Splunk Search

Community Activity

	Do I need to add create_empty=true and override_if_empty=false? Hello. I'm fairly new to Splunk and SPL so bear with me here. I have the following scenario: I have an existing looku... by finnpalm Explorer in Splunk Search 01-10-2023 0 4	0	4
	Is there any way to have a search only pick up user account logins? Hello everyone, I have a search for after hour logins between 6pm and 6am. Right now I have event codes 4625 and 4624... by Erilope Explorer in Splunk Search 01-10-2023 0 3	0	3
	How to remove ( \" ) characters from search? In few logs I can see escape character is also printed. My rex is working fine when i am testing it on regex101.com b... by MrIncredible Explorer in Splunk Search 01-10-2023 0 4	0	4
	What are the possibilities to achieve Thread Dump & Heap Dump Log Collection? Hi All, I need to collect "Thread Dump" and "Heap Dump" of the application into Splunk. What are all the possibiliti... by ramanan Engager in Splunk Search 01-10-2023 0 1	0	1
	Sending data to Splunk Cloud via intermediate forwarder? I have Splunk UF 7.0.3 that I want to send logs from to Splunk Cloud. However, the UF doesn't support httpout so I a... by jmr44 Explorer in Splunk Search 01-09-2023 0 1	0	1
	How can I get the last index of my target value for a multi-value field ? I want to get the last index of my target value for a multi-value field. For example, idchain1SendMessageCheckMessage... by Jackiifilwhh Path Finder in Splunk Search 01-09-2023 0 12	0	12
	Help with Regex extraction from request please help extract adsId,offerName, currentProductDescription, offerAccountToken, offerType, offerIdentifiermessage=... by siksaw33 Path Finder in Splunk Search 01-09-2023 0 7	0	7
	How to compare same field with values for equality? Hi Experts, I would like to compare values in same field (vlan_ids) for equality based on a machine serial (hyp_ser... by satish Explorer in Splunk Search 01-09-2023 0 4	0	4
	How to search all indexes with the specified HASH-es in a lookup file? Hello, I have created and imported a lookup file ex. "hashes.csv" and I have pasted there a list of 500+ hashes. I wa... by evallja Path Finder in Splunk Search 01-09-2023 0 2	0	2
	How to extract subword from a string? Hi all,I want to extract the following word with rex expression:ABC\qq1234 expected result: qq1234Please note that th... by aa0 Path Finder in Splunk Search 01-09-2023 0 2	0	2
	How to search for same field with different ip address? Happy New Year to all of you. So I have syslog in which we have details of the devices and switches. The requirement ... by niks987 Explorer in Splunk Search 01-09-2023 0 0	0	0
	How to extract fields in json format? i need to extract fields which are in json format i have been trying using spath command for extracting the following... by vineela Path Finder in Splunk Search 01-09-2023 0 8	0	8
	How to merge two regex in single query? I'd want to merge two regex strings into a single one; any suggestions would be greatly appreciated.Reference Search ... by Rakzskull Path Finder in Splunk Search 01-09-2023 0 2	0	2
	Compare 1st search result with 2nd search result and display only 1st searchfield value which didn't match with the 2nd? Hi Friends, My requirement: I want to trigger SNOW ticket from Splunk alert. Before trigger I want to check any open ... by Jagadeesh2022 Path Finder in Splunk Search 01-09-2023 0 5	0	5
	How to match when a certain value/string has occurred more than x times within an interval? Hi! I have various syslog clients sending me logs about their current state (a certain process). Eg. [timestamp] host... by martinhelgegren Explorer in Splunk Search 01-08-2023 0 8	0	8
	How to correlate lookup table fields with index fields? There is a lookup table with a row called 'ip' containing multiple ip address values which I would like to correlate ... by x3ncrypt Loves-to-Learn Everything in Splunk Search 01-08-2023 0 6	0	6
	Why do I have empty stack fields in some logs? I have uploaded the screenshots of logs of same time but in one log stack and task field is empty and in one it is fi... by sc_admin11 Explorer in Splunk Search 01-08-2023 0 6	0	6
	Why the error Error in 'rex' command while compiling the regex '\/home\/mysqld\/(?<D? index=mysql sourcetype=audit_log earliest=1\| rex field=source "\/home\/mysqld\/(?<Database1>.*)\/audit\/"\| rex ... by shruti14 Explorer in Splunk Search 01-08-2023 0 6	0	6
	How to send Data from SPLUNK to Consumer in real time? Hello, I have a few use cases to send data from SPLUNK to consumers in real time, and consumers have both Linux/Windo... by SplunkDash Motivator in Splunk Search 01-07-2023 0 9	0	9
	How to convert time secs into HH:MM format? Hai All, from the below search how to convert secs to HH:MM format age fields is getting time in secs index=_inte... by sekhar463 Path Finder in Splunk Search 01-07-2023 0 3	0	3
	How to search for loggins outside a specified time range? Hi, I have been looking to see if splunk has the capability of searching for loggins outside of a specified set time ... by scootsblue48 New Member in Splunk Search 01-06-2023 0 2	0	2
	Lookup Madness: How to match results to ONLY the names in a list I have using a lookup? I am trying to match results to ONLY the names in a list I have using a lookup. I cant figure out for the life of me... by DesertSocBum Explorer in Splunk Search 01-06-2023 0 6	0	6
	How to create a search for Stats Command for Number of Occurences of a String in a Log? Hi, I'm trying to come up with a query to generate the count of strings in a json field in a log, across all events. ... by dtarnaine920 Explorer in Splunk Search 01-06-2023 0 5	0	5
	How to create Group events based off a time and an ID? I'm fairly new to Splunk and I am having some trouble grouping somethings they way I want I have some data which all ... by add53 Engager in Splunk Search 01-06-2023 0 2	0	2
	How to standardize similar words? Hi all,I have two similar words that giving the same meaning. How can I standardize them into one value to prevent in... by aa0 Path Finder in Splunk Search 01-06-2023 0 3	0	3