Splunk Search

Community Activity

	Is there a REGEX character limit on field replacement in transforms.conf? I have data that is in json format but I only want to keep the value of the MESSAGE field from it. I created a trans... by heath Path Finder in Splunk Search 12-07-2020 0 4	0	4
	Is there a way to format a string when it's used to fillnull? I have created a dashboard that is monitoring the number of events received at corporate to the number of events repo... by bhavlik Path Finder in Splunk Search 12-07-2020 0 2	0	2
	How to match string and apply stats count on a stats count table I have a requirement to fetch stats count from raw data logs. Sharing you the query and results.Query : index="bw6_st... by rkishoreqa Communicator in Splunk Search 12-07-2020 0 1	0	1
	Extract two different values and set it to _time in props/transforms this is how my xml events look like: <AttackCoords>-80.33100097073213,25.10742916222947</AttackCoords> <Outcome>Int... by avoelk Communicator in Splunk Search 12-07-2020 0 2	0	2
	EVAL Command Help Hello Splunkers,I am trying to write is a condition that says if command starts with "CHA" or "INS" add one.The Query... by Marco Communicator in Splunk Search 12-07-2020 0 4	0	4
	compare row by row values Hi All, i'm trying to compare row values .my table is like App label env spacemi... by kirrusk Communicator in Splunk Search 12-07-2020 0 2	0	2
	Verify if users are in an Active Directory group Hi all,I have been trying to create a search which compares results from an index with results from an ldap search. T... by Sasquatchatmars Communicator in Splunk Search 12-07-2020 0 5	0	5
	Simple attacks detected by Fortigate Hi there,I'm pretty new to Splunk, but have got a fortigate set up to send all logs to Splunk.Simply looking to find ... by logginz85 Explorer in Splunk Search 12-07-2020 0 1	0	1
	ASA searching for current open connections that have been Built but with no teardown Hello,I'm pretty new to SPLUNK and I'm looking for help trying to find ASA open connections between two endpoints.Mos... by FC50 Path Finder in Splunk Search 12-07-2020 0 4	0	4
	result of makemv not as expected With this searchindex=useradmin sourcetype=role_capabilities\| eval capabilities=replace(capabilities,"\s",",")\| makem... by rrovers Contributor in Splunk Search 12-07-2020 0 3	0	3
	Concatenation of records between two keywords ? Hello.It is not a question, it is a use case that I don't arrive to resolve.The situation :a log file on remote serve... by pck_npluyaud Explorer in Splunk Search 12-07-2020 0 0	0	0
	Display row, even when count over value is zero I have the following search:index=aa sourcetype="bb" Service="/abc" OR Service="/mno" OR Service="/xyz" \| chart count... by JMFrank215 Explorer in Splunk Search 12-06-2020 0 8	0	8
	How to replace join from the below query? index=105261-cli sourcetype=show_system_resources\| dedup deviceId\| eval nexus_percent_used=round(100*memory_used/memo... by pstalin_ Engager in Splunk Search 12-06-2020 0 4	0	4
	Trying to take a value from one search and place it in another search I have a search that runs with no issues-ComputerName=CompName* (event_simpleName=written OR event_simpleName=Direc... by aking76 Path Finder in Splunk Search 12-06-2020 0 3	0	3
	Evaluate multiple events as one Hi everyone,I have a data set such as:Log1: EventId + EventType1Log 2: EventId + EventType2Log 3: EventId + EventTyp... by insatiableavi Observer in Splunk Search 12-06-2020 0 3	0	3
	How to filter out few data showing up from my search string while setting a alert notification on triggering condition Hello team,My search string is as below: index=qrp STAGE IN ("*_RAW", T_FEED_MESSAGES) \| stats sum(TRADES) as "TradeC... by Snehaan Explorer in Splunk Search 12-04-2020 0 1	0	1
	Join field form inputlookup failed Hi, I am getting crazy with a simply JOIN statement to use Tenable data in Splunk.The goal is to enrich the KV store ... by jacortijo Explorer in Splunk Search 12-04-2020 0 1	0	1
	Query to delete multiple row in kvtable or csv table using splunk query I have kv lookup table named bingo_kv_table. There are multiple rows having same hosts along with other hosts. I wan... by Saikat001 Explorer in Splunk Search 12-04-2020 0 1	0	1
	Number of aggregated events per username in a time window I am trying to monitor for higher than threshold number of events per user. Alert is run once in an hour and I need t... by LegalPrime Path Finder in Splunk Search 12-04-2020 0 2	0	2
	LDAP query for users Hello,I want to search AD for all users in my organization. But as the list is huge, there is memory error occurring ... by Rody333 New Member in Splunk Search 12-04-2020 0 0	0	0
	Using rex to filter fields Hello everyone,I have the following pattern of logs and I'm trying to use rex to filter the values.I started doing it... by leandromatperei Path Finder in Splunk Search 12-04-2020 0 1	0	1
	Field alaises my field aliases are set like this:browser = BROWSERreferrer = REFERRERreq=REQreq_id=REQ=IDsrc=SRCDuring my search in... by Ephrem32 Explorer in Splunk Search 12-04-2020 0 3	0	3
	Error after configuration in Splunk Hi All!I need your help !After checking that we're receiving logs into splunk mgt, I wanted to do Configuration in sp... by pacifikn Communicator in Splunk Search 12-04-2020 0 2	0	2
	how can i change column values to field names i'm trying to convert values in column to fields names, But not able to achieve.table is like ENV LABEL ... by kirrusk Communicator in Splunk Search 12-04-2020 0 5	0	5
	Replacing a field value which is present in another field using rex sed command Hi All,I am trying to replace values which are already fields present in another field using rex and mode = sed. Exam... by akil8295 New Member in Splunk Search 12-04-2020 0 1	0	1