Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to create search for date field?

Hello splunk lovers!i want help with date field and i want fast. i have field, format example: data_started 01.01...

by Explorer in

What regex to use to remove \\ form the hostname fields?

Hi All, I have a hostname stating \\sent134 I need to remove this \\ using regex and it should be like this: s...

by Path Finder in

How to group results and list common occurrences by time?

I have the following data: { "remote_addr": "1.2.3.4", "remote_user": "-", "time_local": "24/Nov/202...

by Explorer in

How to replace join by stats to merge SPL based on common field?

Hi,My datasets are much larger but these represent the crux of my hurdle... Sourcetype= transaction ...

by Explorer in

How to visualize all the search I put using the search command?

HI All, I would like to visualize all the search fields/content I mentioned using the command search: index=* ...

by New Member in

How do I build this Sysmon log search without having required fields?

I want to implement this correlation search: `sysmon` EventCode=10 TargetImage=*lsass.exe CallTrace=*dbgcore....

by Engager in

Nested SubQuery With NOT IN Clause

Hello, I am looking for the equivalent of performing SQL like such: SELECT transaction_id, vendorFROM ordersWHERE...

by Engager in

How to use SED to remove optional fields?

We have api requests that I want to create statistics by the request but to do this I need to remove variable identif...

by Engager in

How do I rename a nested field?

I have an eval query. The details object returned looks like this: { status: 404, code: ERROR } "details.sta...

by New Member in

How to generate _time for search in metadata?

Hi need to generate current date like this "20201123" and use as a search filter on metadata. AFAIK there is no...

by Motivator in

Why am I getting different timewrap results depending on what time of day the search is run?

I have a saved search running every few minutes to append data to a 15 day csv log file within Splunk. I'm trying...

by Explorer in

Is it possible to convert the hex data into ascii without affecting the ascii data?

Hi all, I am attempting to convert data extracted as a field containing combination of hex and ascii data. Was wo...

by New Member in

Is there a way for Lookup file to return field names?

Is there a way to achieve this? I have a lookup table with 2 columns alert_type and short_description. ...

by Motivator in

Show error details when errors 10% higher than previous 30 mins?

Hi, I want to display the error details in the last 30 mins, so they can be investigated, when the amount of errors h...

by Engager in

Finding concurrent sessions over time

by Explorer in

Help with lookup to get table?

Hi, I have a lookup as follow ipidname111.111.111.111111simone*222marco in the index I have ipid 111.111...

by Explorer in

How to show multiple records value in same table row?

I have a job that runs multiple times if it failed. I need to create a dashboard with a table that shows all the atte...

by Explorer in

How do I extract using regex?

i have below result, how can I do a regex to extract the fields, first being DateTime, username, Action, Entity2022-1...

by Contributor in

How do I check which major destinations generate the most logs on a specific firewall host?

How do I check which major destinations generate the most logs on a specific firewall host = 10.22.44.254? I would li...

by New Member in

Is it possible to create a Pie Chart from three fields?

Is it possible to create a Pie Chart from three fields? If so, how? Thanks a million in advance!

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to create search for date field?

What regex to use to remove \\ form the hostname fields?

How to group results and list common occurrences by time?

How to replace join by stats to merge SPL based on common field?

How to visualize all the search I put using the search command?

How do I build this Sysmon log search without having required fields?

Nested SubQuery With NOT IN Clause

How to use SED to remove optional fields?

How do I rename a nested field?

How to generate _time for search in metadata?

Why am I getting different timewrap results depending on what time of day the search is run?

Is it possible to convert the hex data into ascii without affecting the ascii data?

Is there a way for Lookup file to return field names?

Show error details when errors 10% higher than previous 30 mins?

Finding concurrent sessions over time

Help with lookup to get table?

How to show multiple records value in same table row?

How do I extract using regex?

How do I check which major destinations generate the most logs on a specific firewall host?

Is it possible to create a Pie Chart from three fields?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...