Splunk Search

Community Activity

event field extraction We are unable to get more fields from search head. How we can to get more fields(all parsing fields) from event.Than... by c73235 Loves-to-Learn in Splunk Search 11-02-2020 0 2	0	2
Search - joining results in table Hello all,How would I join bellow results by common field -> host? Same index is used.I was able to create advanced a... by janitka Explorer in Splunk Search 11-02-2020 0 4	0	4
JSON I have a JSON file with .json extension which has a complete one line unstructured json. any events gets added to the... by divman Observer in Splunk Search 11-02-2020 0 0	0	0
Count distinct SPL help Hi, Looking forward to learn from you guys. I am stucked at this calculation: Total of product in contract.I made a s... by thuhuongle Explorer in Splunk Search 11-02-2020 0 2	0	2
Need to split string at last character before numeric value. So i have a possibly unique requirement, i'm trying to split up so log data but i have a string in one field that con... by JayWest New Member in Splunk Search 11-01-2020 0 3	0	3
Correlating two logs help, newbie Hi, Ok at this point I can barely spell SPLUNK but I have gone through a bootcamp course and I'm trying to pull off ... by curtgran Explorer in Splunk Search 11-01-2020 0 5	0	5
How to extract only latest events from particular field. Hi Folks,I need your help in fetching latest event from a particular field.Sharing you a sample event and query when... by prateeksawhney Explorer in Splunk Search 11-01-2020 0 15	0	15
Positive lookahead in rex to extract ABC, BCD, & CDE from ABCDE Hi, folks.I am stumped on this matter. My goal is extracting ABC, BCE, & CDE from ABCDE into a multivalue field.So fa... by Amusthofa Explorer in Splunk Search 11-01-2020 1 3	1	3
Show SSL certs due to expire across windows servers I have a CIM compliant log that includes an ssl_end_time which I am having trouble getting splunk to show me only cer... by stuconz Explorer in Splunk Search 11-01-2020 1 4	1	4
Splunk webhook for teams I want to create a splunk webhook that sends alerts to teams. With this search I dont want to receive emails in that ... by Dabraham23 New Member in Splunk Search 11-01-2020 0 0	0	0
How to extract the field value which has space Below is the sample field value from the event, sourceServiceName=Endpoint Web analyzedBy=Policy Engine Status=New S... by Anush Engager in Splunk Search 11-01-2020 0 2	0	2
2 index join not working Hi All,I need some advice or help,so I have 2 index I'd like to join but it seems not working as I expected :index an... by Laxman24 Explorer in Splunk Search 11-01-2020 0 1	0	1
searching in 3 specific time periods HelloI have a sourcetype that have a lot thousands of event each minute so it is very big.i have a use case that i ne... by avishni01 Explorer in Splunk Search 11-01-2020 1 3	1	3
Search WinEventLogs based on user as Variable Hi,I'm new to Splunk & just getting used to it. I'm trying to search for Windows event logs relative to the "TargetUs... by cam98 Engager in Splunk Search 10-31-2020 1 1	1	1
help for sorting time helloI use a time field like this but I am unable to sort the time with descending sortHow to do this please?\| eval t... by jip31 Motivator in Splunk Search 10-31-2020 0 3	0	3
timechart overlay Hi I have this search which graphs calls to phone numbersindex=myindex sourcetype=mysource Number IN (5551,5555,55557... by c799651 Explorer in Splunk Search 10-30-2020 0 2	0	2
Not receiving logs in Splunk Add on for Service now Hi All,I installed splunk add on for service now and configuration and inputs were made.But i am not receiving any l... by alexspunkshell Contributor in Splunk Search 10-30-2020 0 2	0	2
Match two lines of text in an event as single instances For some background on how the data is structured, it is JSON data that I have ingested a specific way, using a regex... by jmontgomerysc Engager in Splunk Search 10-30-2020 0 2	0	2
Help request for Streamed search execute failed My current splunk search stops after 5 errors of "Streamed search execute failed because: Error in 'rex' command: ". ... by Alex_NL Observer in Splunk Search 10-30-2020 0 0	0	0
Mask sensitive info with SEDCMD I am attempting to mask sensitive information using SEDCMD. However, it does not seem to take effect.I've run btool, ... by geoffmoraes Path Finder in Splunk Search 10-30-2020 0 4	0	4
Line Chart Overlay based on previous month and previous month-1 Hi,I would like to compare the data of the previous month to the month before (i.e. now its October, so the default s... by ronaldtanhj Path Finder in Splunk Search 10-30-2020 1 13	1	13
sequential or execution in join (or simulating join) Hi,I'm in Splunk since August after 20 years working in SQL, a lot of new things and I need help.I've a daily cron jo... by jgm1977 Engager in Splunk Search 10-30-2020 0 1	0	1
search query - categorizing results based on a field Hi, bit new to splunk, looking for suggestions on one of my search queries:Here's some sample events that I receive{<!-- -->"... by milanpatel7 New Member in Splunk Search 10-29-2020 0 0	0	0
Creating Field from Inputlookup Hello.I'm trying to create a field for all events in a search. The field is a value from a inpulookup. There is no sh... by TooManyQuestion Explorer in Splunk Search 10-29-2020 1 4	1	4
Error in 'eval' command: The expression is malformed. An unexpected character is reached at ') , user)'. Help Please I have a search running fine by itself, index=indexA user=ABC123 \| where isnotnull(USER_NAME_FROM_ACEE) \| table USE... by samlinsongguo Communicator in Splunk Search 10-29-2020 1 2	1	2