Splunk Search

Community Activity

How can I write this regex for rex to extract multiple matches? I'm trying to parse saved searches that contain a bunch of eval statements that do this sort of logic \| eval var=ca... by bowesmana SplunkTrust in Splunk Search 02-07-2023 0 6	0	6
How to get specific value from key/value array to form table? Hi All, I don't have much experience with Splunk. My JSON payload looks like as shown below. The msg.details array ca... by btsr Explorer in Splunk Search 02-07-2023 0 3	0	3
Combining Lookups to a Table? I have two looksups that have a lists of subnets and name of the subnets. One lookup (subnet1.csv) as a field called ... by atebysandwich Path Finder in Splunk Search 02-07-2023 0 1	0	1
How to Group field values into similar field values? I am trying to get network outage totals by domain. I have four domains: A, B, C, D. The problem is that sometimes th... by michaeler Communicator in Splunk Search 02-07-2023 0 3	0	3
Comparison of field values with a lookup? I have a field in my database datamodel called 'os.user'. And I have a lookup called 'userAccount'. 'userAccount' lo... by zacksoft_wf Contributor in Splunk Search 02-07-2023 0 2	0	2
Is there is a way to output the contents of a Lookup file but also show the Lookup file name as results? Hi Splunkers, I was wondering if there is a way to output the contents of a Lookup file but also show the Lookup file... by finchy Explorer in Splunk Search 02-07-2023 0 3	0	3
Can we get Bamboo build stats into Splunk? We have Jira Add-On which allow us run Jira API to get Jira stats on Splunk. Similarly is there any Add-on or custom ... by roopendra Engager in Splunk Search 02-07-2023 1 2	1	2
How to generate query from an event? Hi,I want to make a search out of events by AL3Z Builder in Splunk Search 02-07-2023 0 1	0	1
How to compare products sold today vs last week same day? Today : index=sold Product=Acer , Product=iphone last week : index=sold Product=Samsung , Product=iphoneQuery Used :... by Prathyusha891 Explorer in Splunk Search 02-06-2023 0 3	0	3
How can I use props and transforms to extract multiline muntivalue event? Hi experts there, Trying to extract multivalue output from a multiline json field through props and transforms. How b... by nareshinsvu Builder in Splunk Search 02-06-2023 0 3	0	3
Why does makeresults returns "1" instead of "0"? My search: \| makeresults earliest=-2h \| timechart count as aantal span=1m returns a list of zero's but for th... by rrovers Contributor in Splunk Search 02-06-2023 0 2	0	2
How to get the start and end time based on key words in logs? Hi folks looking for some expert opinion. my logs contains many diff files. I want to capture the start and end time ... by merc14 Explorer in Splunk Search 02-06-2023 0 3	0	3
How to find duplicates on multiple fields? I have logs with the following three fields: -category -price -requestID (unique per entry) I want to find all requ... by sejiweji New Member in Splunk Search 02-06-2023 0 3	0	3
Using split function for two conditions? So I have a field named "domain" that has values of single domains (A, B, C) and combinations of domains with two dif... by michaeler Communicator in Splunk Search 02-06-2023 0 3	0	3
Help with Timechart function. Hi Community, I am trying to generate a timechart by month with the following query: index=xyz Question="zzz" NOT "Co... by edsanchez07 New Member in Splunk Search 02-06-2023 0 2	0	2
How to narrow down data with time? Hello, i am looking to narrow down my search field, i only want to search for events that happen outside of a speci... by Chris231289 Loves-to-Learn Lots in Splunk Search 02-06-2023 0 3	0	3
How to remove everything until the date but include it using SED (before indexing)? Hi All, Im struggeling to remove everything before the date using SED Example \|makeresults\|eval_raw="Feb 2 14:27:5... by newsplunker1 Path Finder in Splunk Search 02-06-2023 0 3	0	3
How to list element by a specific value? Hi,I have this table of data: NameAgeAddressMark211 st xxxxxElisabeth212 st xxxxxJane223 st xxxxxBryan244 st xxxxx ... by sdhiaeddine Explorer in Splunk Search 02-06-2023 0 3	0	3
How to Set field to value of another with a where clause? Hi Splunk Community, I am trying to work with over writing fields using an if clause. The data I have is like what is... by jpfrancetic Path Finder in Splunk Search 02-06-2023 0 1	0	1
How to include data filter so as to select particular date time records in splunk dashboard? hi team, i am using below splunk search in dashboards query index=BigIt log_severity=INFO or WARN app_name= test... by Aryc090908 Explorer in Splunk Search 02-06-2023 0 1	0	1
Can't find the count of individual values in multi-value field? Hello \| index=fruits \| transaction fruit_id \| rex max_match=0 “using rex to get the Type” \| eval TypeList=mvdedup(T... by dinesh16 Engager in Splunk Search 02-06-2023 0 3	0	3
Need help on Dashboard related issue I have a dashboard in which there is a Pie chart like below I need help in this way that it has to show a label of ev... by Renunaren Loves-to-Learn Everything in Splunk Search 02-06-2023 0 3	0	3
How do I rename a Rex field? Hi , I want to rename to Required Parameters Longitude and Latitude are missing or invalid to a new value Required P... by sid_1435 Explorer in Splunk Search 02-05-2023 0 5	0	5
How to use regex in calculated fields? Hi, I've been told, that using field extractions on json is not best practis and that I should use calculated fields ... by bitnapper Path Finder in Splunk Search 02-05-2023 0 4	0	4
How to extract all the multi-values in excel? One of my field in raw data is multivalue(like array) .I can see those values in a column in Splunk , but when I try ... by kasis152 Explorer in Splunk Search 02-05-2023 0 3	0	3