Splunk Search

Discussions

Thread Info

values from lookup are not filled into map

Hey! So I have been trying to use inputlookup on a long CSV list of addresses to perform a search for each adre...

by Explorer in

How to set message for status for job not run on saturday sunday ?

How to set status message for job not ran on saturday and sunday .here the query which i used in case statement.In my...

by Contributor in

How to use lookup fields to compare with current event logs and filter them

Hello Splunk members! I currently have a search that produces "Users" connecting to certain "hosts" whereas the sta...

by Explorer in

Splunk REST API: How to filter saved searches by author/name?

Using the Splunk REST API, one can use GET against the "saved/searches" endpoint and get a list of all Saved Searches...

by Path Finder in

echo command in splunk

How can I print out any value or any result in splunk? Does splunk have any echo command system? eval didn't help me ...

by Path Finder in

Regex expression to extract IP from a raw log file

Hi all, I am trying to extract an IP and the word "HOST_NAME" from a raw log file using the following regex express...

by Explorer in

I need to bring back a zero value if my search does not bring anything back.

index=xxxx source="/esbplogsdir/prod/Enable/LOG_Maximo_LSI_Work/Maximo/LSI_IN_msg_prod.log" OR source="/esbplogsdir/p...

by Path Finder in

How to extract fields from regex and put in a table

My current search is: index=rtm* source=/prod/msp/logs/private-auto-loan-credit* | regex "The rule (?<field...

by Loves-to-Learn in

How can I hide the real-time search options from the users?

We would like to disallow our users to use real-time searches. Where do we block the feature from the users?

by Motivator in

Regex help Required

Hi All, We are planning to ingest the SQL login success and failure logs into Splunk. So in the logs there are lot...

by Communicator in

Getting the error ImportError: splunklib.modularinput

I'm running Cisco AMP events input on Splunk 8 on python 2.7.17 and received the following error after configuring th...

by Explorer in

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 has two EXTRACTs with errors in them. EXTRACT-extract_src and EXT...

by Communicator in

case: defaulting to "value" rather than NULL

Hi, I'm using an "eval myvar=case(...)" like the one in the splunk documentation: ... | eval description=case(erro...

by Engager in

Search for text in log containing say, "non contact" but not just "contact"

I have logs that say both contact and non contact. I would like to distinguish them in a search with the complete "no...

by Explorer in

How to get index of a particular letter in string

How can i find index of last occurrence of letter in value of a field string splunk_user microsoft_good_task g...

by Contributor in

What should be my condition that will trigger the alert action, for a search string below

Hello, I have a search string like below, where it is fetching data from stage and giving out aggregates of Trades ...

by Explorer in

How to calculate average for the data which will get changed based on time interval ?

I have below kind of data. App Name StatusApp1 0App2 0App3 0App4 ...

by Communicator in

Using lookup to filter out fields from current searches against lookup fields

Hello Splunk members! I currently have a search that produces "Users" connecting to certain "hosts" whereas the sta...

by Explorer in

How to convert the output of tostring or convert a duration field?

I have a search that returns the diff of two times, but the user wants it in "1 day 5 hours and 23 minutes" format no...

by Explorer in

Search That Looks Back in Time and Checks Fields

I need assistance building a search that looks back in time 5 minutes to check and see if fields are present. If so ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

values from lookup are not filled into map

How to set message for status for job not run on saturday sunday ?

How to use lookup fields to compare with current event logs and filter them

Splunk REST API: How to filter saved searches by author/name?

echo command in splunk

Regex expression to extract IP from a raw log file

I need to bring back a zero value if my search does not bring anything back.

How to extract fields from regex and put in a table

How can I hide the real-time search options from the users?

Regex help Required

Getting the error ImportError: splunklib.modularinput

Cisco eStreamer eNcore Add-on for Splunk v3.6.8 - Error in two EXTRACTs

case: defaulting to "value" rather than NULL

Search for text in log containing say, "non contact" but not just "contact"

How to get index of a particular letter in string

What should be my condition that will trigger the alert action, for a search string below

How to calculate average for the data which will get changed based on time interval ?

Using lookup to filter out fields from current searches against lookup fields

How to convert the output of tostring or convert a duration field?

Search That Looks Back in Time and Checks Fields

Splunk APM & RUM | Upcoming Planned Maintenance

Part 2: Diving Deeper With AIOps

User Groups | Upcoming Events!

Cannot export search results- How to fix error?

Updated indexes.conf and now there is no data for ...

How to remove null values then add fields?

How to calculate distinct count for present values...

Excluding Users from Service Account Values: A Gen...