Splunk Search

Discussions

Thread Info

Using a lookup table to fill multiple subsearches to show hierarchy of user data

I have a lookup table that shows all the next-level managers of a particular manager as UserManager UserManagerx1 Use...

by Communicator in

How to extract fields from my string logs

I have something like below logged in as a message. How can i replace "This is my logfile ** ->" with empty and then...

by Path Finder in

How to find out the record which has unique value

I have records have 2 fields: phone number result 1111 success 2222 success 2222 failed 3333 success 3333 faile...

by New Member in

Help With Extractions Involving Microsoft AV Hashes

Inconsistency with file names coming from Microsoft AV hashes is causing alerts to populate null results when firing ...

by Path Finder in

Blacklist WinEventLog::/Security with user names ending in $

I'm trying to get a blacklisted log entry that works on Universal Forwarders to filter out specific event codes with ...

by New Member in

How to use regex and format strings for an XML sample without using KV_MODE=XML?

Hi, I want to use REGEX and FORMAT strings for an xml sample as given without using KV_MODE=xml So i am trying to ...

by Explorer in

Question on no data in index "no results found"

I have 2 situations to address.. 1. if no data in index for timeframe , create a blank row with "no data" and come ou...

by Builder in

Detect most delay transactions

How can I find most delay transactions? Here is the log file like below, I want to find which transaction delay and s...

by Motivator in

Last 3 occurrence not like

So my below query gives the result of Rejection % but I need to also filter this one step more where it should not sh...

by Path Finder in

pick the last value in an array?

(Apologies in advance since I am not even sure what question to ask and how to ask it. I'll rewrite it once I get a b...

by Contributor in

I am trying to use regular expression to remove the keyword %5C from my extracted filed

The below is the text we are capturing Filename= &Filename=C%3A%5CUsers%5Cjbaile16%5CAppData%5CRoaming%5CDocumentum%5...

by Engager in

Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong?

| table Account "Estimated Gain_Loss" | addcoltotals labelfield="Account" label="Totals" | sort -"Estimated Gain_Los...

by Loves-to-Learn Lots in

Calling an eval-macro

Hi All, I can't put an eval before my search syntax so I am trying to use an eval-Macro called "FriendlyEval" However...

by New Member in

How to combine two indexes with Stats?

Following a super helpful thread here https://answers.splunk.com/answers/129424/how-to-compare-fields-over-multiple-s...

by Explorer in

help on complex bar chart

hi With the xml below, i display a complex bar chart that you can see in the screenshot I would like to modify 3 thin...

by Motivator in

Why is the subsearch excluding inputlookup results?

Good morning, Hope someone can help me out here. I am trying to get a list of IPs where hits are > 100, but I want...

by Explorer in

Adding a Time Range (Extending to the Future) and Use it in a Timechart

Hi everyone, We have logs that contain field named "var" with num data type, the value of this field changes thro...

by Engager in

Is there a sub search limit in a single search?

The subject states the question.... is there a limit on how many sub search I can use within a single query. While...

by Explorer in

Searching for exact string match

Hi , I have logs like this a) 04:55:21.8630 Info {"message":"16 A Process completed, notification displayed" b...

by New Member in

Basic commands with SPL

Hi @all, I'm a little bit helpless at the beginning of SPLUNK. I tried to do simple queries like: Request s...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using a lookup table to fill multiple subsearches to show hierarchy of user data

How to extract fields from my string logs

How to find out the record which has unique value

Help With Extractions Involving Microsoft AV Hashes

Blacklist WinEventLog::/Security with user names ending in $

How to use regex and format strings for an XML sample without using KV_MODE=XML?

Question on no data in index "no results found"

Detect most delay transactions

Last 3 occurrence not like

pick the last value in an array?

I am trying to use regular expression to remove the keyword %5C from my extracted filed

Table with with a column that contains positive and negative values. I want to sum the total of all values and have the results as a Total, but it ignores the negative values. What am I doing wrong?

Calling an eval-macro

How to combine two indexes with Stats?

help on complex bar chart

Why is the subsearch excluding inputlookup results?

Adding a Time Range (Extending to the Future) and Use it in a Timechart

Is there a sub search limit in a single search?

Searching for exact string match

Basic commands with SPL

Splunk Training for All: Meet Aspiring Cybersecurity Analyst, Marc Alicea

Investigate Security and Threat Detection with VirusTotal and Splunk Integration

Observability Highlights | January 2023 Newsletter

How to achieve Crowdsec json logs fields extractio...

Need help on Dashboard related issue?

Why does Walklex return spaces before some of the ...

Why won't Walklex timespan follow time specificati...

How to use MLTK to tune DNS Query Length Outliers ...