Splunk Search

Discussions

Thread Info

Field extraction using rex command - dynamic regex with lookup

I am trying to extract key value pairs from JSON events using rex command mysearch | rex field=_raw max_match=0 "\...

by Explorer in

multisearch vs append

I recently discovered the "multisearch" command. Other than only being able to use streaming commands in each of the ...

by Contributor in

Why is IP address Searching/Matching so slow?

I have a datasource with a field that is either a url or an ip address. There are 2million records in this datasource...

by Explorer in

Is there a sort option for the transaction command

I'm working with ForeScout Audit Policy events. Some of them have this in the message, Part (1/n), Part (2/n), and so...

by Contributor in

10 TCP ports accessed by unique clients

I am trying to search List the top 10 TCP ports accessed by unique IPs

by Explorer in

Custom Source Type - Group by Column in TSV file

I have a TSV file im uploading into Splunk, I'd like to be able to group by a column in the file itself. So far I'...

by Explorer in

Field extraction using dynamic regular expression - rex command

I am trying to extract key value pairs from JSON events using rex command mysearch | rex field=_raw max_match=0 "\...

by Explorer in

How do i forward vmware syslog to splunk cloud without using forwarder on esxi operating system

We have a splunk cloud in our environment and how do i setup a vmware logs to forward to splunk cloud with out instal...

by New Member in

Why cant I see some data that I was able to see before 1 month? Even if retention policy of index is 3 years

Notes - Our retention policy is 3 years for that abc index. - When I exported the result of that query before 1 month...

by Explorer in

How to see only earliest and latest values in a field.

I'm having an issue because I need to show in a report only the first ticket received by an agent and the latest one,...

by Explorer in

First and Last event of Transaction

Hi, I am working on a query where I need to join some events using a transaction command in Splunk. Below is my query...

by Explorer in

Props.conf when not every line has a date time

Hi, i am trying to build a props.conf for the following log entry. The log is based on an sql run and so is a mixt...

by Communicator in

Why is /opt/splunk/var/run/searchpeers folder is filling up?

Splunk dose not clean up $SPLUNK_HOME/var/run/searchpeers and this leads to filling up of /opt/splunk/

by Splunk Employee in

regex help

Hi, My sample code looks like below : Mon Mar 9 14:18:14 2020: Unknown trap (.1.1.1.1.1..1) received from host...

by Communicator in

How to search events happened before a particular statement in the log file

Hi All, I am looking for a way to display the events which appeared before a particular error is written into the ...

by New Member in

help on a jointure without join command

hi I use the complex search below As you can see, there i a subsearch linked with a join command I find a way to d...

by Motivator in

Adding or removing the append command changes a previous calculated field

Hi all, I'm calculating the average electrical energy consumption per produced piece from today of one of our prod...

by Path Finder in

Why past data is missing even if date range is inside my retention policy of that index?

SPL: "(index=3y OR index=3mon) (host=x OR host=y) name="RegisteredUserLog" actionType=egg pointGet=true (platform=0 O...

by Path Finder in

First event

Hello, this is my query | loadjob savedsearch="myquery" | where (strftime(_time, "%Y-%m-%d") >= "2020-02-26") AND...

by Explorer in

How to merge multiple lookup lines into one

I have a table with formatted something like this: 1 John, Smith, a123, superuser, blah2 John, Smith, a123, audit ...

by Path Finder in

Need to get events created in last 30days

Hi, I am trying to fetch splunk events that are created in last 30days for below query, by selecting time range as...

by Engager in

How to find the counting based on number of values

i used the following command index=ABC | stats values(L) AS USER i need the output like below user usercount Rame...

by New Member in

datetime.xml addition

Hello, I have a filename that i need to extract the date from : cvs.2020-02-10.3.log I understand that a modificat...

by Loves-to-Learn in

How to extract integer value in search from string JSON in log event

I am trying to extract 'timeTaken' value from json inside a log event string in order to build a dashboard. Exampl...

by New Member in

Why am I getting a warning about disk space when minFreeSpace is 5000 and there's 83GB available?

The disk usage is at 17% and inode usage is at 1%. The error message from Splunk Web says minFreeSpace is 5000 and fr...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field extraction using rex command - dynamic regex with lookup

multisearch vs append

Why is IP address Searching/Matching so slow?

Is there a sort option for the transaction command

10 TCP ports accessed by unique clients

Custom Source Type - Group by Column in TSV file

Field extraction using dynamic regular expression - rex command

How do i forward vmware syslog to splunk cloud without using forwarder on esxi operating system

Why cant I see some data that I was able to see before 1 month? Even if retention policy of index is 3 years

How to see only earliest and latest values in a field.

First and Last event of Transaction

Props.conf when not every line has a date time

Why is /opt/splunk/var/run/searchpeers folder is filling up?

regex help

How to search events happened before a particular statement in the log file

help on a jointure without join command

Adding or removing the append command changes a previous calculated field

Why past data is missing even if date range is inside my retention policy of that index?

First event

How to merge multiple lookup lines into one

Need to get events created in last 30days

How to find the counting based on number of values

datetime.xml addition

How to extract integer value in search from string JSON in log event

Why am I getting a warning about disk space when minFreeSpace is 5000 and there's 83GB available?

Data-Driven Success: Splunk & Financial Services

Video | Welcome Back to Smartness, Pedro

Detector Best Practices: Static Thresholds

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown