Splunk Search

Community Activity

Reduce the EVAL command SPL could someone who is SPL expert help me reduce this: \|eval dest=replace(dest, "dstdomain\|src\|any-of\|dst\|# ", ""), de... by youngsuh Contributor in Splunk Search 12-03-2021 0 3	0	3
Group log entries by a start line and end line containing a certain string I have somewhat of an unwieldy log file I'm trying to wrangle. Each log entry is contained between two lines like so:... by mikefisher New Member in Splunk Search 12-03-2021 0 1	0	1
Joining 2 sourcetypes by property value Hey all,I have 2 source types with the following propertiessource_1idvaluesource_2namedescriptionSo my events might l... by chrisdev Explorer in Splunk Search 12-03-2021 0 2	0	2
Inline/Uses Transform Field Extraction Hello,How would I implement inline or Uses Transform Field extraction (please see screenshot below) for following eve... by SplunkDash Motivator in Splunk Search 12-03-2021 0 7	0	7
I defined a field extraction, but why is the field not getting listed under interesting fields on the search results page? Hi, I am facing issues with the use of extracted fields. I intend to create a timechart with the extracted values. I... by SplunkNoviceUse Explorer in Splunk Search 12-03-2021 0 5	0	5
How can I pair search results from two different queries where only time is different? I have a query where I get "STARTED" and "FINISHED" status events for the same methods.e.g.index IN (private public) ... by plajcsi Engager in Splunk Search 12-03-2021 0 2	0	2
Syslog search I'm new to splunk, how can I import syslog from my local computer to splunk? - when i search it says it can be done v... by pofudukhamsi Loves-to-Learn in Splunk Search 12-03-2021 0 1	0	1
How to join two sources with common one common field ? I have sourcetype A that has info about service_accounts such as name, AU, email , full_name, manager_name.But some o... by zacksoft_wf Contributor in Splunk Search 12-03-2021 0 22	0	22
Can I change the line colors in a timechart by setting color codes? Basically the chart is showing blue & green lines, but user needs more distinguishing color. Like Red & Blue. by cadrija Path Finder in Splunk Search 12-03-2021 0 2	0	2
How to use inputlookup to search for matches in a .csv file Hello, I have a need to run a search for MAC OUI matches against a .csv file containing 1000+ MAC OUIs? Can anyone pr... by Splunkster21 New Member in Splunk Search 12-03-2021 0 2	0	2
Extracting fields from Source (Index Time v/s Search Time) Hello,We are including the Pod Namespace and Pod Name in the Log Source (for K8s deployments) and would like these fi... by srikarmohan Observer in Splunk Search 12-03-2021 0 2	0	2
Field Extraction from complex events Hello,I have some issues extracting fields from the following raw event. I should be getting following fileds from th... by SplunkDash Motivator in Splunk Search 12-02-2021 0 5	0	5
specific field extraction from _raw event data/message I have event data from the search result in format as shown in the image, now I want to extract the following fields ... by ssamant007 Explorer in Splunk Search 12-02-2021 0 5	0	5
How to set a standard set for span values I have a dhasboard which should show buckets with number of machines by span of time. Machine A to F is used for 2 mi... by psmp Explorer in Splunk Search 12-02-2021 0 3	0	3
Parsing results of periodical directory dumps over time into a chart hi there!We have a daly push from Google over to our Splunk instance that provides directory information around total... by daryllj Path Finder in Splunk Search 12-02-2021 0 2	0	2
Parsing Results with spaces I have this output from a field, with a lot of blank spaces, what would it be the best way to convert this data into... by jaydiare Explorer in Splunk Search 12-02-2021 0 7	0	7
Monitor CPU, RAM, DISK, INBOUND and OUTBOUND NETWORK TRAFIC of forwarders Hello,I am posting here to know if anyone of you have an idea about the queries i have to search in order to save the... by israbenbr Explorer in Splunk Search 12-02-2021 0 9	0	9
space in values does not filter data I have data coming in where I have a field called Result which holds data as below1) "FAIL"2) " FAIL "3) "PASS"4) " P... by koreamit3483 Explorer in Splunk Search 12-02-2021 0 3	0	3
Extraction skipping within the value Hello all, I am trying to extract a field from the below event and the extraction is missing the last part of the fie... by srinivas_gowda Path Finder in Splunk Search 12-02-2021 0 1	0	1
Filter the results of the main search based on the field values from the subsearch. I have 2 independent queries run on 2 different index that give me a list of requestIds. I want to filter/not includ... by pkakodkar Loves-to-Learn in Splunk Search 12-02-2021 0 3	0	3
Distinct values Hello I am running a * search in an app and it returns several columns in the csv extract where a column is named 'so... by SplnkUse Path Finder in Splunk Search 12-02-2021 0 2	0	2
How to Formulate an if Function for a Simple Math Problem Hi There, I am probably making this more confusing for myself than it needs to be, but its a simple concept. Here is... by MeMilo09 Path Finder in Splunk Search 12-01-2021 0 1	0	1
eval with wildcard I am trying to use an eval but there is a wildcard so I noticed this does not work. Ho can I get this to work? I trie... by Mike6960 Path Finder in Splunk Search 12-01-2021 0 6	0	6
What does the action "sendmn" refer to? I'm running this search: \| rest/servicesNS/-/-/saved/searches \| search disabled=0 AND is_scheduled=1 AND eai:acl.sha... by CMSchelin Path Finder in Splunk Search 12-01-2021 2 1	2	1
Email from Splunk I have splunk search - index=cloud EventName: "Error Occurred" XChangeToSalesForce \| rename message as "Message" _tim... by viksvig Loves-to-Learn Lots in Splunk Search 12-01-2021 0 8	0	8