Splunk Search

Community Activity

rex -> spath -> field extract not working? Hello -My data looks like (also attached as PNG for better readability):2021-04-28 - 22:01:14.728 - INFO : Action com... by bitbucket Engager in Splunk Search 05-05-2021 0 4	0	4
Wildcard search on non-existent field search I have a generic search that I am using to display data for a handful of applications, which look something like this... by cclva Explorer in Splunk Search 05-05-2021 0 1	0	1
Join two statistics tables without subsearch Hi, I am trying to compare event type count statistics for 2 days using the following search:earliest=-48h latest=-24... by sbarinov Path Finder in Splunk Search 05-05-2021 0 2	0	2
How to split count by product by another value? Hi, I have the following query: \| bin _time span=1d \| stats count as ProductCount by applysourcetype, product, _tim... by maxmukimov Explorer in Splunk Search 05-05-2021 0 7	0	7
LISPY issues with Windows Defender Logs Hey Splunkers,in the last days I'm trying to learn and understand the principles of LISPY to understand the fllowing ... by Lombs Engager in Splunk Search 05-04-2021 1 0	1	0
Regex multiple values from a string Hello,How can I extract multiple values from a string after each slash? For example below, I would like to extract f... by timyong80 Explorer in Splunk Search 05-04-2021 0 6	0	6
Combine 2 Queries that use the same Lookup CSV but different column in Lookup Hello - I am looking for recommendations on combining 2 searches that use the same Lookup CSV but different columns i... by stevenulbrich Explorer in Splunk Search 05-04-2021 0 0	0	0
Need help of review of 5 year old search to improve it. Hello - I have Splunk report that was generated 5 years ago. I was looking for advice. Can it be updated to work be... by stevenulbrich Explorer in Splunk Search 05-04-2021 0 3	0	3
Is there a way to extract a part of a string using a lookup table? Hello friends,Thank you so much for your help in advance.I have a field named "ERROR_COLAB" in which a series of resp... by cindygibbs_08 Communicator in Splunk Search 05-04-2021 0 2	0	2
extract ip username Hi, I am trying to extract the following [04 May 2021 13:13:59,786] [Nsh-Proxy-Thread-93] [INFO] [abc@abc.com:abc:10.... by dbashyam Explorer in Splunk Search 05-04-2021 0 3	0	3
Extract specific fields from unstructured logs I have a list of unstructured logs like below for which I have to extract certain fields. Tried using "Extract fields... by Nidd Path Finder in Splunk Search 05-04-2021 0 2	0	2
how to extract a value from a field name ? Hi,I have a table like that : testtotalproductA_xxxxproductA_zzzzproductB_xxxxproductB_zzzz1220.230.360.440.55 What I... by mah Builder in Splunk Search 05-04-2021 0 4	0	4
Multivalue fields to Columns and values of a single event Hello,I'm trying to show this event as a table: 2021-05-04 11:28:56.722, TIME="2021-05-04 11:28:56.722", ID="0a7a270... by Matioski7 Explorer in Splunk Search 05-04-2021 0 4	0	4
How to compare 5 different fields and get the count of their occurrence Hi Team,I would like to compare below 5 different columns and get one more column as a count.category code text cou... by aaa2324 Explorer in Splunk Search 05-04-2021 0 3	0	3
Alert setup using lookup and WhiteList I am trying to get an alert to recognize a lookup file with a whitelist for external devices. Some devices I don't c... by bz New Member in Splunk Search 05-04-2021 0 0	0	0
List Codes that are not in the lookup table Hi,I have a list of accounting codes in a lookup table. I use that to identify applications under that accounting cod... by aquinojason Path Finder in Splunk Search 05-04-2021 0 2	0	2
Help on REGEX match ignoring non-mandatory string at its end Hello,i searched few hours how to extract the RULE_NAME field from my Firewall logs without success.RULE_NAME is at t... by Flo-Paris Explorer in Splunk Search 05-04-2021 0 3	0	3
how to calculate the data received per day? Greetings!!Dear all!Hope you are well. I need your support on how to calculate the size of events we received per day... by pacifikn Communicator in Splunk Search 05-04-2021 0 4	0	4
How to remove the dynamic date and time from the incoming raw data and get the count How to compare the incoming data with dynamic date and time with the lookup table, examplei have incoming data in bel... by aaa2324 Explorer in Splunk Search 05-03-2021 0 3	0	3
Splunk dashboard Hi TeamI have the required data in one of the fields but the logs are not in order how can i extract the required dat... by Nith1 Path Finder in Splunk Search 05-03-2021 0 1	0	1
Outlier Dip Trough Detection I am working on time series data and would like to detect these type of trough's in the graphs. The y axis is netwo... by pjohnson1 Path Finder in Splunk Search 05-03-2021 0 4	0	4
Find average time duration in hh:mm I am trying to find the average time duration in hh:mm from the data in one column. Below is the search query which g... by ajmanish New Member in Splunk Search 05-03-2021 0 1	0	1
Search shows zero results when searching a field defined by search time extraction index=environment sourcetype=infinity_thermostat < shows all the extracted fields and values under "Interesting Field... by nortonjco Explorer in Splunk Search 05-03-2021 0 2	0	2
Case statement with a regex? I'm trying to use a case statement and assign part of a field for each case statement. For example case(len(field)=5,... by klim Path Finder in Splunk Search 05-03-2021 0 2	0	2
inputs.conf entry to get linux operating system name and version Greetings -I do have the TA for nix.I spend a couple of hours scouring all my resources and looking at the TA_nix wh... by jcorcoran508 Path Finder in Splunk Search 05-03-2021 0 1	0	1