Splunk Search

Discussions

Thread Info

Splunk searches unit test automation

Hi, Is there any framework or tool that can be used/customized for unit test automation of splunk apps. Thanks ...

by Influencer in

Merge event field into single table column

Hi, I'm trying to take filds from different events and put them in one table column. I've true this using the rename ...

by Explorer in

regex multiple phrases

I want to see if string a and string b are in the logs, but they might not be in the same event. And I don't want to ...

by New Member in

[spam redacted]

by New Member in

Removing some field values from a mulitiple value field

Hello, I am looking at the results of a table lookup, where there many values for a particular field are returned....

by Path Finder in

Extracting multiple fields from a line

I have a line that contains 2 different fields that I need Right now I have: index=os sourcetype="xxx" | regex _...

by Engager in

How to show multiple field values, that match another field

Hi folks, I'll do my best to explain this. I'll use cars as an analogy because it is easier to explain: In my data...

by Communicator in

How to combine disparate log data into a single time chart?

I have mail processing log lines I need to combine and report on. One type of log line contains strings like "clo...

by Engager in

What fields are displayed when using the "map" command

Hey all, I have a search that uses the map command. It looks like: <myBaseSearch> | map [search index=main sour...

by Contributor in

user fields contains comma in value. Best way to have field value include first and last name?

My field in the events is as follows UserFullName=Lastname, Firstname , I know that I can use a regex to extrac...

by Path Finder in

Counting Events?

Splunk Community, I’d like to be able to count the number of events I have per SourceFile when my sourcetype is Lo...

by Explorer in

Fetching the data from the respective index of the log statement

There is a log file which has events in the following format 0|10|434d5532|xxxxxx34|2014/06/06 04:47:54|819670|3|2014...

by Path Finder in

Windows PerfMon stats -- unable to create total_cpu field

Hi all, I'm having difficulty trying to create a total_cpu field. If I map a single variable to it, this works fin...

by Communicator in

DBX JOIN 2 databases together

I can write a search like this: | dbquery "DB1" "SELECT A.* AOS.* FROM Assets A JOIN AssetOSs AOS ON A.AssetOSID =...

by Motivator in

Doing lookup in the same index without using lookup command

Hi [index=main host=syslog status="deny"| top src_IP | table src_IP ]:::::this is my sub search. and it will produce ...

by SplunkTrust in

count by percentage

Hi, we're trying to find out windows XP users with some rules: if mod=syn, get client ip (cli)if mod=syn+ack, get ...

by Communicator in

Search time field extraction not showing in available fields

I am attempting to perform a search time field extraction via the rex command. I use the default field of _raw and gi...

by Engager in

inline stats without subsearch

This is a recurring problem for me in SPL. I want to assign some stats command results to a variable name and pop tha...

by Communicator in

metadata: how to find the most recent event for each host in each index?

i have 50 indexes and i want to find out the last most recent event for each host in each index. i can do this for...

by Path Finder in

how to get the value of field if another field has same value in particular time period

HI, I have data like below, Source_Address Event_Code Time User 10.10.10.010 4625 6/17/2014 00:12:26 Balaji 10.10.10....

by SplunkTrust in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk searches unit test automation

Merge event field into single table column

regex multiple phrases

[spam redacted]

Removing some field values from a mulitiple value field

Extracting multiple fields from a line

How to show multiple field values, that match another field

How to combine disparate log data into a single time chart?

What fields are displayed when using the "map" command

user fields contains comma in value. Best way to have field value include first and last name?

Counting Events?

Fetching the data from the respective index of the log statement

Windows PerfMon stats -- unable to create total_cpu field

DBX JOIN 2 databases together

Doing lookup in the same index without using lookup command

count by percentage

Search time field extraction not showing in available fields

inline stats without subsearch

metadata: how to find the most recent event for each host in each index?

how to get the value of field if another field has same value in particular time period

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

search event even in achive data (cold etc.)

App to stop unwanted logs ingestion ?

Exclude unwanted apps from web-logs

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats