Splunk Search

Community Activity

Why am I unable to search in field? Hello All, I have a problem with my search. The following search works: index=test_index sourcetype=test_sourcetype... by karina25 Engager in Splunk Search 07-04-2022 0 2	0	2
How to remove unwanted row base on condition of column data? Hi, I am new in Splunk, if I want to remove the display of all column field for T9_LotID_LaneA,T9_LotID_LaneB,T9_Lot... by 324981 Explorer in Splunk Search 07-03-2022 0 5	0	5
How to compare logs from two different sources and create a table out of it? Hi All, I have two set of logs in two different sources in splunk, one containing the predefined list of VPNs and Que... by Mrig342 Contributor in Splunk Search 07-02-2022 0 3	0	3
Search for a field not containing a specific pattern. I have two indexed fields, FieldX and FieldY. I want to search for all instances of FieldX that contain 'ABC' where F... by tdismukes Engager in Splunk Search 07-02-2022 2 7	2	7
How to List records where a field contains a specific string? I have an index: an_index , there's a field with URLs - URL/folder/folder I only want to list the records that cont... by nlxtasy69 Engager in Splunk Search 07-02-2022 0 4	0	4
How to extract mutiple value from json Hi,I want to extract judgments to a fields from "37.0.10.15" and "47.105.153.104",Is there any way it can do that?{"d... by zhenqi Explorer in Splunk Search 07-02-2022 0 4	0	4
Where did the test data go in the SPL tutorial? In going through the SplunkCloud SPL tutorial, we are told to upload California drought data into Splunk, and we crea... by SplunkAdmin69 Engager in Splunk Search 07-01-2022 0 5	0	5
Why does predict command not predict? Hi everyone, i need help to understand why i'm wrong and how to fix the problem. I've a lookup table in which is stor... by perryd Engager in Splunk Search 07-01-2022 0 4	0	4
How to Count multiple fields in histogram? I have rows in the form: IDField1Field2Field3 And I would like to create a histogram that shows the values of all t... by rpecka Explorer in Splunk Search 07-01-2022 0 3	0	3
How to trigger an alert when a metric is wrong on 3 consecutive spans? Hi everyone, I have a search on approval success rates : stats count as TOTAL,count(eval(criteria)) as APPROVED \| eva... by FBachelin Engager in Splunk Search 07-01-2022 0 3	0	3
Help with JSON regex replace Command:rex mode=sed "s/\"name":\s\"[^\"]+\"/"name":"###############"/g"Regex seems to work fine in Regex101 However,... by ballen1 Explorer in Splunk Search 07-01-2022 0 4	0	4
How to expand/extract multivalue fields line by line? Hi!I have 3 multivalue fields (max. 3 values per field) and I want to expand/extract them to single values. Data look... by timo258 Explorer in Splunk Search 07-01-2022 0 8	0	8
Could someone help me with this regex? Can someone help me pull out these data points:cw.pptx;text.html;text.txtI need it to split at the ; mark but have th... by Italy1358 Path Finder in Splunk Search 07-01-2022 0 1	0	1
How to use addcoltotals base on one column or count the total on a accumulate result Hello,I have an alert that output a csv file that look like thisPersonNumber_of_loginLogin_failPerson A1 Person B62Pe... by phamxuantung Communicator in Splunk Search 07-01-2022 0 3	0	3
How to match string in multi value field? Hi experts, I have a filed called names as shown below, if i search with first line of strings then search returning ... by james_n Path Finder in Splunk Search 07-01-2022 0 4	0	4
How to use a columns value as a key to a different column for my results id like to output? I have two columns per event I am trying to use. Well call these col1 and UknownRandomColumnName (urcn for short... by zsaf Explorer in Splunk Search 07-01-2022 0 5	0	5
How to achieve a query for two events based on intersection of common value - without using join? I want to run a query where: 1. Query1 returns resultset1containing myEvent1.uid 2. Query2 returns resultset2 contain... by lmonahan Path Finder in Splunk Search 06-30-2022 0 2	0	2
Why are we having an appendcols issue? There is something wrong with the data output by using apendcols. The data of Total_Actual is blank from 02-2022. But... by simon1524 Explorer in Splunk Search 06-30-2022 0 2	0	2
How to join with one key but multiple results? Hi I have a table similar to this: Brand ID_EMP Nike 123 Adidas 456 Lotto 123 other table like this: code name 123 ... by fereze Engager in Splunk Search 06-30-2022 0 1	0	1
Bucket and eval result to percentage calculation Greetings Community ExpertsI have a group of devices that each should report state to a portal every 10 seconds. If a... by Seawheels51 Path Finder in Splunk Search 06-30-2022 0 1	0	1
How to fetch REQUEST and RESPONSE events based on clientIP mentioned in third event of HEADER? 2022-06-12 21:51:42.274 threadId=L4C9D6WIYK2K eventType="RESPONSE" data="<TestRQ>sometestdata</TestRQ>"2022-06-12 21:... by dmuley Explorer in Splunk Search 06-30-2022 0 4	0	4
The "ltrim" problem Hi Everyone, There's a small problem I'm having while using the ltrim function.Query: \| makeresults \| eval username="... by sajalbansal2 Explorer in Splunk Search 06-30-2022 0 2	0	2
How to return a rex field from a subquery? Hi, I would like to return the rex "field" from a subquery so I can print it out. How do I do that?index=... "some te... by Splunkee Loves-to-Learn in Splunk Search 06-30-2022 0 8	0	8
Is there a command that I can add to the search query in order to pass the results to the index? Hello, I have a question regarding the indexing of search results. So, I have an alert that's currently active perfor... by splunknoob2 Observer in Splunk Search 06-30-2022 0 3	0	3
Help with Logic of Compound Subsearch with inputlookup I'm struggling to create a search using an inputlookup and multiple NOT searches. Background: I have an inputlookup t... by lboro_garyp Path Finder in Splunk Search 06-30-2022 0 3	0	3