Splunk Search

Community Activity

Convert CIDR Range into list of member IPs. Given a list of CIDR ranges ... 10.198.68.132/30, 10.244.18.150/31, 10.48.37.96/24 Is there a search that could extr... by pkeller Contributor in Splunk Search 04-20-2020 0 2	0	2
How do you overlay charts that are linked together with a field? I have 3 extraction fields: "guid", "runtime_general", "runtime_specific". There is also a value "A" that I will sea... by splunkuser2127 Loves-to-Learn in Splunk Search 04-20-2020 0 0	0	0
Field extraction tool not showing whole event. I'm trying to use the field extraction tool. The problem is that the field I want to extract is about 18 lines down ... by nocostk Communicator in Splunk Search 04-20-2020 0 4	0	4
How to fill empty or missing data values based on approximations of previous values? Hello All, I spent a lot of time trying to figure out how to fill out missing data with approximations based on the ... by bntdumas Engager in Splunk Search 04-20-2020 0 6	0	6
Stumped. Selective removal of events while keeping others. Ideally avoiding mvexpand. Hi folks, I'm having a hard time with this one. Maybe I need more coffee. Say I have several events like this: Event... by loc_spl New Member in Splunk Search 04-20-2020 0 1	0	1
searchs that does not succeed Hello, I would like to know how to find searchs that do not succeed (no results or with errors) ? Some users complain... by warmup031 Explorer in Splunk Search 04-20-2020 0 2	0	2
Regex in splunk Hello I am trying to get a regex to work in splunk but without success, perhaps someone here can help me? This work... by malgru New Member in Splunk Search 04-20-2020 0 3	0	3
Parsing of highly nested JSON events with arrays We want to parse highly nested jsons into expanded tables. We found that the following code works, given we apply the... by wfskmoney Path Finder in Splunk Search 04-20-2020 0 2	0	2
Can I search with case insensitive fields. Hello there, Is there a way to address all fields case insensitively. To illustrate my point I have this query, ind... by iet_ashish Explorer in Splunk Search 04-20-2020 0 1	0	1
Splunk Join not working I am trying to create a result set out of 2 search queries with a common field.I have tried multiple solutions provid... by coolkris New Member in Splunk Search 04-20-2020 0 3	0	3
How to re-use list of values. I have a query which essentially looks like this, \| makeresults count=1 \| eval host="host1, host2, host3, host4, ho... by iet_ashish Explorer in Splunk Search 04-20-2020 0 5	0	5
count occurrence of value in field in a single event I have 6 sources with json event in the following structure (each source with different data of tests): "tests": [... by navap123 Explorer in Splunk Search 04-20-2020 0 3	0	3
Extracting values from a event log search for key value pairs Hello community, I am using search to get the values for ‘runtime’ and trying to get overall stats for a runtime va... by mpd202004 New Member in Splunk Search 04-20-2020 0 3	0	3
What is "batch mode" search? Hi, I'm testing out some features in 6.3, and looking at increasing our search and index throughput. One of the set... by a212830 Champion in Splunk Search 04-19-2020 1 6	1	6
About dropdown filter There is a dropdown filter on the dashboard. How can I select multiple values for that filter? by manakin New Member in Splunk Search 04-19-2020 0 2	0	2
Eval function for Variable Calculations I have a logic which I want to implement in Splunk, but I'm getting confused with the syntax.Let me explain what I am... by kulwindersandhu New Member in Splunk Search 04-19-2020 0 1	0	1
How to pass argument (dynamically) to searchmatch function without use map command Hi, I wonder test different pattern matching (format spl) dynamically with a field value without use the command "ma... by Testeur971 New Member in Splunk Search 04-19-2020 0 13	0	13
How can I create lookup table file(csv file) automatically? I just want to create csv file automatically everyday for example, today just is created 20200417.csv tomorrow will ... by tkdguq0110 Path Finder in Splunk Search 04-19-2020 0 4	0	4
Please help....I'm using \|eval case() with multiple values and need help with passing through the values to an IN() search There are three conditions in my eval: 1) date=2019-Present, '"/2019","/2020"' 2) date=2019, " /2019" 3) date=2020,... by motaghis Explorer in Splunk Search 04-18-2020 0 6	0	6
Unable to retrieve XML tags which as mutliple attributes Hi, I am novice to splunk and trying to learn explore things in it. Currently I am stuck with one problem while extr... by asoma0707 New Member in Splunk Search 04-18-2020 0 5	0	5
Joining two queries with same field name , but different values I am trying to create an alert which will check how many messages are stuck in the queue and whats the age of message... by bsaujla131984 Path Finder in Splunk Search 04-18-2020 0 8	0	8
UF splunkd.log says "Can't find or illegal IP address or Name" using DN or FQDN After manually installing splunkforwarder-5.0.3-163460-x64-release.msi on Windows Server 2008 R2 and specifying index... by valkyrie Engager in Splunk Search 04-18-2020 3 2	3	2
RegEx for pattern matching and extraction Hi, I have data that contains Sessions ID labeled as (SES) and User ID labeled as (ABC). When I look at the events... by mbasharat Builder in Splunk Search 04-18-2020 0 6	0	6
TOP 10 values I have a sample data from email logs where we have from and message size. how can I extract "Top ten sending address... by riqbal47010 Path Finder in Splunk Search 04-18-2020 0 2	0	2
dispatch.finalizeRemoteTimeline taking a long time? When I run a search in Splunk 6.x, the results come back quickly, but it seems like a lot of time is spent on "Finali... by dshpritz SplunkTrust in Splunk Search 04-18-2020 8 18	8	18