Splunk Search

Discussions

Thread Info

Is it possible to use | format to get !=?

I have a search and in the initial part of the search I have a subquery that returns some IP addresses formatted like...

by Contributor in

Warning in internal log: unable to parse site_label

I recently noticed a huge amount of warnings in the _internal logs for our search heads. events are all like this: ...

by Explorer in

Can someone help me adjust my regex to only capture "P3820 Houston to A345 Atlanta Line Down" for the field "Details"?

I can't use the field extractor because the field configurations are frequently very different and it gives me errors...

by Path Finder in

Join all objects with specific object within the same file?

Hi, i have a lot of files, the size of each file can be 4M.the structure of each JSON file: Events/objects. Each e...

by Path Finder in

How can I search not only filter messages also couple of messages around it?

by New Member in

How to get new exceptions stats by comparing two time ranges?

Hello splunk, I'm trying to compare the exceptions between time ranges and get the new exceptions list. Supp...

by Path Finder in

How would I use lookup in this search?

Hi everyone, I created a CSV lookup that has one column named "IP" which contains public IP list, and now I want to u...

by Engager in

Is it possible to do a regex at search time or preferably at index time to do this?

Hi, I have below raw event. Data is ingested via reading logfiles from dedicated location on monitored server with...

by Contributor in

How to extract URL and text after a string?

Hi, I would like to extract fields from an unstructured data that contain multiple labels followed by its HTML hre...

by Engager in

How to extract and count email address?

Hello. How to extract and count personal email address? Say the destination email field (d-email) contains email as b...

by New Member in

Replace Characters- How can I replace \\\\ for \ ?

Hi guys how are you doing? I'm reading this link Solved: How to use replace in search? - Splunk Community but...

by Engager in

How can I search vlookup data from CSV?

Hello I have injested CSV data in lookup. The common data is Service_Method in CSV and dt.entity.service_method in Sp...

by Explorer in

Is there a "Splunk Enterprise" vs "Splunk Security" comparable list?

Hi Is there any feature or ability exist in "Splunk Enterprise" that does not exist in "Splunk Security"? Any cheat s...

by Motivator in

How to get statistical distribution of multivalue entry in Splunk?

I am starting with this query to show which types of products our top customers buy ``` get all purc...

by Observer in

How to categorize time into group?

Hi Splunkers, I am looking for a query to categorize timestamp into Morning, Afternoon, Night. I'm using this to k...

by New Member in

Can I search without using join?

Hi,I'm looking to improve performance and avoid the subsearch_maxout issue with a join on two source types. I'm jo...

by Path Finder in

What is an SPL search query for detection of stolen credentials?

totally stuck with this query

by New Member in

Is there an alternate solution to stats count with two BY fields?

| eval ExitStatus=if(ExitStatus>0, 1, 0) | stats count by ExitStatus by Site In the search query ...

by Path Finder in

How to setup an alert but omit certain time of day?

Hello All, I'm trying to do a search "found ANC VITC in source 01:00:00;00" which works just fine, but I would lik...

by New Member in

Can I report for number of monthly incoming and outgoing calls with total minutes?

Currently, I can download a report for overall incoming plus outgoing calls, total number of minutes and average call...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is it possible to use | format to get !=?

Warning in internal log: unable to parse site_label

Can someone help me adjust my regex to only capture "P3820 Houston to A345 Atlanta Line Down" for the field "Details"?

Join all objects with specific object within the same file?

How can I search not only filter messages also couple of messages around it?

How to get new exceptions stats by comparing two time ranges?

How would I use lookup in this search?

Is it possible to do a regex at search time or preferably at index time to do this?

How to extract URL and text after a string?

How to extract and count email address?

Replace Characters- How can I replace \\\\ for \ ?

How can I search vlookup data from CSV?

Is there a "Splunk Enterprise" vs "Splunk Security" comparable list?

How to get statistical distribution of multivalue entry in Splunk?

How to categorize time into group?

Can I search without using join?

What is an SPL search query for detection of stolen credentials?

Is there an alternate solution to stats count with two BY fields?

How to setup an alert but omit certain time of day?

Can I report for number of monthly incoming and outgoing calls with total minutes?

Enterprise Security Content Update (ESCU) | New Releases

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

How to timewrap for today Format

Using comparison function within mstats

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out