Splunk Search

Community Activity

How to fix Splunk from incorrectly extracting hostname field in syslog events? Hi there, we have an issue with hostname extraction from syslog events. Normaly the extraction works fine, but for ... by krusty Contributor in Splunk Search 07-17-2021 0 7	0	7
Enrichment with sub-search in a certain time period by using index Hi Folks,I am trying to enrich my search with subsearch in the same time bucket/bin. The search can be found below.De... by splunkerer Path Finder in Splunk Search 07-17-2021 0 1	0	1
Mulit lookup with same event-field, lookup-destfield and event-destfield Hi AllI'm new on splunk and have following problem.We need data from a table depending on the value of a variable. Fo... by Lukas85 New Member in Splunk Search 07-17-2021 0 1	0	1
Rex syntax to define result data Hello, I am looking to clean up the result data from a Splunk query.How do I remove all the text prior to the user na... by jsturgeon New Member in Splunk Search 07-16-2021 0 1	0	1
Splunk ES and Correlation searches Hello Splunkers.I'm working on some of the usecases on ES and one of the request that I've got from my upper manageme... by revanthammineni Path Finder in Splunk Search 07-16-2021 0 2	0	2
Need to remove duplicate data We have 3 different (Active,Closed,Resolved) records for same Incident and we need to retrieve only Active incident r... by shashi584 Explorer in Splunk Search 07-16-2021 0 6	0	6
search different index I have 3 different indexes and they asked me to search by document number.The structure of the logs is different inc... by splunkcol Builder in Splunk Search 07-16-2021 0 2	0	2
Datamodel acceleration date range forced to last month Hi, i need help with some datamodel acceleration issues in CIM.The problem is that i accelerated a datamodel with 1y ... by joshiro Communicator in Splunk Search 07-16-2021 0 3	0	3
Need to pull IP from Message field Hey all, I'm trying to separate out the IP address (Source Network Address:) from the Windows event Message field. I'... by radalliance Engager in Splunk Search 07-16-2021 0 3	0	3
How to extract value from log events with type as json object or json array?? Our event log has request and response. Request and response body can either be a json object or json array. I need t... by bhavika100 Explorer in Splunk Search 07-16-2021 0 5	0	5
Several email distribution lists on alert Hi Splunk Community.I have an alert, which runs a query regularly, for example hourly 247365. If the alert is trigg... by mdzmuran Observer in Splunk Search 07-16-2021 0 3	0	3
Grouping URLs by their path variable pattern I need to do an analysis on API calls using logs, like avg, min, max, percentile99, percentil95, percentile99 respons... by kronite13 Explorer in Splunk Search 07-16-2021 1 6	1	6
How to interpret the asterisk as a wildcard in a join left? I have an index where one of the relevant fields is a domain. This index is used in a search in a dashboard, where I ... by JChris_ Path Finder in Splunk Search 07-16-2021 0 5	0	5
Skipped searches Hello, communityWhat's skipped search? Do I understand correctly that it's a search which finished with error?How can... by bosseres Contributor in Splunk Search 07-16-2021 0 2	0	2
percentile total transactions in IIS Hello,I am trying to get the Perc99 and Perc95 from the total transaction in IIS which the bellow search: source="C:\... by joe06031990 Communicator in Splunk Search 07-15-2021 0 3	0	3
1% slowest requests in terms of response time Good morning,I am looking on generating a search to find the 1% slowest requests from IIS logs however I am not sure ... by joe06031990 Communicator in Splunk Search 07-15-2021 0 0	0	0
How to fix Could not load lookup=LOOKUP-cisco_asa_* in Splunk Cloud Every time I search, I get errors:Could not load lookup=LOOKUP-cisco_asa_change_analysisCould not load lookup=LOOKUP-... by dipocket_org Engager in Splunk Search 07-15-2021 0 2	0	2
rex extraction user & module HiHere is my log, what is the rex for extract "0000A0@#0000" and "mymodulename" 2021-07-14 23:59:05,185 INFO [APP] Us... by indeed_2000 Motivator in Splunk Search 07-15-2021 0 8	0	8
Quoting values and CSV export If I run this search I generate two numeric fields, one called number the other called decimal \| makeresults 1 \| eva... by benton Path Finder in Splunk Search 07-15-2021 0 7	0	7
rex for source target Hihere is my log:2020-01-19 13:20:15,093 INFO ABC.InEE-Product-00000 [MyProcessor] Detail Packet: M[000] T[111] P[0A0... by indeed_2000 Motivator in Splunk Search 07-15-2021 0 2	0	2
Prop Conf for CSV input data Hello,Please let me know how I would write Props Configuration file for this csv file. Segment of sample data for thi... by SplunkDash Motivator in Splunk Search 07-15-2021 0 5	0	5
How to filter time AFTER timechart using relative time Hello!I have a search with timechart that I need to filter time AFTER the timechart based on the current time. I've ... by msyparker Explorer in Splunk Search 07-15-2021 0 2	0	2
How do I search for a complete list of all the Apps on my Deployment server ? Without the Built In apps. How do I search for a complete list of all the Apps on my Deployment server ? If possible Excluding the Built In apps... by SamHTexas Builder in Splunk Search 07-15-2021 0 1	0	1
Run a for loop in splunk to look at a dynamic list I have a user that is asking me to look at the file hashes of every file that some into splunk across today and yeste... by mybestfriendbob Explorer in Splunk Search 07-15-2021 0 2	0	2
Exclude 'default'/'system' fields in `table ` I've got a JSON event that I like to tabulate by using `index=myindex \| table `When I do this though it includes som... by henricook New Member in Splunk Search 07-15-2021 0 1	0	1