Splunk Search

Discussions

Thread Info

How do you use the lookup value as a variable?

Hi, I have the following lookup, which is basically a mapping lookup: lookup name: "scoring_rules" source...

by New Member in

Scatter Plot for time x-axis and numbered Y axis

I am looking to plot scatter plot to show all the data points in a particular time. Some how I am not able to get aro...

by Explorer in

How to check if an index exists efficiently?

In elasticsearch one would do HEAD [index_name] and check if an index exists efficiently. Is it possible to do someth...

by Engager in

How to convert epoch to human readable format at index time for multiple time values?

Event data has multiple time values in the Epoch time format. I am able to convert the one used for event timestamp w...

by Path Finder in

Combine the Sum of Two Fields

Hi all, For a search similar to the following: index=myindex "Search Term" NOT field=value source="mylog.log" | ev...

by Path Finder in

How to get session key in a search script (| script ) similar to the way a scripted input can?

I'm storing a few credentials in Splunk keystore using setup.xml endpoint="storage/passwords". I have no problem extr...

by Path Finder in

Sonicwall VPN group by field then sum of a field?

Hi, We are getting data from syslog for ssl vpn login. Here is a sample log. ,,"'0'",,"'-'",,"Thor","'Tunnel'",...

by Engager in

Split is converting my empty strings back into null?

This query kills morejunk even though it should NOT be doing so: | makeresults | eval a="1 2" | eval b="junk" | ap...

by Motivator in

Calculating total in row

Hi, I need help adding b+ c together to get a total, I will then calculate a percentage using a/combined b+c. Is t...

by New Member in

Display data in timechart

I'm using summary index to get data and display in timechart. but not able to create a time chart with the data. i...

by Communicator in

Can I update a CSV lookup file with more rows and how will this affect existing csv files and lookups?

Looking at understanding better how lookups work in Splunk. As I understand it, there are 3 steps: 1. lookup tabl...

by Motivator in

SA-Eventgen and Splunk SPL Examples - Help Generating Data

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk: https://conf...

by Path Finder in

How to extract numbers correctly

Hi! I have this field in my log: callerSipNumber="18121710_text". How should I extract "18121710" and name it "number...

by New Member in

Log format validation

I have frequently asked whether the fields are being extracted well. The easiest method to answer this question is to...

by Motivator in

How to get diff count and show field and result of diff

Hello Splunkers, I have a trouble with the result, example i have some data log Goat | alive Goat | dead Goat |...

by New Member in

regex to split names extracted from a string

This is a little tricky to explain but I have this query: index = active_directory directReports=* sAMAccountName=...

by Communicator in

項目名に変数の値を設定できるか

お世話になります。項目名に月の値を入れたいです。現在検討している方法は別カラムに月の値(2020-03)を設定し、【予定】という項目の先頭に月の値(2020-03)をセットして、【2020-03予定】という項目名にしたいのです...

by New Member in

Regex assistance on match, capture, repeat - simple yet I can't!

Good morning you lovely lot, I have a theoretically simple regex extraction, but it is slaying me. If one of you w...

by Explorer in

How can I extract a value from a field that have many content

I have a field named "Message", the content as below: *Active Directory Domain Services could not use DNS to resol...

by New Member in

How to tell which transform applied to which event

Is there a way to tell if a regex has been applied to an event? I'm doing field extractions and want a way to confirm...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you use the lookup value as a variable?

Scatter Plot for time x-axis and numbered Y axis

How to check if an index exists efficiently?

How to convert epoch to human readable format at index time for multiple time values?

Combine the Sum of Two Fields

How to get session key in a search script (| script ) similar to the way a scripted input can?

Sonicwall VPN group by field then sum of a field?

Split is converting my empty strings back into null?

Calculating total in row

Display data in timechart

Can I update a CSV lookup file with more rows and how will this affect existing csv files and lookups?

SA-Eventgen and Splunk SPL Examples - Help Generating Data

How to extract numbers correctly

Log format validation

How to get diff count and show field and result of diff

regex to split names extracted from a string

項目名に変数の値を設定できるか

Regex assistance on match, capture, repeat - simple yet I can't!

How can I extract a value from a field that have many content

How to tell which transform applied to which event

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Splunk Observability Cloud | Enhancing Your Onboarding Experience with the ...

Inputlookup Multiple Tables from REST

How to find events that were sent to HEC?

How to index data from zigbee2mqtt?

How to use a list of output as the input parameter...

how to set specific colors to 3 pie charts trellis...