Splunk Search

Community Activity

Filter rex value in where clause Hi,I want to filter the below rex value in where clause but its not working.\| rex field=_raw ":[ ]*(?<error>[^:]+$)"\|... by Munatdev Observer in Splunk Search 10-08-2020 0 2	0	2
How to pass IP argument for API call to Python script and integrate with generating command? Hi, I'm very new to splunklib and not so experienced in programming and breaking my brain on this. I have 2 scripts. ... by Bart Explorer in Splunk Search 10-08-2020 0 1	0	1
XML epoch time to time I want to extract dailyTime from XML and convert it into time <globalView id="108" version="17" recordClassName="Nor... by chevalier51 Loves-to-Learn Lots in Splunk Search 10-08-2020 0 7	0	7
I want to index fieldName which contains square brackets Hi,I want to index a fieldName which contains square bracketsBelow is the key-value pair format I have and splunk is... by pallavikarpaklu Explorer in Splunk Search 10-08-2020 0 5	0	5
Event correlation There's been numerous other questions that I've read through to see if a similar situation has been asked but so far ... by Shuzzillay Explorer in Splunk Search 10-08-2020 1 5	1	5
Extracting details from windows logs Hi I'm new to splunk and hope you guys are having a good day!How can I query and extract out the information from thi... by spicynuggs Engager in Splunk Search 10-08-2020 0 3	0	3
Show only fields values found in subsearch I have search like below to show me 'src_ip' and 'count' every last 10 minindex="pan" sourcetype="pan:threat" earlies... by niuk Engager in Splunk Search 10-08-2020 0 2	0	2
how to create splunk custom search command with java ? hi I am trying to create a new custom search command with java, but I only found stuff related to python. Is it poss... by kalyani_y Explorer in Splunk Search 10-08-2020 0 8	0	8
Can I exclude results from a subsearch from my main search? Hi, I have two Splunk searches: search1 search2 search2 returns a list of values for field IP. I am trying to excl... by asdfxqwert Explorer in Splunk Search 10-08-2020 1 5	1	5
Diff of two values over time for multiple events in one search I have a search:index=storage_summary sourcetype="isilon:quota"\| eval Usage_GB=round('usage.logical'/1024/1024/1024,0... by burgean Explorer in Splunk Search 10-08-2020 0 4	0	4
Return 0 when there is no data. I have this search thar returns the data from the last 10 days.index="raw_eg8" earliest=-10d@d latest=now()\| search "... by justeso1 Loves-to-Learn Everything in Splunk Search 10-08-2020 0 1	0	1
How to combine two splunk searches based on a common field and display as single chart or table? HI,I have two searches per belowindex=* host=* source=*\| eval TopicName=split(topicName,".")\| chart sum(size) as Toda... by vdalvi Explorer in Splunk Search 10-08-2020 1 2	1	2
Count field value occurences I have search result like below with repeating values in 'src _ip' fieldand looking to count occurrences of field val... by niuk Engager in Splunk Search 10-08-2020 0 1	0	1
extract http response code I have events consisting of a msg field with data like below:dev.scurry.com - [2020-01-05T19:08:10.7658789Z] "PUT /ca... by praveenvvn Explorer in Splunk Search 10-08-2020 0 1	0	1
Looking for processes executions in temp directories with random file names I'm trying to get results which show randomized filenames but it's giving me randomization in the path directory loca... by fdevera Path Finder in Splunk Search 10-08-2020 0 1	0	1
How to select Year-Month from a search output 3 months ahead ? Hello Experts,I have the below output for a splunk search, i only want to display "Year-Month" rows 3 months ahead of... by promukh Path Finder in Splunk Search 10-08-2020 0 4	0	4
[Need Help]how to put columns for one DataCenter together Hi team,I have below query:sourcetype=xxxx AND "POST /123?123_form_type=review&itrModule=cherie*"\| rex field=_raw "PO... by cheriemilk Path Finder in Splunk Search 10-08-2020 0 3	0	3
Dynamic outputlookup file name Hello ! Need your help splunkers !I want to append or create a csv for each rows of my query I do this for assignate... by Fadom1013 Explorer in Splunk Search 10-08-2020 0 1	0	1
Further filtering out events in a stats group by based on fields Hi,I have a relatively simple search, grouping events based on a extracted correlation id like this:\| eval id=coalesc... by hudson2000 Engager in Splunk Search 10-08-2020 0 2	0	2
Calculate vulnerabilty age by month with vulnerabilities that span over a month Hi,I would like to create a graph showing the average vulnerability age for each month by severity. I use this search... by unitrium Explorer in Splunk Search 10-08-2020 0 5	0	5
Does sequence matter in search? Does sequence matter in search? from below 2 queries, which is recommended or both will perform with same performance... by Pathik Path Finder in Splunk Search 10-08-2020 0 3	0	3
Splunk fails timestamp recognition on almost identical event Hi, needs some help with timestamp recognition problem. I have two almost identical events that are sendt over udp to... by hethu Path Finder in Splunk Search 10-08-2020 0 8	0	8
Multiple Stats from Base Search Hi, I'm trying to populate a dashboard using a base search and then pulling multiple stats from those results.base s... by cdstealer Contributor in Splunk Search 10-08-2020 0 3	0	3
Finding embedded dates for an automated search My search is pulling out events with the date embedded within the event, eg:[2020-10-05 07:23:08.308] ALL **** sendin... by jboustead Explorer in Splunk Search 10-08-2020 0 2	0	2
How to get multiple values of one id in different columns I got the output in the form ofsearch is : stats values(status) by id..Id statusIDStatus1AgreedN/ANegoiate2AgreedSu... by renuka Path Finder in Splunk Search 10-08-2020 1 10	1	10