Splunk Search

Community Activity

	Field extraction from a Windows log Hi Splunkers, I have prepared a regex extraction using regex101 site, and now trying to extract "Failure Reason" as p... by vagnet Explorer in Splunk Search 10-29-2021 0 5	0	5
	How do you use timewarp in specific? Let's say I have this query index = x \|stats count as Total, sum(AMMOUNT) as TAmmount BY MERCHANT, SUBMERCHANT I wan... by phamxuantung Communicator in Splunk Search 10-29-2021 0 2	0	2
	Extract count of each value of a field and create a timechart from it using stats I have a field "skill" which takes multiple values:I want to extract the count of each of the values of skill and sto... by priyangshupal Engager in Splunk Search 10-29-2021 0 4	0	4
	Insert Timerange picker value in query Hi, I want to insert Timerange picker value like $time$ in my query for a Dynamic input. Requesting help with the que... by noman377 Explorer in Splunk Search 10-29-2021 0 2	0	2
	SPL: Use regex replacement string multiple times Hello *,I am looking for an SPL that reads the first part of a string via regex and replaces all occurrences of a cer... by _Tom Explorer in Splunk Search 10-29-2021 0 3	0	3
	Match IP address with IP in Lookup table and alert Hello, We are using ES and we have a lookup file downloaded which has a mix of standalone ip's and CIDRs/Subnets/. ... by neerajs_81 Builder in Splunk Search 10-29-2021 0 5	0	5
	Error: Cannot expand lookup field due to a reference cycle in the lookup configuration OK, this is oddSearch: index=myindexWorks and returns a field "Name", happily listing all values of Name as expectedH... by anapp Explorer in Splunk Search 10-29-2021 0 2	0	2
	rex field? - extraction Hi,I want to extract the following term from this message: (MaRSEPbac, [MaRSEPbac_Old2], [MaRSEPbac])that means the s... by André Engager in Splunk Search 10-29-2021 0 3	0	3
	rename row1 after transpose hi team, as titled, how to rename 'row1' to 'number' after transpose. I tried rename and replace, but doesn't work. by cheriemilk Path Finder in Splunk Search 10-28-2021 0 2	0	2
	Extracting Account Name: Oct 28 20:08:57 XXX.XXX.com Microsoft-Windows-Security-Auditing[4]: EventID: 4663 An attempt was made to access an ob... by wkbevill Engager in Splunk Search 10-28-2021 0 2	0	2
	Why is this "earliest" not working? index=myindex \| eval createdepoch = strptime(created, "%Y-%m-%d")\| eval _time = createdepoch\| search earliest=-90d@d ... by zachsisinst Explorer in Splunk Search 10-28-2021 0 1	0	1
	Convert point in time events to timeseries with Data points I have the following data. That I am trying to convert to a time series by Type with the last Status brought forward.... by SplunkNs231 Engager in Splunk Search 10-28-2021 0 1	0	1
	rex operation -- Regex: syntax error in subpattern name (missing terminator) Hi,I'm continuously receiving the error Regex: syntax error in subpattern name (missing terminator) when attempting t... by apalmier New Member in Splunk Search 10-28-2021 0 2	0	2
	how to exclude the subsearch result from main search hello,Can anyone tell me how to exclude the subsearch result from main search?I want to exclude the result that faile... by ycho1 Explorer in Splunk Search 10-28-2021 0 4	0	4
	Evalaute field from different areas Hi, I would like to determine a field from different areas of a log. eg see below for my expectations. Note: You can ... by vgodavarty0116 Engager in Splunk Search 10-28-2021 0 1	0	1
	Calculate sum of duration for Sub calls I have data in the following structure received for every event. Some events have just one or two sub calls and some ... by rajkskumar Explorer in Splunk Search 10-28-2021 0 0	0	0
	How to add new data in lookup from SPL query output ? My lookUp is a KV Store lookup. It has three column 'is_active' , 'user', 'robot'.I have a SPL query that gives me ... by zacksoft_wf Contributor in Splunk Search 10-28-2021 0 3	0	3
	Account deleted query \| datamodel "Change_Analysis" "Account_Management" search \| where 'All_Changes.tag'="delete" AND 'All_Changes.user'!=... by cyber_Maddy Engager in Splunk Search 10-27-2021 0 1	0	1
	Can you use an if statement for the value of two different fields? Hello,I'm a bit new to Splunk, so I'm still learning.I have created two fields, an opscounter, and a deopcounter. The... by jacsilva Observer in Splunk Search 10-27-2021 0 4	0	4
	Regex expression to extract fields I have two fields below that show up in our log files. I used Splunk tool to create the Regex to extract the fields ... by cgbsplunk Explorer in Splunk Search 10-27-2021 0 5	0	5
	mvexpand multi-value fields when not null Hi all. I'm trying to create a table from AWS WAF logs. There is a section of the log that is called ruleGroupList{... by khenson Engager in Splunk Search 10-27-2021 0 0	0	0
	Search help - find total sum of lengths of array My current search returns a series of events like: {'field1' : {'field2' : [obj1, obj2, obj3]}}{'field1' : {'field2' ... by ys2119 Loves-to-Learn in Splunk Search 10-27-2021 0 3	0	3
	Filtering out HTTP/1.1 200 logs from being forwarded to splunk. Hi,We have a large amount of data in /opt/app/axtract_fe1/var/log/apache2/main_collector_access-*.log file, and we do... by ssoftility Loves-to-Learn in Splunk Search 10-27-2021 0 1	0	1
	command "where" not working the "where" command checks only one condition doesn't work like thatmy search:. . . . \| where NOT (id_old = id OR use... by gitingua Communicator in Splunk Search 10-27-2021 0 9	0	9
	How do I properly configure schedule search/cron/alert times? This question is based on a comment from @woodcock on this post: https://community.splunk.com/t5/Splunk-Search/Why-ar... by jackjack Path Finder in Splunk Search 10-27-2021 0 1	0	1