Splunk Search

Community Activity

What regex to use to remove \\ form the hostname fields? Hi All, I have a hostname stating \\sent134 I need to remove this \\ using regex and it should be like this: sent134... by SabariRajanT Path Finder in Splunk Search 11-25-2022 0 2	0	2
How to group results and list common occurrences by time? I have the following data: { "remote_addr": "1.2.3.4", "remote_user": "-", "time_local": "24/Nov/2022:09:55... by guywood13 Path Finder in Splunk Search 11-25-2022 0 3	0	3
How to replace join by stats to merge SPL based on common field? Hi,My datasets are much larger but these represent the crux of my hurdle... Sourcetype= transaction fields= trans... by innoce Path Finder in Splunk Search 11-24-2022 0 1	0	1
How to visualize all the search I put using the search command? HI All, I would like to visualize all the search fields/content I mentioned using the command search: index=* \| sear... by matcad81 New Member in Splunk Search 11-24-2022 0 2	0	2
How do I build this Sysmon log search without having required fields? I want to implement this correlation search: `sysmon` EventCode=10 TargetImage=lsass.exe CallTrace=dbgcore.dll* O... by Ash Engager in Splunk Search 11-24-2022 0 1	0	1
Nested SubQuery With NOT IN Clause Hello,I am looking for the equivalent of performing SQL like such:SELECT transaction_id, vendorFROM ordersWHERE trans... by ayu2375 Engager in Splunk Search 11-24-2022 0 2	0	2
How to use SED to remove optional fields? We have api requests that I want to create statistics by the request but to do this I need to remove variable identif... by singlinet Engager in Splunk Search 11-24-2022 0 2	0	2
How do I rename a nested field? I have an eval query. The details object returned looks like this: {<!-- --> status: 404, code: ERROR } "details... by stong2351 New Member in Splunk Search 11-24-2022 0 2	0	2
How to generate _time for search in metadata? Hi need to generate current date like this "20201123" and use as a search filter on metadata. AFAIK there is no "_tim... by indeed_2000 Motivator in Splunk Search 11-24-2022 0 6	0	6
Why am I getting different timewrap results depending on what time of day the search is run? I have a saved search running every few minutes to append data to a 15 day csv log file within Splunk. I'm trying to... by dougburdan Explorer in Splunk Search 11-24-2022 0 2	0	2
Is it possible to convert the hex data into ascii without affecting the ascii data? Hi all, I am attempting to convert data extracted as a field containing combination of hex and ascii data. Was wonde... by xiaoming New Member in Splunk Search 11-23-2022 0 3	0	3
Is there a way for Lookup file to return field names? Is there a way to achieve this? I have a lookup table with 2 columns alert_type and short_description. alert_typ... by ansif Motivator in Splunk Search 11-23-2022 0 5	0	5
Show error details when errors 10% higher than previous 30 mins? Hi, I want to display the error details in the last 30 mins, so they can be investigated, when the amount of errors h... by MikeyD100 Explorer in Splunk Search 11-23-2022 0 4	0	4
Finding concurrent sessions over time by PrisonMike Explorer in Splunk Search 11-23-2022 0 10	0	10
Help with lookup to get table? Hi, I have a lookup as follow ipidname111.111.111.111111simone*222marco in the index I have ipid 111.111.111.1111112... by simo Path Finder in Splunk Search 11-23-2022 0 2	0	2
How to show multiple records value in same table row? I have a job that runs multiple times if it failed. I need to create a dashboard with a table that shows all the atte... by splunkuser320 Path Finder in Splunk Search 11-23-2022 0 3	0	3
How do I extract using regex? i have below result, how can I do a regex to extract the fields, first being DateTime, username, Action, Entity2022-1... by sphiwee Contributor in Splunk Search 11-22-2022 0 2	0	2
How do I check which major destinations generate the most logs on a specific firewall host? How do I check which major destinations generate the most logs on a specific firewall host = 10.22.44.254? I would li... by renangomes New Member in Splunk Search 11-22-2022 0 1	0	1
Is it possible to create a Pie Chart from three fields? Is it possible to create a Pie Chart from three fields? If so, how? Thanks a million in advance! by itsmevic70 Explorer in Splunk Search 11-22-2022 0 2	0	2
How to split single field into multiple with different format? Hi All, i have events like below and i want to extract the fields as TotalRecords, SuccessRecords, FailedRecords, B... by Praveenrocky New Member in Splunk Search 11-22-2022 0 2	0	2
How do you chart a cumulative sum? I'm calculating the sum of spending over a month period. * \| timechart sum(value) span=1mon This will produce the ... by Marinus Communicator in Splunk Search 11-22-2022 4 8	4	8
How to search for multiple cases? Hi community, I have 2 data sources, 1 from a csv to get the list of district (include number of population according... by Julia1231 Communicator in Splunk Search 11-22-2022 0 1	0	1
How to show all data of one field? Hello, I put them in context before showing the query. I have a splunk that I test on it to see the query results bec... by userQ Loves-to-Learn in Splunk Search 11-22-2022 0 3	0	3
Removing events based on condition by PrisonMike Explorer in Splunk Search 11-22-2022 0 1	0	1
How to plot timechart graph with count of fruits for each door? Time door Fruit Count11/11/2022 04:36:07 112 APPLE 1411/11/2022 04:10:00 111 PEAR 811/11/2022 03:01:02 111 PEAR 11911... by venky1544 Builder in Splunk Search 11-22-2022 0 2	0	2