Splunk Search

Thread Info

format field at search time (phone, ip, MAC, etc..)

I want to format nicely the fields or events at search time. by example : US phone : 11122223333 to (111) 222-3333...

by Communicator in

Compare values from multiple Data Inputs

I'm trying to write a search that will compare values from different data inputs and return the highest value to use ...

by Explorer in

using eval with automatic lookups

Is there a way to perform an eval when using an automatic lookup? I'm using user IDs in IIS logs to find a user's rea...

by Path Finder in

"Join" search and sub search and sum value of overlapping records?

I'm trying to combine the results of a search and subsearch. They have overlapping fields but different result sets. ...

by Path Finder in

Help with Splunk search (EVAL command)

I am trying to assign a value to a Severity field when the sourcetype = "low" or "Med" or "high". I.e. - IF source...

by Communicator in

Props.conf / Regex question

I add this to props.conf to detect shellscripts, but interesting enough this not only matches shell-scripts but also ...

by Communicator in

Group aggregate on logs

for example, i have the following 7 logs, 2011-DEC-17 slotid="Location-Maps-US-Sunnyvale" delta_msec="1487" seq="3...

by Path Finder in

Is there any way to write the search results (in table format) in to a lookup table

Hi Is there any way to write the search results (in table format) in to a lookup table i.e... | table field1,fe...

by Contributor in

How to sum numbers with commas

I would like to calculate the total for the following sample. These are numbers but have comma. 122 3,871 17,896 ...

by Explorer in

Case conidtion on the searches

My logs contain a field "A", i need to calculate a new field "B" based on the SLOT, when A=a1 OR A=a2, THEN B=avg of...

by Path Finder in

matching issue with a regex in search

Hello, I'm having an issue with a regex i did. I want to create a new column with my regex where there's 2 values ...

by Communicator in

Search and grep for numbered events

Hi there! I'm looking at this previous question here: [http://splunk-base.splunk.com/answers/2602/can-splunk-fi...

by Builder in

field extractions are not working

my field extractions are not working tranforms.conf file is [tms_iisfields] FIELDS = "date","time","s-ip","cs-met...

by Builder in

lookup not found errors

i have yet to get lookups to work correctly in an app. The file is in the right place /opt/splunk/etc/apps/my...

by Path Finder in

Oracle Audit Trail Field Extraction

I am trying to extract the fields from an Oracle 10g Audit trail. Below is a sample of the raw log : Tue Feb 15 10...

by Contributor in

sed cmd to anonymize data

Hello, I have a source that contains events like these: "MONEY LEFT: 1.000,00" "MONEY LEFT: 000,00" "MONEY LEFT: 3...

by Communicator in

Scrub data from Splunk

Splunk's scrub command scrub data in queries/report. What are the steps to permanently remove certain logs from Splun...

by Engager in

Who is BOSBURN?

I'm getting this error message twice every 30 sec. 12-19-2011 12:15:27.539 -0500 ERROR AuthenticationManagerLDAP - Co...

by Communicator in

host_regex question for multiple matching fields

I am trying to set my host name equal to part of the file name with a regex (regular expression) and I am a regex nov...

by Explorer in

group values in search

Hello, I have data in the form of a date,server,events triplet. The fields are correctly extracted and assigned. ...

by Communicator in

move an index in diffrent location

Hi I have an index named pci and the location of this is /windows/pci/db i want move it(existing and new) in another ...

by Builder in

question relating to field extraction

Hi I have a problem with the field extraction. I am trying to extract out and name a field containing the data "--...

by New Member in

Remove cc data from splunk

We have couple of credit card data in splunk and we need to remove those from the splunk. I am using the below query ...

by Explorer in

Index a file once, regex to match first IP address only

I am attempting to Index a file once from my Splunk server. The file contains a copy of syslog data. The lines loo...

by Contributor in

splunk trending...

I'm trying to integrate information from this link http://splunk-base.splunk.com/answers/13482/plotting-trendlines-in...

by Contributor in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

format field at search time (phone, ip, MAC, etc..)

Compare values from multiple Data Inputs

using eval with automatic lookups

"Join" search and sub search and sum value of overlapping records?

Help with Splunk search (EVAL command)

Props.conf / Regex question

Group aggregate on logs

Is there any way to write the search results (in table format) in to a lookup table

How to sum numbers with commas

Case conidtion on the searches

matching issue with a regex in search

Search and grep for numbered events

field extractions are not working

lookup not found errors

Oracle Audit Trail Field Extraction

sed cmd to anonymize data

Scrub data from Splunk

Who is BOSBURN?

host_regex question for multiple matching fields

group values in search

move an index in diffrent location

question relating to field extraction

Remove cc data from splunk

Index a file once, regex to match first IP address only

splunk trending...

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Unleash Unified Security and Observability with Splunk Cloud Platform

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...