Splunk Search

Discussions

Thread Info

How to write a Regex to search globally?

below is the data which has multiple features for a single item. I want to write a regex which could search all occur...

by Engager in

How to feed regex results of a query into another query?

My current Splunk regex query 10.66.189.62 -- -- -[17/May/2022:05:59:16--0400]--502- "POST /astra/sliceHTTP/1.1" re...

by Explorer in

Is it possible to add a condition in this relative time? Even with timepicker the result count doesn't change

hello I count events in a single panel from a relative time like below As you can see, I search only events bet...

by Motivator in

Are there any policy on Splunk would block REST API searches?

i am trying to search over REST API, seeing "All Time searches don't adhere to Splunk best practices" Error. Any pol...

by New Member in

Is it possible to run query returned from Rest?

I am working on something to return our alerts from rest functions. What I want to do is allow users to historically ...

by Explorer in

How to populate field values from one lookup table to another?

I am trying to pull two fields from the lookup_ims lookup table and depending on the user entered I want to populate ...

by Path Finder in

How to default stats to zero when no rows returned?

I have a query similar to the one below. index = "idx" source = "mysource" |spath path=myField output=res|stats ...

by Explorer in

How to adjust search to remove and add user to lookup table via dashboard?

I have created a dashboard that allows you to enter a user and their information then write all of it to a lookup tab...

by Path Finder in

How to search field from log1 in to match in log2 and display field in log1 and log2 in table?

Hello Everyone. I wonder if anyone could help me with a report I'm trying to make. Below is my sample logs form...

by Engager in

How to do a regex for break an url after the fourth slash?

hello I try to do a regex for break an url after the fourth slash https://xxxx/yyyy/test could you help plea...

by Motivator in

How to display data for every sunday of last 3 weeks in the given date and time range?

Say suppose we have data for the below date and time range, i want to pick only sunday's date and display the last 3 ...

by Explorer in

How to extract a field from my raw data using rex?

In my splunk logs, i have 2 IPs in 1 field name. I want to extract both IPs create a new field as IP1 & IP2. Pleas...

by Contributor in

How to rewrite the id with a type value of 2 to the id value with a type value of 1 for data with the same axid value?

Hi experts, Could you please advise me about SPL? Given the data below, I would like to rewrite the id with a t...

by Explorer in

How to create a search that will show other fields like dest_bunit with the port?

This search will display port numbers from the Endpoint datamodel | tstats 'summariesonly ' count from datamodel=E...

by Engager in

How to put a chart and a single value in a same row?

Hi, I have a chart to display value by time. Then I calculate the average of the value. I want to display the a...

by Communicator in

How to remove [] in Json format data?

I have a field properties.policies in json format field value: [{"fieldname":"fieldvalue","fieldname":"fieldvalu...

by Explorer in

Is there an easy way to remove a section of string from a field?

I want to get an alert and run it but there are items I wanted to remove. | rest "/servicesNS/-/-/saved/s...

by Explorer in

How to get token value and _time value from a single dropdown in a dashboard?

How can I pull 3 tokens from a single dropdown search? - I would like our users to select the case_idz, and have the ...

by Path Finder in

How to create a Splunk Allowlist Dashboard?

I am trying to create a dashboard for an allowlist. Basically the user should be able to fill in the required fields ...

by Path Finder in

How to Modify Field to exclude field not needed?

Hi,Can anyone help me how can I change the field of my query to exclude those with PRODUCED labelsquery: index...

by Explorer in

How to stats events for solving this problem please?

hello I stats events after 2 eventstats command like this | eventstats sum(netp) as "netp1" by site |...

by Motivator in

Invalid authorization - Code 3 - Why Splunk Zendesk Integration failing?

Hi All, I've stumbled on a very frustrating problem. I've created a HEC token to use in Zendesk so that Zend...

by Loves-to-Learn Everything in

Difference between lookup and search - i only want the unique value from the lookup that doesnt exist in the search

Hi All, I have a splunk query which i cannot get to work for the life of me: This is the search |inpu...

by Loves-to-Learn Everything in

Why is there no data being written to the _internal\_audit indexes?

Hello, After setting up a brand new standalone server (v 8.2.6) and migrating our data from another server, it see...

by Explorer in

How to change the number formatting to 2 decimals and multiply with 1000 for all fields except the fields with strings?

abcdefgxyz123456 My table looks like thatI need the following table abcdefgxyz1000.002000.003000.004000.0...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a Regex to search globally?

How to feed regex results of a query into another query?

Is it possible to add a condition in this relative time? Even with timepicker the result count doesn't change

Are there any policy on Splunk would block REST API searches?

Is it possible to run query returned from Rest?

How to populate field values from one lookup table to another?

How to default stats to zero when no rows returned?

How to adjust search to remove and add user to lookup table via dashboard?

How to search field from log1 in to match in log2 and display field in log1 and log2 in table?

How to do a regex for break an url after the fourth slash?

How to display data for every sunday of last 3 weeks in the given date and time range?

How to extract a field from my raw data using rex?

How to rewrite the id with a type value of 2 to the id value with a type value of 1 for data with the same axid value?

How to create a search that will show other fields like dest_bunit with the port?

How to put a chart and a single value in a same row?

How to remove [] in Json format data?

Is there an easy way to remove a section of string from a field?

How to get token value and _time value from a single dropdown in a dashboard?

How to create a Splunk Allowlist Dashboard?

How to Modify Field to exclude field not needed?

How to stats events for solving this problem please?

Invalid authorization - Code 3 - Why Splunk Zendesk Integration failing?

Difference between lookup and search - i only want the unique value from the lookup that doesnt exist in the search

Why is there no data being written to the _internal\_audit indexes?

How to change the number formatting to 2 decimals and multiply with 1000 for all fields except the fields with strings?

Video | Welcome Back to Smartness, Pedro

Detector Best Practices: Static Thresholds

Expert Tips from Splunk Education, Observability in Action, Plus More New Articles on ...

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown