Splunk Search

Community Activity

Remove double quotes and slashes from the field i am having field like this below. message :"{"\payement":"xxx", "\account:" xxx"}" I want the first and last q... by Rukmani_Splunk Path Finder in Splunk Search 07-08-2021 0 4	0	4
Microsoft Office 365 Reporting Add-on not obeying interval configuration Hi, we are using version 1.2.4 on Splunk 7.3.7, and we noticed our interval setting of (interval=600 / 10 mins) is no... by becksyboy Contributor in Splunk Search 07-08-2021 0 4	0	4
syslogs for network equipments to forward syslog to splunk indexer Greetings!! I would like to ask about Syslog logs for network devices, I have added new network devices by doing co... by pacifikn Communicator in Splunk Search 07-07-2021 0 4	0	4
TIME_PREFIX and TIME_FORMAT for Props configuration File Hi,How I would write TIME_PREFIX and TIME_FORMAT for props configuration file for the following events (4- sample ev... by SplunkDash Motivator in Splunk Search 07-07-2021 0 3	0	3
How to display zero value in a chart with multiple fields Hi! i am trying to create a search to display zero values in my chart. However my current search has multiple calcula... by yvassilyeva Path Finder in Splunk Search 07-07-2021 0 5	0	5
Splunk Fundamentals Module 5 Hi, I am testing out Splunk Fundamentals 1, and on Module 5 of the lab portion, after running the search, I am not ge... by avergar5 Engager in Splunk Search 07-07-2021 1 5	1	5
search all event after specific string Hi1-I want to search result return everything after specific event till now.for example: index=main \| search "start ... by indeed_2000 Motivator in Splunk Search 07-07-2021 0 2	0	2
Splunk REST API with NodeJs: trouble getting started creating a search job I'm new to this, and would appreciate any help from someone who uses NodeJs with Splunk. I can successfully query pas... by mattee1283 New Member in Splunk Search 07-07-2021 0 0	0	0
How can I calculate counts for active Qualys vulnerabilities I am ingesting Qualys data via the Qualys Technology Add-on for Splunk (v1.8.7). To reduce daily volume, I have chose... by ejwade Contributor in Splunk Search 07-07-2021 0 2	0	2
subtracting 2 timestamps and then evaluating if that result is longer than 1 hour I have two timestamps that are in this format within my log events:start: 2005-07-05T04:28:34.453494Zend: 2005-07-05T... by samnew4598 Explorer in Splunk Search 07-07-2021 0 2	0	2
How to write rex with sed mode so that it shows/extracts all unique numbers with specific digits masked ? Hi, novice splunker here. How could I search or extract all the unique numbers while keeping certain digits masked? ... by user290317 Explorer in Splunk Search 07-07-2021 1 5	1	5
New lookup is not working Hi team,I already worked with the lookup feature of splunk, tables, definitions and automatic lookup, and is working ... by gustavoortega New Member in Splunk Search 07-07-2021 0 2	0	2
How to overwrite the indexer data. Is there any possibility to over write the index data ,for example the data is indexing by the below query.\| inputlo... by vinod743374 Communicator in Splunk Search 07-07-2021 0 4	0	4
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
How to combine multiple searches in same alert HI,I have 3 searches that give results for errors and journey length. I wanted to add all these searches together and... by SG Path Finder in Splunk Search 07-07-2021 0 0	0	0
Fill in 0 for timechart with missing values I'm generating a chart with event count by date. The problem is for dates with no events, the chart is empty. I wan... by the_wolverine Champion in Splunk Search 07-07-2021 5 7	5	7
How to use regex to filter out logs? Hi community,I have the need to exclude AIX logs containing a certain field value.This is the regex the parser is usi... by martaBenedetti Path Finder in Splunk Search 07-07-2021 0 5	0	5
Best way of making base search Hello everyone! I need some help with figuring out how to make this base search the best way without hitting the 500.... by N-W Explorer in Splunk Search 07-06-2021 0 6	0	6
Splunk Fundamentals Module 5 Lab In Module 5 Lab #8, I am asked to perform a search using the "fail* AND password" command over ALL TIME. The search r... by Floyd22 Engager in Splunk Search 07-06-2021 0 0	0	0
Show hosts that stop reporting logs Hello, I have many windows machines sending logs through the agent to index = mainWith what query can I monitor eith... by splunkcol Builder in Splunk Search 07-06-2021 0 3	0	3
Search hangs on "TcpOutbound" error A scheduled search is hanging when it approaches around 28% completion. In search.log, the following message appears ... by mh393 Loves-to-Learn in Splunk Search 07-06-2021 0 0	0	0
Tstats and stats return difference result Why do I use "tstats" and "stats" but return different results??? I need an explanation.I use Splunk version 8.2.0 by hoangpt Explorer in Splunk Search 07-06-2021 0 5	0	5
Splunk App for Unix and Linux props.conf fields are not calculated Hi,Given the below system architecture on a single server: 1. When I pass the OS data generated by the Splunk addon (... by nouraali Explorer in Splunk Search 07-06-2021 0 0	0	0
Index bz2 files take too much time Hi I have a directory that contain 60 bz2 files. Totally 27 GBAfter 24 hours still index processing not completed!How... by indeed_2000 Motivator in Splunk Search 07-06-2021 0 2	0	2
domain accounts search csv Hi,i have been looking but cant seem to make much sense of it all. im new to splunk.im trying to create a search and ... by japonter Explorer in Splunk Search 07-06-2021 0 4	0	4