Splunk Search

Community Activity

How to extract only one value in a regex search? How do I get only the value that is before the ms? Remember that this log is multiline, each statement is an event. ... by leandrodematosp New Member in Splunk Search 06-02-2020 0 2	0	2
Splunk query issue Dear All, I have two columns Id and relationalId below is the sample of it. Id CorrelationalId 1 2 2 3 ... by santosh11 New Member in Splunk Search 06-02-2020 0 4	0	4
Questions about inclusion and exclusion in relation to field extraction? Hello, I have two questions that are quite confusing to me, can you please explain this to me in layman terms? Field ... by hjainreddy New Member in Splunk Search 06-02-2020 0 2	0	2
Using timechart command isn't working for renaming. Hello,When using timechart without a BY this works. index IN (idx) AND host IN (server) AND source IN (ssl_ac... by genesiusj Builder in Splunk Search 06-02-2020 0 7	0	7
How to Top 10 table from Index-A and match hostnames in index-B? Hi, I am trying to get the top 10 table from Index-A to have corresponding asset information from Index-B as additio... by munisb Explorer in Splunk Search 06-02-2020 0 3	0	3
Is it possible to use wildcards in tag definitions? Hi, is it possible to use a wildcard in the field value pair settings? This way doesn't work for me: field value pair... by HeinzWaescher Motivator in Splunk Search 06-02-2020 2 3	2	3
Unable to get the correct min and max values. I'm a newbie as far as Splunk is concerned with modest regex skills. We have events with the following patterns fall... by maverick2701 Engager in Splunk Search 06-02-2020 1 2	1	2
Can you explain the syntax of the foreach command beyond what's in the Docs? Hi, I'm trying to understand the syntax of foreach, I've had a look at the documentation, but it's just too difficult... by mahbs Path Finder in Splunk Search 06-02-2020 0 8	0	8
Issue with real-time searches for metadata running because of ui-prefs.conf settings. When we launch Splunk Home or Search page, there is this metadata that runs in real-time eating up our resources avai... by simranrathi123 Engager in Splunk Search 06-02-2020 0 0	0	0
Error when trying to add token to limit table results in a search? I recreated the dashboard using the report search and have the search returning all of the table results. I have an i... by 3618475 Engager in Splunk Search 06-02-2020 0 3	0	3
CEF app, Create output group button missing in New CEF Output step during CEF output app creation We are trying to use the CEF App, to create a new Output App to be deployed to our two indexers. However during the "... by cku1 Engager in Splunk Search 06-02-2020 0 1	0	1
multisearch Dear, couple hours i am trying to get: i have one log with no similar way of words in one line... because of that i ... by vmicovic2 Explorer in Splunk Search 06-02-2020 0 17	0	17
How to separate fields and create a pie chart of status count? Hi Splunkers, Please guide us on the requirement below: Input: server, env, req no, input field,status host-1,PROD,16... by thaara Explorer in Splunk Search 06-02-2020 0 6	0	6
How to create a search that compares two log files and displays results in a table format? I have below 2 log files with 4 identical columns and in that, status is different: Status1.log host1,PROD,1666680,mo... by thaara Explorer in Splunk Search 06-02-2020 1 11	1	11
Using fieldformat and rename Hey there, I'm trying to do two things and it looks like I can't. I have some fields with ugly names like "Current_Su... by tyleraball Engager in Splunk Search 06-02-2020 5 9	5	9
Link to search in new tab Hi Team, Link to search on a new tab for raw events when we click on a particular value in the line chart? Is it po... by manish_singh_77 Builder in Splunk Search 06-02-2020 0 8	0	8
Two evals in one query , query not returning results Hi All, I have the following query with 5 source types and 2 evals in one query, common field between source types i... by msrama5 Explorer in Splunk Search 06-02-2020 0 1	0	1
Streamstats change state count Hi below is my sample data- Date source State 29-05-20 01:00:00 abc ... by ips_mandar Builder in Splunk Search 06-02-2020 0 4	0	4
How to extract two values from a string using regex? I'm requesting help constructing a regular expression for the following: I need to extract two values from the string... by pc1234 Explorer in Splunk Search 06-02-2020 0 4	0	4
Remove host name in Account_Name field When people RDP into a server, the results I am getting into splunk is Account_Name=Sever1$ Account_Name = jdoe. Whe... by Becherer Explorer in Splunk Search 06-02-2020 0 1	0	1
How do I change field names (extracted field name) to field values? I have a json structure that contains an object map: { "correlation_id": "f9535d13-f75b-4dd7-8c39-1e77b1559afe", ... by vasugazula New Member in Splunk Search 06-01-2020 0 1	0	1
Extracting a field thats not recognized My rawdata from log is below METHOD="POST" URI="CALLOUT-LOG" USER_ID_DERIVED="00532000004sefcAAA" EVENT_TYPE="ApexCa... by venkatachalamvi New Member in Splunk Search 06-01-2020 0 2	0	2
Filter out events based on other events WITHOUT using JOIN/Subsearch I have a index named Events Example events: AccountCreated { "AccountId": 1234, "EventName": "AccountCreated", ... by joseftw Explorer in Splunk Search 06-01-2020 0 6	0	6
Help regex for masking Hi, Can someone please help me regex a password field to mask data? I've been trying to figure out how to mask the pa... by mishutts Explorer in Splunk Search 06-01-2020 0 3	0	3
How to extract a key and value from the json data? Hi all, I am not able to extract the below-given value from the JSON file fields are "initiator": test_abce, "re... by hrs2019 Path Finder in Splunk Search 06-01-2020 0 2	0	2