Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

ipmask (dys-)function

The documentation (9.0.2 Search Reference) describes a function ipmask(<mask>,<ip>) that is supposed to apply the gi...

by Path Finder in

How to get results from two different Sourcetype and presenting in a table?

Im trying to get the following into a table and have a count of the successful attempts. I have tried a few ways, ...

by Explorer in

How to produce a field value from a subsearch?

Hi all, I'm currently working on creating an alert for any time a user mounts an ISO. My core search works exactly as...

by Observer in

How to use field values with greater than and less than to do KV lookups?

I have a KV store based lookup for Port Address Translation. Given the first 3 octets of a public facing IP and a por...

by Explorer in

How to use time range fields from subsearch used for main search?

I have a subsearch that is used to pull user, and start and expiration time fields. I want to use the two time field...

by Path Finder in

How to parse below logs when F5 pool member was down and send alert?

I looking for someone help on this I am struggling with parsing the logs when pool was down and and send alert 5 minu...

by Observer in

How to calculate accurate time from .csv?

Hello Splunk community, I need some help with the following: I have a .csv file that is being created at a P...

by Explorer in

Search for recurring events over multiple time spans

Hi, looking for guidance please on how to alert on recurring auth events over multiple time spans, but I can't get my...

by New Member in

How to extract multiple fields from a search result?

Hi All I am trying to extract the values that trail context, userid, username, groupid Sample partial event ...

by Engager in

How to alert if csv entry exists but not returned in search when comparing values?

Hi Guys, I am comparing the values from a csv with those returned in a json format on a splunk search. ...

by Loves-to-Learn Everything in

If atleast one processor is up i need to consider device is online

Hello Greetings! i have data in the following way Device Processor status 01 Splunkd Ru...

by Path Finder in

How to check if some csv is getting used in any alert/report/dashboard or not?

by Engager in

How can I add quotes and comma to a multivalued field?

HI, I have a multivalued field with values asABCI want it to be replaced as 'A','B','C' . I tried to do it with eva...

by Explorer in

How to search all value from one mvfield to another mvfield?

Hi Community,I have 2 mvfields, how can I search for all the values in the first mvfield to all the values in the sec...

by Explorer in

How to extract the field by using regex?

Hi , I need to extract the value FISOBPIT10101 from the below lines. message:PSUS7|8897|FISOBPIT10101|OW...

by Loves-to-Learn in

How to extract a field using rex that contains backslash and double quotation marks?

in the raw event there is a line that goes Brand\="xyz" What's the rex command I can use to extract this in m...

by New Member in

Is is possible to store Splunk dashboard code in Gitlab or Bitbucket, so I don't lose the dashboard?

I want to store the Splunk dashboard code in Gitlab or Bitbucket so I do not lose the dashboard. Any ideal if its pos...

by Explorer in

How to use inputlookup in a search, but convert the field of a stats by some column by the field of another column?

I have a .csv with this format (this is a mock, just to give you an idea of the pattern) code, message, 1, "Not f...

by Loves-to-Learn Everything in

Would someone know how to find out who is logged into a specific computer?

Would someone know how to find out who is logged into a specific computer. Thanks in advance!

by New Member in

Can we delete the fishbucket for a specific index ?

Hello Experts , I am trying to delete the fishbucket but I want to delete only one index=syslog..Is there a command...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

ipmask (dys-)function

How to get results from two different Sourcetype and presenting in a table?

How to produce a field value from a subsearch?

How to use field values with greater than and less than to do KV lookups?

How to use time range fields from subsearch used for main search?

How to parse below logs when F5 pool member was down and send alert?

How to calculate accurate time from .csv?

Search for recurring events over multiple time spans

How to extract multiple fields from a search result?

How to alert if csv entry exists but not returned in search when comparing values?

If atleast one processor is up i need to consider device is online

How to check if some csv is getting used in any alert/report/dashboard or not?

How can I add quotes and comma to a multivalued field?

How to search all value from one mvfield to another mvfield?

How to extract the field by using regex?

How to extract a field using rex that contains backslash and double quotation marks?

Is is possible to store Splunk dashboard code in Gitlab or Bitbucket, so I don't lose the dashboard?

How to use inputlookup in a search, but convert the field of a stats by some column by the field of another column?

Would someone know how to find out who is logged into a specific computer?

Can we delete the fishbucket for a specific index ?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...