Splunk Search

Community Activity

	Regex: Error using where/match and backslash character The following example \| makeresults \| eval FilePath="\\Temp.exe" \| where match(FilePath, "(?i)\\Temp\.exe$") Creates ... by abowesman Explorer in Splunk Search 05-10-2021 0 0	0	0
	Field extraction regex breaks due to date change and space The date field sometimes has 2 spaces and sometimes 1 space, depending on whether the date is a single digit or doubl... by ershad_c Engager in Splunk Search 05-10-2021 0 2	0	2
	How to split/extract substring before the first - from the right side of the string SpoilerHow to split/extract substring before the first - from the right side of the field on splunk searchHow to spli... by keshavgupta Engager in Splunk Search 05-10-2021 0 1	0	1
	how to use horseshoe meter with stats how to use horseshoe meter for below queryindex = * \| table podname cluster status \| dedup podname cluster status \|... by kirrusk Communicator in Splunk Search 05-10-2021 0 1	0	1
	Subsearch Hi,I've been trying for hours and nothing works, so I figure you might help me out.I have the following very long que... by yifatcy Path Finder in Splunk Search 05-10-2021 0 2	0	2
	How to use metadata/header for all the following events Dear all,I'm trying to retrieve some log metadata and associate them to all my events.Exemple: When my application st... by Flobzh Explorer in Splunk Search 05-10-2021 0 1	0	1
	account was created and deleted Hi,My query:index=ph_windows_sec sourcetype=XmlWinEventLog (EventCode=630 OR EventCode=4726 OR EventCode=624 OR Event... by or1515 Loves-to-Learn Everything in Splunk Search 05-10-2021 0 2	0	2
	Split trellis over two variables Hi,Can I separate Trellis visualization by two variables as keys? In other words, I would like a timechart for each c... by yifatcy Path Finder in Splunk Search 05-10-2021 0 0	0	0
	Splunk searching Syntax Resolved by keyu921 Explorer in Splunk Search 05-10-2021 0 1	0	1
	How to concatenate strings with unicode character? I want to concatenate strings with special characters like "\t" and Unicode char "\u0006"I tried \| makeresults \| ev... by junlozhang Explorer in Splunk Search 05-09-2021 0 2	0	2
	How to split up a string into multiple fields? I have a field that consists of data separated from a json data field using this search.index="test-99" sourcetype="... by robayers Explorer in Splunk Search 05-09-2021 0 8	0	8
	Group events into a single event I am relatively new to this wonderful tool called SPLUNK. Please excuse me if this question has already been answered... by schou87 Path Finder in Splunk Search 05-09-2021 0 4	0	4
	I want to insert a value into a subsearch using the search result as a variable. Dear ALL,I want to insert a value into a subsearch using the search result as a variable.Do the following search to g... by Msugiyama Path Finder in Splunk Search 05-09-2021 0 2	0	2
	superimposed timeline chart comparing the latest and last week data For the below query, searching for the values of 2nd occurence of earliest and latest events so that the timechart wo... by prajwal_94 Explorer in Splunk Search 05-09-2021 0 2	0	2
	Build filter from inputlookup I would kindly need some help for a query i am not able to create.I have inputlookups as source.And i want to filter... by hvdtol Path Finder in Splunk Search 05-09-2021 0 4	0	4
	Getting Amount of X Events After Last Y Event Right now I have something like this: index=my_index sourcetype=my_sourcetype \| rex field=message "- (?<User>\S+) -:"... by PaintItParker Explorer in Splunk Search 05-08-2021 0 3	0	3
	Makeresult with hosts and date range I am aiming to provide headers to my generated report. I have 3 hosts, host1 host2 and host3. My report is configured... by cboonyan New Member in Splunk Search 05-08-2021 0 1	0	1
	How to get the difference (In whole days) between two fields within the same event Hi Guys, Wondering if you can help me out with the following. Within a single event I have to fields: 1) expiry_date2... by Matthew Engager in Splunk Search 05-08-2021 0 2	0	2
	2 host with the same names Hi,I have 2 servers with the same names and I have installed universal forwarder on both servers. In forwarder manage... by sh_tavousi Explorer in Splunk Search 05-08-2021 0 3	0	3
	How to merge the content of a group Let's say the data looks like:StudentNameStudentIdGradeExamDateTom1602021-04-01Jerry2702021-04-01Tom1622021-04-07Jerr... by junlozhang Explorer in Splunk Search 05-08-2021 0 2	0	2
	How to match portion of string between two fields in splunk Example:field1=ADOBE INC.field2=ADOBE SYSTEMS&sep1; INCORPORATEDi want to match this as both fields containing "ADOBE... by obais9346 Engager in Splunk Search 05-07-2021 0 3	0	3
	How to find how much data is flowing through a particular HEC token in Splunk? Hi All, Can any one guide me how to find, how much data is getting ingested into Splunk from a particular HEC token... by Hemnaath Motivator in Splunk Search 05-07-2021 0 3	0	3
	Export value from the filed based on another log I have O365 logs in Splunk. I want to find all shared files/folders plus display sensitivity labels of these files. A... by nikoloz04 New Member in Splunk Search 05-07-2021 0 0	0	0
	Sum latest value multiple field with timechart Hello !My data is in this form :_time (dd/mm/yyyy), NbRisk, SubProject, GlobalProject02/05/2021, 10 , SubProject1, ... by bcouavoux Explorer in Splunk Search 05-07-2021 0 4	0	4
	condition command to merge events Hi all,I performed an initial search, to this I added a second search, with the map command, where based on the value... by antonio147 Communicator in Splunk Search 05-07-2021 0 3	0	3