Splunk Search

Community Activity

Why is my regex not matching? My regex from the message field looks like this. \| rex field=Message "\W(?<Hostname>\S+)\s\w+\W(?<Build>\S+)\s\w+\W... by michaelnorup Communicator in Splunk Search 03-28-2023 0 4	0	4
How to display fields from two queries only if timestamps match? Hi, I have a query that is making two different searches and displaying the stats of each. Example:index="example" TE... by klay824 Explorer in Splunk Search 03-28-2023 0 6	0	6
How to create a table for number of uploads for the top users? Hello All, I have been able to create a table that lists the top users that have been uploading files the most to clo... by TrangCIC81 Communicator in Splunk Search 03-28-2023 0 4	0	4
How to extract fields from txt format? Hello, I want to extract fiends from below log format. Can someone please help. Log format - 2023-03-21 04:14:13.859,... by drogo Explorer in Splunk Search 03-27-2023 0 5	0	5
How to use a Lookup File with Multiple Static or Dynamic Values? We have a standard configuration for our workstations. Several of the fields are static but some are dynamic (but the... by chrisschum Path Finder in Splunk Search 03-27-2023 0 2	0	2
How do I get the dashboard to show ONLY the highest count for the day? HI So I have this dashboard showing the below. HBSS ACAS CMRSACAS CMRSHBSS89 92 ... by woodlandrelic Path Finder in Splunk Search 03-27-2023 0 2	0	2
How to join two different result sharing common field? Search 1. \| inputlookup test1.csv \| table ITEM1 ITEM2 Search 2. \| inputlookup test2.csv \| table ITEM 1 ITEM3 Conc... by yohhpark Path Finder in Splunk Search 03-27-2023 0 4	0	4
How to Make a Table for JSON Data? I have the following JSON structure in my events. I am trying to figure out an SPL Query to format the JSON in a tabl... by apignata Explorer in Splunk Search 03-27-2023 0 1	0	1
Fetch data from json string[] I have a curl response which is json string[], I am able to fetch the data using split(), mvexpand() and then substri... by vickycoder27 Explorer in Splunk Search 03-26-2023 0 4	0	4
How to Convert Epoch Time? I'm running the below query to find out when was the last time an index checked in. However, in using this query the ... by itsmevic Communicator in Splunk Search 03-26-2023 0 5	0	5
How to create two new fields from a single field? I have a log set from FW's. These logs have a field called "src." From what I can tell, this field is populated with... by bt149 Path Finder in Splunk Search 03-25-2023 0 4	0	4
How to replace random substring in path? Hi all, I want to replace random substrings in path: C:\Users\sjfklsj\Appdata\.... -> C:\Users\---\Appdata\.... C:... by SplunkNewbie100 New Member in Splunk Search 03-25-2023 0 2	0	2
How to compare fields "list" and "standard"? Hello everyone In the result of my search I got such results (last command was stats values(list) as list, values(sta... by bosseres Contributor in Splunk Search 03-25-2023 0 3	0	3
How to merge two searches where initial output is fed to lookup table? I am working to merge two searches. The first search outputs one or more account names: index=x sourcetype=y \| ta... by Sven1 Path Finder in Splunk Search 03-24-2023 0 12	0	12
Help with lookup table Hi, looking for splunk query having field name similar to field in lookup file with respective value in lookup file.... by Abhineet Loves-to-Learn Everything in Splunk Search 03-24-2023 0 6	0	6
Why are there empty fields after a left join? Hello fellows!I have a sourcetype called cmdb with a field called BIA to any src_host. After this join index=lab sour... by pierre_weg Path Finder in Splunk Search 03-24-2023 0 6	0	6
How to pass the time from one query to another query? Actually I want to pass the time from first query to second and get results out on basis of first query time.First qu... by Veeru Path Finder in Splunk Search 03-24-2023 0 1	0	1
How to extract non-english column? Hi everyone,I have a column called "SCRN_NM" (name of screen)and only want to extract English data, not non-English ... by iwascar New Member in Splunk Search 03-24-2023 0 1	0	1
How to search field in two indexes? how to search value of "Dst_IP" field from "ASA" index to "otx" index "indicator" field and display the scrip" field ... by shashilendraman Explorer in Splunk Search 03-24-2023 1 5	1	5
How to delay with search result when run via Splunk API? Hi, We have a platform where lot of dashboards are populated using splunk searches via splunk api call. All the que... by surabhi New Member in Splunk Search 03-24-2023 0 0	0	0
How to map extracted field name (e.g actual_time) with _time field? Hi SMEs, I have a unique requirement which need one of my extracted filed name = actual_time to be mapped with _time ... by pm2012 Explorer in Splunk Search 03-24-2023 0 1	0	1
How to filter out IPv6 and 169.254.0.0/16 from a multi-value field? How do you filter out IPv6 and internal routed 169.254.0.0/16 from a multi-value field?Data ExampleHOST ... by mag314 Explorer in Splunk Search 03-23-2023 0 1	0	1
How to view creation time logs compare with index time and timestamp? I have some Checkpoint logs (Firewall) that are generating an alert (Data hygiene - events in the future), I would li... by Zarack Engager in Splunk Search 03-23-2023 0 1	0	1
Is there a way to instruct Splunk to not add quotes when passing searches stored in a lookup table to the map command? I am trying to store a list of searches in a lookup table and then pass each search to the map command. \|inputlook... by sjaworski Communicator in Splunk Search 03-23-2023 3 10	3	10
How to rex? I have 2 kind of logs where there are two types of uri which i want to rex into different fields {logType=DOWNSTREAM_... by mikeyty07 Communicator in Splunk Search 03-23-2023 1 4	1	4