for successful transactions only if a certain number of failed transactions are returned by client IP?

How to filter my search and only return results if response time is greater than median time?

Why is stats more efficient and better supported with MapReduce than transaction?

How to combine two searches in one timechart and show dynamic x-axis labels?

How to create a custom macro / function inside the search query?

Why does my int field from mssql database not become an extracted field in Splunk when it is NULL?

REX Question

How to write a search to omit transactions unless the URLs are different in the transaction?

Dedup Lookup Table Field Results for Table

How to join 2 results and use transaction to display calls within a 3 second timespan for weblogic access logs?

Help with hostname regex

How to build an external static lookup table for Firewall ACL auditing to match on dst_port and determine if the port matches an existing ACL rule?

How do I keep a sum total of events before a dedup?

Why searching for a string with comparison operator "!=" returns the same source file name as "="?

How to write a search to use regex to extract multiple fields from a log line and find the total count of all matched patterns?

How to truncate a field value after a regex pattern?

Starting With Observability: OpenTelemetry Best Practices

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Streamline Data Ingestion With Deployment Server Essentials

chart by 2 fields

Eval case statement

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...