Splunk Search

Ask a Question

Discussions

Thread Info

Field Extractions off host name

Hello, Our naming convention has a relatively strict set of rules on it. e.g. datacenter+envionmentnumber+sec...

by Builder in

How to write a search to return hosts that have no results in a map search?

I have a search, lets say: sourcetype=foo earliest=-1d@d | map search="search host=$host$ earliest=@d sourcetype=b...

by Path Finder in

How can I extract a field value from a folder name?

I have a file that Splunk monitors stored in F:/xxx/2014/file.csv. Is there any way to dynamically take the 2014 fold...

by Communicator in

How to search for and remove indexes in Splunk that are not being used/searched by users?

Ideally I'd like to search Splunk to determine if anyone is searching a particular index. My use case is that I'd ...

by Engager in

How do you anonymize two recognized fields in Splunk?

Hello Splunkers, I am trying to follow the logic from the below URL to anonymize some field data on the fly. http:...

by Communicator in

How to extract a complex field

I have a log that has the following: Blah blah bloh HandleBusInfoMessage=31951592=460892.509; nextcommand Blah Handle...

by Explorer in

How to break events and extract fields from Scripted Input

Here is the sample data AppPoolName : TestApp PrivateMemory : 2000 State : Started Application : IdentityType : Ne...

by Path Finder in

Why isn't this regex returning anything?

When running the regex below, the search doesn't return any results even though the reg ex string works well on the e...

by Path Finder in

External IP location

Hi, We have set to receive alerts like Brute force, Port Scanning from external IPs. Is there anyway or query ...

by Explorer in

How to use regex to extract the last value in a line from a known field of a data model?

Hi guys, How to extract one portion of the data model when I have the name of the field. Sample: field: status, w...

by Contributor in

How to correct my regex to extract text from two or more lines?

Hi, Please let me know the regex to extract text from 2 or 3 more lines. For below log text : ClientIp=06516...

by Explorer in

Regex to extract exceptionmessage

Hi, I have five different types of exceptions and for that messages are logged as shown below : ClientIp=065162...

by Explorer in

Regex for two similar statements to put in transforms.conf ?

Hello, thanks for everyones assistance on MV_ADD=True response on my last question regarding multivalued pairs.. Now ...

by Communicator in

Can I disable clicking on items in table view when sharing search results?

When sharing a search result I would like to disable clicking on the individual table cells. I would still like to be...

by Path Finder in

How to get only first 3 events as a result for each event/Field?

I am attempting to get first 3 events for each user field for which user count>3. Basically what I am looking for...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field Extractions off host name

How to write a search to return hosts that have no results in a map search?

How can I extract a field value from a folder name?

How to search for and remove indexes in Splunk that are not being used/searched by users?

How do you anonymize two recognized fields in Splunk?

How to extract a complex field

How to break events and extract fields from Scripted Input

Why isn't this regex returning anything?

External IP location

How to use regex to extract the last value in a line from a known field of a data model?

How to correct my regex to extract text from two or more lines?

Regex to extract exceptionmessage

Regex for two similar statements to put in transforms.conf ?

Can I disable clicking on items in table view when sharing search results?

How to get only first 3 events as a result for each event/Field?

Announcing the 1st Round Champion’s Tribute Winners of the Great Resilience Quest

We’ve Got Education Validation!

What’s New in Splunk Cloud Platform 9.1.2308?

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...

Better PDF report visualization