Splunk Search

Community Activity

How to extract json fields from json inside single quotes? Hey I am having difficulties trying to extract fields from my splint logs. They are in the format of’{“field”: “value... by Alanshiau717 New Member in Splunk Search 12-09-2021 0 1	0	1
SEDCMD vs Transforms to mask data Hi,When we use sedcmd command to mask data it is Indexed time extractions and when we use transforms to mask data it ... by VijaySrrie Builder in Splunk Search 12-09-2021 0 2	0	2
Timezone offset causing blanks during conversion I have a date column that I'm trying to convert to %m/%d/%Y. The date stamp is a little complex but I got it to work ... by rhilderbrand1 Observer in Splunk Search 12-09-2021 0 4	0	4
Event breaking to middle text at index time Hello,I have some text I indexing, In the middle I have csv table, and some information at end, look like thisText te... by Dov1 Observer in Splunk Search 12-09-2021 0 1	0	1
Date Comparison with current date Hi, I am trying to display results in separate panels based on date fields in my dataset. I want to display results ... by rohankin New Member in Splunk Search 12-09-2021 0 4	0	4
Get the chart count by in the form of percentage Hey folks,I am trying to pull a result based on chart count by, I am also not sure if there is any other command whic... by bijodev1 Communicator in Splunk Search 12-09-2021 0 7	0	7
Extracting fields from _raw in Splunk Hi All,I'm trying to extract 2 fields from _raw but seems to be a bit of struggleI want to extract ERRTEXT and MSGXML... by ashraf_sj Explorer in Splunk Search 12-09-2021 0 3	0	3
add multiple spaces for fields hi i want to add multiple space for a fields i tried to use : \| eval fieldname1= fieldname2 . " " . field... by sfatnass Contributor in Splunk Search 12-09-2021 0 11	0	11
How to use Streamstats command with conditions added ? my tablular output contains columns/fields like,account_number \| colour \| team_name \| business_unitI am getting the ... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 3	0	3
How to de-aggregate the STATS result ? I have this query where I need to use stats to aggregate the results based on account_number. Now, some of the resul... by zacksoft_wf Contributor in Splunk Search 12-09-2021 0 4	0	4
How splunk search work HiI have 4 huge log file that ingest into the Splunk File1File2File3File4 Now i want to know when i search specific s... by indeed_2000 Motivator in Splunk Search 12-09-2021 0 1	0	1
Cluster Map doesnt show correct events Hello guys, I have a problem with the "Cluster Map" so I have add a log 2 weeks ago and when I do a search about the... by michel_wolf Path Finder in Splunk Search 12-08-2021 1 3	1	3
Setting sourcetype with a complex regex - transforms.conf I am using transforms.conf to pull the sourcetype from the source via a complex regex. It doesn't seem to be working,... by Jason Motivator in Splunk Search 12-08-2021 2 8	2	8
Enable/Disable indexing a debug log file on demand? Is there any easy way to enable/disable indexing of a debug log file so that it can be indexed only when needed? We h... by mwhitake78 Explorer in Splunk Search 12-08-2021 0 6	0	6
Passing a time restriction while using join Hello,I would like to ask, if it is possible to pass a time restriction to a subsearch of an join ? Unfortunately I d... by blablabla Path Finder in Splunk Search 12-08-2021 0 10	0	10
Distsearch.conf Hi,What are the 4 important attributes to be considered under distsearch.conf by VijaySrrie Builder in Splunk Search 12-08-2021 0 2	0	2
Data in source shows Y/N for fields investor, borrower, guarantor, benefic for each customer. How can I show pie chart? I have data in source which shows Y/N for fields investor, borrower, guarantor, benefic for each customer. Need to sh... by cadrija Path Finder in Splunk Search 12-08-2021 0 2	0	2
The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200' The search you ran returned a number of fields that exceeded the current indexed field extraction limit='200'To ensur... by jbanAtSplunk Communicator in Splunk Search 12-08-2021 0 0	0	0
How to count for each host Hi every one I have some difficulty to count my consumedHostUnits I have this commande : index="dynatrace_hp" \| searc... by incoghnito_1 Engager in Splunk Search 12-08-2021 0 2	0	2
need to update values of a lookup search by count Splunk Queryindex="abc" source=def[\| inputlookup ABC.csv \| table text_strings count \| rename text_strings as search]P... by pkharbanda1021 Engager in Splunk Search 12-07-2021 0 16	0	16
How to add a new column in table results Hi,I am providing sample data below:[2021-12-07 03:50:14,666] {<!-- -->{taskinstance.py:1532}} INFO - Marking task as FAILED.... by kapoorsumit2020 Loves-to-Learn Everything in Splunk Search 12-07-2021 0 2	0	2
Matching field values to text I have a base search:index=oswin EventCode=19 SourceName="Microsoft-Windows-WindowsUpdateClient" earliest=-10d Comput... by dsb6 Loves-to-Learn Lots in Splunk Search 12-07-2021 0 6	0	6
does OCI loggin addon work? Hi everyone, Recently, I have tried to install the OCI addon in a test enviroment but it does not work. According to ... by saraque Observer in Splunk Search 12-07-2021 0 0	0	0
Filtering substring content I have a search which looks at rare events in Windows Event Logs and provides output shown below.source="winevtlog:se... by RedHonda03 Explorer in Splunk Search 12-07-2021 0 1	0	1
how to display stats results by values(field) I am using the following query and trying to display the results using stats but count by field valuessearch query \| ... by pkharbanda1021 Engager in Splunk Search 12-07-2021 0 7	0	7