Splunk Search

Discussions

Thread Info

Regex: Simple Substring for Field Extraction

Hi All I seem to be having a little issue extracting data from a specific position, the data I am working with hav...

by New Member in

count of character in field

how would I count the number of occurances of a character or symbol in an extracted field and display that as a seper...

by Communicator in

Environment variable used in search

How do you set up an Environment variable to be used as part of the path for your data? I set an environment variable...

by Path Finder in

search app error : skipped indexing of internal audit event will keep dropping

skipped indexing of internal audit event will keep dropping events until indexer congestion is remedied. Check disk s...

by Explorer in

Reassign (or keep) variable in eval's IF statement

I have two variables and based on one would like to possible change the value of the other: .. | eval a="foo" | ev...

by Path Finder in

eval streamstats result within timechart can't recognize field

When I use streamstats to generate last values in the stream I can timechart the results appropriately (without error...

by Explorer in

How to get a value - even if 0 results from search?

I have a measurement on our system availability. I have following summary index search: SEARCH | delta _time AS...

by Communicator in

Field value not assigned

I would like to search when a field value is not populated. I extracted data for a field but the pattern changes and ...

by New Member in

host_regex isn't working...

I'm trying to get vulnerability data from a Nessus 4 nbe file. Here is my inputs.conf entry: [monitor:///usr/share...

by Communicator in

Change Logo on screen

Hello, I read the previous answer for changing the logo graphic "logo-mrsparkle.png". Can someone please provide ...

by Splunk Employee in

Can I chart the available disk space?

Hi Guys I am trying to make a chart of disk space used over time but the query I have built (below) simply returns...

by Explorer in

Create table of exception

Hi, I have tried to list out all the tomcat exceptions from my application logs like this. host="Tom1" sourcety...

by Explorer in

Viewing beyond the top 10 results within an extracted field

I'm currently running searches to track the behavior of users on a particular mobile application. The first step in t...

by New Member in

Why doesn't my new lookup field show up in search?

Hi, I am trying to tie mac addresses to username based on DHCP data. I have followed all the online documentation but...

by Explorer in

Regex - Browser search

I need to be able to find our users that are using the Safari browser. The user agent string looks something like thi...

by New Member in

Internal Server Error trying to retrieve search results from custom module

When my module tries to retrieve results from a search launched by a user, it produces this error: GET http:/...

by Explorer in

Aliases for "host" field?

Greetings, At the moment due to various sources/sourcetypes, as well as historical hostname changes we have a lot ...

by Explorer in

Use subsearch results as data in outer search

Hi I have a subsearch which searches for certain events (suspicious requests that sometimes happen after a user ha...

by Engager in

Subsearch question

I have a large search: search index="XXX" which has host as field. This includes data for two locations. I need...

by New Member in

How can i convert time values stored in epoch seconds to human readable values in splunk?

For example I've got some values coming in such as, how can i convert the time value to a field within splunk convert...

by Splunk Employee in

Complex Query question

I am sending my sonic wall data to splunk via syslog. I am trying to get a report to show me how many open connection...

by Engager in

Identifying users with activity in two different time periods

I'm trying to identify the source of a performance slow down that has occurred twice over the last two days. Each slo...

by Path Finder in

Display count for multiple time increments

I have log data that tracks the completion of jobs. I'd like to be able to track the completed jobs, but for 4 differ...

by Explorer in

Search never finishes

I'm trying to run a search for a large number (45) of suspect IP addresses. The search runs for 12 hours or more but ...

by Communicator in

Read a file using Splunk without indexing it?

I thought there was a way (command) that would users with the right permissions to read a file on the Splunk filesyst...

by Champion in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex: Simple Substring for Field Extraction

count of character in field

Environment variable used in search

search app error : skipped indexing of internal audit event will keep dropping

Reassign (or keep) variable in eval's IF statement

eval streamstats result within timechart can't recognize field

How to get a value - even if 0 results from search?

Field value not assigned

host_regex isn't working...

Change Logo on screen

Can I chart the available disk space?

Create table of exception

Viewing beyond the top 10 results within an extracted field

Why doesn't my new lookup field show up in search?

Regex - Browser search

Internal Server Error trying to retrieve search results from custom module

Aliases for "host" field?

Use subsearch results as data in outer search

Subsearch question

How can i convert time values stored in epoch seconds to human readable values in splunk?

Complex Query question

Identifying users with activity in two different time periods

Display count for multiple time increments

Search never finishes

Read a file using Splunk without indexing it?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...