Splunk Search

Discussions

Thread Info

Why does Splunk return 0 results when filtering data that we know is there?

Hi everyone! We're sending events to Splunk using the HTTP Collector but we have an issue when we try to search fo...

by Engager in

Display results of search that are not in result of subsearch

I have events sent from a configuration management tool that may either contain a status of 'Job Started', or 'Job Co...

by Engager in

Inconsistent results when searching splunk connect for kubernetes logs

Hi all, I’m getting strange results when splunking container logs collected by splunk connect for k8s… when sea...

by Builder in

sed to replace a string after a match

Is there a way I can substitute a string after a regular expression match? For example, i want to replace the IP addr...

by Path Finder in

Seeing duplicated alerts each time the alerts triggers

We have only one log in the Splunk, but the user is receiving 2 alerts at a time with the same search id.

by Observer in

Stats function with additional fields

Hi, In my splunk events, I have multiple jobsNames and their corresponding statusText. For one jobName, there will...

by Path Finder in

Table with Multiple by Fields

I have a search that I have been asked to organize in a different way. Mysearch | rex (FieldA)(FieldB)(FieldC)(Fiel...

by New Member in

Remove useless header HTML events

Hey Splunkers! Could someone please help me to remove useless header HTML events before it gets indexed into splun...

by New Member in

json to table

Hello I have a log like below,which is having JSON objectFEATURES=[{"featureName":"TOKEN_VALIDATION","addedIn":"1.0.7...

by Explorer in

Regex host upper case

my query fetches (host, incident) from subject line by using below regex command regex field=subject max_match=0 “(...

by Path Finder in

Search combine transaction with summing

Goal: To get a table summing the amount of data transferred between specified time ranges based on a transaction. ...

by Explorer in

a very simple query with two data

hello Guys, I'm very very noob using Splunk, I have a very simple log file which contains 5 columns of data: blo...

by New Member in

How to detect a newly sessionid with SPL and alert.

I want to do a security log monitoring and using splunk alert feature to send email notifications. The security...

by Explorer in

How to sum of two result of appending subsearch in Total

Hi, I have two OUTPUT as " IA" and "IB" in one chart by appending sub search. I want addcoltotals of sum of "IA" ...

by Explorer in

Splunk Python Script to Decode MIME Headers in email subject

I wrote a python script that works great from the command-line however when I run it from the search in the browser I...

by Path Finder in

Blocking New Events from getting triggered based on the status of the Earliest Event

Everyone, Needed help on an issue of event blocking for a Splunk setup which would receive events from a Web page t...

by Path Finder in

unable to extract deeply-nested JSON from AWS CloudTrail

I have a large query which works great to search CloudTrail logs for Security Group changes. Different events, howeve...

by Path Finder in

How do I narrow my base query by time

Greetings, I want to use one base query for my dashboard, with time going back a couple months. I thought I would...

by Path Finder in

Day of Week in Columns to Match Day of Week and Return Results

In my lookup table, I have the days of the week as columns with "Y" or "N" in the field (not able to change this as t...

by Explorer in

List events but exclude if part of transaction

My log has timeout events that occur on calls to UPS. There are timeout events for other reasons as well. I want my s...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does Splunk return 0 results when filtering data that we know is there?

Display results of search that are not in result of subsearch

Inconsistent results when searching splunk connect for kubernetes logs

sed to replace a string after a match

Seeing duplicated alerts each time the alerts triggers

Stats function with additional fields

Table with Multiple by Fields

Remove useless header HTML events

json to table

Regex host upper case

Search combine transaction with summing

a very simple query with two data

How to detect a newly sessionid with SPL and alert.

How to sum of two result of appending subsearch in Total

Splunk Python Script to Decode MIME Headers in email subject

Blocking New Events from getting triggered based on the status of the Earliest Event

unable to extract deeply-nested JSON from AWS CloudTrail

How do I narrow my base query by time

Day of Week in Columns to Match Day of Week and Return Results

List events but exclude if part of transaction

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

Regex field extraction repeating string