Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Removing Characters After First Space for a Field in Splunk

Hello, I have following results like below: HostTypeType Duplicate Field ABCDCoca ColaCoca ColaEFGH7up - Sprite7u...

by Path Finder in

How to extract data for a portion of the field?

Hello Splunk Community, So I have a table that has results like below Name Tom01 Tom02 ...

by Path Finder in

Why does lookup return null when there are multiple matches?

I have a lookup with multiple columns (keys). Some combinations make a unique match, but I need an ambiguous search ...

by SplunkTrust in

How to correlate list of users based on IP?

I am trying to create a report that will take a username(user) and look for the most recent IP address(src_ip) they u...

by Explorer in

How to add host to command in the BY section?

| chart values(Date_Policy) BY Volume,WeekRange, in above command I wanted to add host as well in the BY section b...

by Explorer in

How to rearrange below numeric columns based on order?

Hi, I have to rearrange below columns in below orderi.e. 31-60 Days, 61-90 Days, 91-120 Days,151-180 Days,Over 180...

by Builder in

How come this doesn't work given indexers.csv is a list of Splunk servers with role indexer?

How come this doesn't work given indexers.csv is a list of Splunk servers with role Indexer? | inputlookup indexer...

by Engager in

Dashboard not populating as they have $ symbol in some field values, is there another way?

Hello SplunkersI have the following search.The search works fine when running it but when its saved as a panel in a d...

by Path Finder in

Why does field becomes null when attempting to subtract?

I am feeling puzzled. I am trying to take a date, convert it to epoch time, and then subtract a number of seconds fro...

by Explorer in

Splunk integration with OpsGenie to send alert- Is OpsGenie not supported?

Hi, I am sure this question must have asked multiple times and infact I've come across multiple posts but I am still ...

by Path Finder in

Data Models and incomplete source data

Greetings, I'm finally tackling the topic of data models within my organization, and am coming across situations I ...

by Explorer in

How to check if a value exists in a list of values?

Hi,I'm filtering a search to get a result for a specific values by checking it manually this way:.... | stats sum(val...

by Explorer in

How to compare data from data model with data from data set?

Hello, I have a data model named firewall_logs with firewall data in which the interesting fields are: file_hash, url...

by Explorer in

Why doesn't my rex code work?

Very strange scenario. I'll use a rex statement to retrieve data and it works perfectly. If I copy and paste the rex ...

by Engager in

How to join and read input from csv?

I've a query index="main" app="student-api" "tags.path"=/enroll "response"=succcess which also...

by Engager in

How to create a correlation search that would trigger an alert for a search?

I need to create a correlation search that would trigger an alert if it found a match from IPs from: | inputlookup...

by Explorer in

How to compare field from one index to multiple field in other index?

Good day, I have a usecase explained below - Index A has Reporting_Host (mix of IP address, hostname, FQDN) and I...

by Path Finder in

How to do the opposite of match()?

I'm trying to do a DOES NOT match() instead of a match(). http://docs.splunk.com/Documentation/Splunk/6.1/SearchRefer...

by Builder in

How to add and divide field results for percentage?

I'm trying to figure out the percent of successful authentications from out vulnerability scans. There is a field nam...

by Path Finder in

Field Alias Applied to Hostname - Events Matched But No Results?

Hi, I am new to Splunk so please forgive me. I had created a field field, where if the hostname contains "*-us*" ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Removing Characters After First Space for a Field in Splunk

How to extract data for a portion of the field?

Why does lookup return null when there are multiple matches?

How to correlate list of users based on IP?

How to add host to command in the BY section?

How to rearrange below numeric columns based on order?

How come this doesn't work given indexers.csv is a list of Splunk servers with role indexer?

Dashboard not populating as they have $ symbol in some field values, is there another way?

Why does field becomes null when attempting to subtract?

Splunk integration with OpsGenie to send alert- Is OpsGenie not supported?

Data Models and incomplete source data

How to check if a value exists in a list of values?

How to compare data from data model with data from data set?

Why doesn't my rex code work?

How to join and read input from csv?

How to create a correlation search that would trigger an alert for a search?

How to compare field from one index to multiple field in other index?

How to do the opposite of match()?

How to add and divide field results for percentage?

Field Alias Applied to Hostname - Events Matched But No Results?

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...

Running queries not working at all