Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Field Extraction : regex works fine with search using "rex" command but not with Field extraction

Hello, I'm trying to analyze WatchGuard firewall logs received by Splunk using syslog on udp 514 port. I was able...

by Explorer in

Issue with regex and 'positive lookbehind'

Hi, I'm kind of new on the Splunk world and I'm trying to create new extraction field. Here are two examples ...

by Explorer in

field extraction

Hi , I need help in the below, There is a description column, which has like Description process_1_details :...

by Path Finder in

how to perform a search that has the result of another search as input

Hi,i can't do a search on Splunk where the values are the result of another search.I search:index = summary | searc...

by Communicator in

overall sum and aggregate sum

command: search.... | eval effort=exact(21+31+61+1103+7306+7505+15105+15106+15122)| table tag,effort,16910,21,31,...

by Path Finder in

How to use a rex field in another search

I am trying the following query. However, activityId is not being passed to the second query and I am not having any ...

by Explorer in

How to define a source type

I have a requirement to add new data format to splunk . Below is the sample data . If i want to setup a new sourcetyp...

by Explorer in

How to prevent values from appearing twice in a single cell of a table

Hello Everyone I hope you are safe and sound, I'm extracting values from events that come in a Json format and afte...

by Communicator in

Combine 2 searches to get Success and Failure Rate

Hi, I am working on a requirement where I have write an alert based on the failure rate percentage of a service. Let'...

by Path Finder in

Table Field Actions - Workflow actions

Hello, I wanted to change the actions or add a new action for the context menu of a field inside a log row. My firs...

by Loves-to-Learn Lots in

Create a Timechart to compare values from computation using multisearch and after stats

Hello guys I am trying to create a timechart in my dashboard where I can show the percentage of people that enter my...

by Communicator in

Sub Search for Spath or rex commands

Hello,I am trying to use sub search to extract fields from my JSON logs. I tried with spath and also with Rex comman...

by Observer in

.

by Loves-to-Learn in

How can I Find what system or host a user is currently logged in to?

Hi, I am very new to Splunk. I searched for this but, could not find a match.. Is it possible to find what syst...

by Observer in

Subsearch Join with a where clause <= comparison to field from main search

I have a problem I'm trying to solve in a subsearch query. The problem I'm trying to solve, is to monitor when two ...

by New Member in

searching issue

Hi Guys, We have this query which will give the output as a table with 3 columns in it by name Serv...

by Explorer in

Search w/Inputlookup Subsearch Not Working

Hello Experts, I am new to Splunk and trying to get a search query with subsearch to work. Here is what I have so f...

by Explorer in

how to get data as per _time when count is 0

index=dummy <mySearchCondition>| search response_code1!=200| stats count when i search for this query i get outp...

by Path Finder in

Adding field to event without altering existing field

I have an index that have a field called ISSUER_NAME, but now we have a new set of events (different log structure) t...

by Communicator in

Different type of parcing in a single index

The requirement is, there is a single index . Data in three different format and there is an InputType coming in the ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field Extraction : regex works fine with search using "rex" command but not with Field extraction

Issue with regex and 'positive lookbehind'

field extraction

how to perform a search that has the result of another search as input

overall sum and aggregate sum

How to use a rex field in another search

How to define a source type

How to prevent values from appearing twice in a single cell of a table

Combine 2 searches to get Success and Failure Rate

Table Field Actions - Workflow actions

Create a Timechart to compare values from computation using multisearch and after stats

Sub Search for Spath or rex commands

.

How can I Find what system or host a user is currently logged in to?

Subsearch Join with a where clause <= comparison to field from main search

searching issue

Search w/Inputlookup Subsearch Not Working

how to get data as per _time when count is 0

Adding field to event without altering existing field

Different type of parcing in a single index

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?