Splunk Search

Community Activity

How to get a field extraction of a field extraction within one regex? Hi there, so I have a line of log like this: http://some.url/path/?param=x,y,z So I want to extract a field "extract... by Marco204 Explorer in Splunk Search 03-03-2022 0 2	0	2
How to display a field ending with the same alphabet I have a field(eventCode) which has a code values, and few of them ends with certain alphabets , I want to extract o... by BT Path Finder in Splunk Search 03-03-2022 0 2	0	2
Regular Expression extract beginning and end of string- What am I missing? Hello, I have a situation where I am trying to pull from within a field the nomenclature of ABC-1234-56-7890 but want... by rhenry Explorer in Splunk Search 03-03-2022 0 5	0	5
Why am I receiving this license error? Hi Splunk team, I have a question when I search in Splunk console. I got an issue as below: Error in 'litsearch' com... by zhoayang Engager in Splunk Search 03-03-2022 0 7	0	7
Why converting hex doesn't work for 1 alert? [solved] EDIT: Solved. Used regex to target the printable portion first then converted to ascii For a couple dashboards, I'm u... by dantose Explorer in Splunk Search 03-03-2022 0 4	0	4
How to make presets as default in Splunk Cloud Default Time Picker? In Splunk Cloud, when I go to change the time picker it brings up relative options. It used to bring up presets. Ho... by sbgoldberg13 Explorer in Splunk Search 03-03-2022 0 1	0	1
How to sort this multi-value fields based on the latest timestamp and status? Hi Splunkers, I need help on how to sort this multi-value fields based on the latest timestamp and status. Here's my ... by kelz Explorer in Splunk Search 03-03-2022 0 2	0	2
PROPS Configuration with CSV Header- Requesting feedback and if there is a way to change field name Hello, I have CSV (with epoch time) source files (file with a few sample events given below) with header info. I wrot... by SplunkDash Motivator in Splunk Search 03-03-2022 0 1	0	1
Why is aggregating by custom Salesforce fields not working? I'm not sure if I'm missing something simple or not, but I've got event logs from my Salesforce instance fed in, as w... by arist0telis Explorer in Splunk Search 03-03-2022 0 0	0	0
How to count and compare the max amount of used different devices each day by groups for a week? Hello,I try to count and compare the max amount of used different devices each day by groups for a week with the maxi... by lemontree1 Explorer in Splunk Search 03-03-2022 0 4	0	4
Removing certain results from reports I'm attempting to extract statistics of user logins from a custom log format and create a bar chart. I have users A, ... by Sheela Path Finder in Splunk Search 03-03-2022 2 7	2	7
How to use Subsearch to achieve this ? I have 2 Splunk SPLs=====================index=computer_admin source=admin_priv sourcetype=prive:db account_name=admi... by zacksoft_wf Contributor in Splunk Search 03-03-2022 0 5	0	5
Help with temp tables and variables New to splunk and been struggling manipulating search results into a final result that I am looking for. In powershel... by AK89 Explorer in Splunk Search 03-03-2022 0 3	0	3
SPL: How to calculate the average user events per unique user, per day over a 14 day period (exclude weekends)? All, I need some help on a problem I am trying to solve. Problem: I need to calculate the average user events per uni... by mjuestel2 Path Finder in Splunk Search 03-03-2022 0 3	0	3
Compare results from two separat search results I have two separate searches that provides me the same data field in two different fieldds. I want to identify the co... by Tika Explorer in Splunk Search 03-03-2022 0 1	0	1
How to find number of events, size (in GB), and frequencies of ingestion? Hello, are there any queries we can use to find the Total Number of Events, Total Size/Volume (in GB) of Data, Freque... by SplunkDash Motivator in Splunk Search 03-02-2022 0 9	0	9
How to add hyperlinks for column values in table? If col A contains a b c d e f, I want a separate link to be opened for each value. E.g If the user click on "a", it ... by srinivasiyer New Member in Splunk Search 03-02-2022 0 2	0	2
Conditional regex help: How to capture two groups if they have an "exclusion type"? hi everyone, i'm trying to parse json inline. i'm using kv mode= json already but i'm trying to achieve selective gr... by sdee1013 Loves-to-Learn in Splunk Search 03-02-2022 0 5	0	5
How to capture in chart? Hello I have a table I want this I am not sure which tool (chart, table anything else) and arguments would be best ... by FcwfCW76 Explorer in Splunk Search 03-02-2022 0 2	0	2
Why is my alert report only showing the first result of every row? I have this table and I'm trying to send it as a report/alert every morning to our teams chat group This is how it... by sphiwee Contributor in Splunk Search 03-02-2022 0 0	0	0
help to change the chart label size HiI use this CSS code in order to enlarge the size of the data values in the bars chartNow I also need to enlarge the... by jip31 Motivator in Splunk Search 03-02-2022 0 4	0	4
How to get stats max count of a field by another field? Hi There, I am looking to produce an output where the field with maximum count is display based on another field. for... by bijodev1 Communicator in Splunk Search 03-02-2022 0 3	0	3
How to create a Splunk query to more easily narrow down the exact page where a device ID reset occurred? Here is the SPL: index=name reqHost="host" \| rex field=cookie "care_did=(?<care_did>[a-z0-9-]+)" \| rex field=cookie... by msmith58 Explorer in Splunk Search 03-02-2022 0 5	0	5
help to solve a different syntax field between a lookup and a main search hiI use a lookup with a field corresponding to a site name\| inputlookup site.csv \| search site=paris In this lookup... by jip31 Motivator in Splunk Search 03-02-2022 0 2	0	2
How to access a lookup created in one app in another? Hi All, Splunk Enterprise 8.2.4 Clustered I have an issue where I have an existing app with a lookup listing all devi... by mscomms Path Finder in Splunk Search 03-02-2022 0 12	0	12