Splunk Search

Ask a Question

Discussions

Thread Info

Extract username with dash (-) Field from event

Hello Everyone, I'm trying to extract usernames from the logs of a proftpd. An event looks like this: 2021-...

by Loves-to-Learn in

Data model in custom search

Hi all, I have a doubt regarding the datamodel use. In Splunk Foundamentals 2 course, I got what Data Models is a...

by Path Finder in

Query return Zero Events

Hi All, I have query which return all the events for two Hybris pods. When I am using stats it shows the number of ...

by Loves-to-Learn Lots in

Convert multi values to different row entries

10.40.x.x10.4.x.x13.x.x.xKB: Windows aXXXXfield3 Apply Security XXX.serveruserserver I have a table output of...

by Engager in

How to loop through the record to get the diff between them

Hi there, I am trying to diff the new version against the one version older record and extract the diff from them. ...

by Explorer in

How to search for an event that has not occurred in 1 day

Hello All, Anyone out there know how I can search for an event that is supposed to occur within 24 hours but has no...

by Path Finder in

How to filter time through where clause

Hello All, Thought I had this down, but not quite. So here is the scenario. I have two Fields 1. "Sent Invite Tim...

by Path Finder in

How to use rex on a QR String to cut out a part that I want

I have a QR String that when put in our custom QR divider can took it apart nicely. But I can't use the field extract...

by Communicator in

Multivalue field which contains the string "data:" cause the UI to display all values as a single line

Took some trial and error to figure out why some multivalue fields were being displayed as a single line. If the st...

by Motivator in

Search in single table with multiple stats

Hello, I am having logs in splunk in below manner. timestamp "LOGGER= PAGE NAME1 Other text"timestamp "LOGGER= PA...

by Engager in

The following join field(s) do not exist in the data '_time'

I've upgraded from splunk 8.0.3 to 8.2.2, and now i'm getting errors for my metrics query. This used to work: | ...

by Explorer in

Help with regex needed

Hello, We have Django logs in following format: 11/15/2021 08:34:38 [INFO - 171 ] - [tenant_move.py] - [STOP_...

by Builder in

Extract the list of Dasboards -> their Panels -> Search Queries used in Panels

Hi, Can we get list of Total Dashboards used in Splunk Environment followed by Number of Panel name and search quer...

by Explorer in

Group data on a query which results in table data after multiple splits.

I have a query which results in to a table data. I want to group the data and the count column should sum of groupe...

by Engager in

calculate total duration

Hi How can I calculate duration of below log: 2021-07-15 00:00:01,869 INFO CUS.AbCD-AppService1-1234567 [AppL...

by Motivator in

Do i have to use a join in mstats?

@sideview Hi Nick I am using a join with mstat, but i am hoping that i dont have to. However, i cant crack it ...

by Influencer in

Splunk query with multiple for subsearches

Hi Team, @DalJeanis I am trying to achieve below splunk search query to find out all the errors that are cau...

by Observer in

HOW TO GET FULL NAME USING REGEX FROM RAW DATA

HelloHow i can get the full name from log ie. Name=Busaram Manjraji am trying with this regex |rex field=-_raw "(?<Na...

by Path Finder in

Finding time (in days) that server has not been patched for a critical vulnerability

Thanks in advance for any help. I'm trying to find the days that a Device has not been patched for Critical Severit...

by Explorer in

Extracting a number a my query not working

Hi i have a log like this Elapsed time: prediction timer 0.1953 seconds and i created a rex like this rex "El...

by New Member in

How to retrieve specific timestamps for specific values ?

Hello everyone, I am currently developing a use case in which I have the below info: UsernameUser StatusUser ...

by Observer in

Any suggestion for my Legend behavior? what can I do?

Hi Folks,I have a bar chart where I have more then one bars and legends for a single day, If I click on a single bar ...

by Explorer in

unusual activity

Hi I have an issue that Splunk might be help to solve it. Here is scenario: Need to find unusual send and recei...

by Motivator in

splunk integration on ocp

Hello Team, I am new to splunk and we have integrated splunk with OCP logs. I am able to see the logs but not sur...

by Engager in

Matching event results to a lookup field with a wildcard.

Hello! I'm trying to build out a lookup of services on specific servers that I want to know when they've stoppe...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract username with dash (-) Field from event

Data model in custom search

Query return Zero Events

Convert multi values to different row entries

How to loop through the record to get the diff between them

How to search for an event that has not occurred in 1 day

How to filter time through where clause

How to use rex on a QR String to cut out a part that I want

Multivalue field which contains the string "data:" cause the UI to display all values as a single line

Search in single table with multiple stats

The following join field(s) do not exist in the data '_time'

Help with regex needed

Extract the list of Dasboards -> their Panels -> Search Queries used in Panels

Group data on a query which results in table data after multiple splits.

calculate total duration

Do i have to use a join in mstats?

Splunk query with multiple for subsearches

HOW TO GET FULL NAME USING REGEX FROM RAW DATA

Finding time (in days) that server has not been patched for a critical vulnerability

Extracting a number a my query not working

How to retrieve specific timestamps for specific values ?

Any suggestion for my Legend behavior? what can I do?

unusual activity

splunk integration on ocp

Matching event results to a lookup field with a wildcard.

Enterprise Security Content Update (ESCU) | New Releases

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Combining multiple text strings and fields into on...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static