Splunk Search

Discussions

Thread Info

How to change each instance of a field search result?

I'm doing a search for server names and will eventually extract to to a csv. However, each result comes out as one of...

by Path Finder in

How to filter events with regex?

I'm trying to filter out events like the ones below using the regex expression regex _raw!="^[A-Za-z0-9]{4}:.*$" ...

by Explorer in

How to blacklist regex in parsing?

Currently running Splunk Universal Forwarder version 9.0.3. Looking to ignore Windows event logs (EventCode = 4103...

by Path Finder in

Is there a way to search across multiple lookup files to find text within them?

Hi Is there a way to search across multiple Lookup files to find text within them ? I know that you can use | inp...

by Explorer in

How to disable save as option?

I want to disable the feature of save as, user can able to search but shouldn't be able to save it as a dashboard or ...

by Communicator in

How to use a lookup to filter raw data from a log?

Hi all, I am new to Spluntk and have problem with my search. I have a Lookup table: Error.csv Filter*Error1*...

by Engager in

How to split time into column and other fields into row?

|eval TotalApps=if(match('Total',"NTB"),"1","0") |eval In-Progress=if('Total'="NTB" AND isnull('APPL_SUB-DATE'),"1...

by Loves-to-Learn Lots in

Events are getting matched, but why don't I see any table with messageid and timediff?

I have 2 events having fields1. id_cse_event: sqsmessageid,timestamp2. Scim: sqs_message_id, timestamp.I want to sear...

by Explorer in

How to parse this json data?

Hi,Please could you help with parsing this json data to table { "list_element": [ { "element": ...

by Explorer in

Help needed Timechart Query

Dear experts , I am searching on my bot index, which contain conve-id and rest of the fields are stored as payload...

by Explorer in

How to search values in the lookup file?

I have sample.csv file with about 30000 rows with columns: sample data data value1 value25600012345 abc x...

by Path Finder in

How to combine fields and get average value by other field?

I feel like I'm dancing circles around the solution to this problem. I created a field named "Duration" with rex that...

by Communicator in

How to do field Extractions from the Message field in WinEventLog?

So after searching here it seems like a lot of people have trouble parsing/handling WinEventLogs. I want to ask if th...

by Path Finder in

On understanding array versus multivalue fields

Greetings. My Splunk instance parses messages which has a JSON array type: ``` { tags: ["info", "foo", "bar"]...

by Observer in

How to search for an event and other surrounding events?

Hi All, I'm pretty new to Splunk so forgive me if this is an easy question. I'm trying to figure out how to a) ...

by Explorer in

Horizontal Bar Chart Bar Colors: How to create search?

I have a horizontal bar chart usingthe following post processing search:| stats count by urgency| eval urgency = if(u...

by Communicator in

Rex field extraction

I am trying to determine the average time for a set of issues to get resolved. I already created a field named "Durat...

by Communicator in

How to pull RDP Connections in my environment?

Query doesnt bring up anything. Try to pull RDP connections in my environment: event_simpleName=...

by Engager in

How to replace 2 different characters in the same field?

Hi, I have a csv that is imported to splunk and one of those fields has a space for the thousands and ends with "...

by Explorer in

How to create a Splunk query to detect HTTP direct outbound traffic?

Hello, I need a search query to detect http outboun irect traffic. Thank you.

by Loves-to-Learn Everything in

When using stats to display values() of fields, how can we have the values to align between the field names?

Hi All, When using stats to display values() of fields , how can we have the values to align between the field nam...

by Builder in

Error in 'lookup' command: Why is it failing to re-open lookup file?

Hello Splunker! Sometimes my searches on Splunk Enterprise Security Search Head ran into following error (mos...

by Loves-to-Learn Lots in

Splitting Multi-Value and Multi-Line field?

I have a list of chrome extensions that are installed that is returned in a multivalue field. One of the results look...

by Explorer in

How to parse log with a lot of indicators?

Hello everyone, I have a question for you, and I need your help please  I have some logs, but the parsing...

by Path Finder in

How to extract fields (in props.conf) based on conditional regex?

Hello, My events contain strings such as: notification that user "mydomain\bob" hasnotification that user "fred" ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to change each instance of a field search result?

How to filter events with regex?

How to blacklist regex in parsing?

Is there a way to search across multiple lookup files to find text within them?

How to disable save as option?

How to use a lookup to filter raw data from a log?

How to split time into column and other fields into row?

Events are getting matched, but why don't I see any table with messageid and timediff?

How to parse this json data?

Help needed Timechart Query

How to search values in the lookup file?

How to combine fields and get average value by other field?

How to do field Extractions from the Message field in WinEventLog?

On understanding array versus multivalue fields

How to search for an event and other surrounding events?

Horizontal Bar Chart Bar Colors: How to create search?

Rex field extraction

How to pull RDP Connections in my environment?

How to replace 2 different characters in the same field?

How to create a Splunk query to detect HTTP direct outbound traffic?

When using stats to display values() of fields, how can we have the values to align between the field names?

Error in 'lookup' command: Why is it failing to re-open lookup file?

Splitting Multi-Value and Multi-Line field?

How to parse log with a lot of indicators?

How to extract fields (in props.conf) based on conditional regex?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!