Splunk Search

Ask a Question

Discussions

Thread Info

How to write a search with the condition "if field1 NOT LIKE field2"?

Hello, I am aware of the following search syntax field1 = *something* field1 = field2 field1 != field2 But...

by Explorer in

expect value

Hi I have log file like this: 09:04:04.042 module1: F[6]L: IN 09:04:01.417 module1: F[6]L: OUT 09:04:01.418 modu...

by Motivator in

Which fields correspond these metrics, count and percent?

I have two fields on the event list. I have used Top command for that, I have got two fields and count and percent. ...

by Communicator in

How to co-relate data from multiple sourcetypes?

I have data in three source types to co-relate. Time and a unique identifier number are common for all three sourcety...

by Explorer in

Index appearing in Interesting fields

Why is that Index field doesn't appear in Selected Fields? It is appearing in interesting fields. index="homework_hos...

by Communicator in

Metasearch and Rawdata is required...

Hi, I' cant end my search using metasearch when I need to find in index something with space betwen like "Microsof...

by Explorer in

calculate delta of success rate of a particular field for two hosts

can you please help me in writing SPL query for the below scenario. I want to calculate delta of success rate of a pa...

by Path Finder in

Display data

How would I display the following data which is part of CSV file? I am looking for a command to do that. top is not w...

by Communicator in

Swap memory is not getting cleared ?

HI Splunkers, I see that swap being used and swap memory not getting released even though RAM is free.can you plea...

by Explorer in

How to parse Powershell event logs?

I am trying to read the DETAILS: section of the Powershell logs in Splunk to produce reports and split out each line:...

by Engager in

How to show comparison graph of jenkins pipelines steps between two builds

Hi Team, I want to show comparison graph of jenkins pipeline steps between two jenkins build. How can i get it? i ...

by Explorer in

| Stats wont show output when search only generates one of two values

Im attempting to show when a file was received and when it was sent out. The code below generates the table below tha...

by Path Finder in

How configure an alert to send an email based on field values?

Hi All I have a requirement to trigger an alert email per Service in case of failures. I don't want to create sepa...

by Engager in

SEDCMD regular expression question

Okay you regexperts, I need some help. I have a .csv file for which I need to mask the credit card numbers. Here is w...

by Explorer in

How to get HP QC defects into Splunk

How to get HP QC defects into Splunk. Does anyone have any sample python script or pls let me know if there are any o...

by New Member in

How to invert lines and columns

Hello, Sorry for the language, I'm French.  I'm executing this request with this lookup file: index=xxxxxxx...

by Observer in

Field extractions

Hi there. I've managed to work out some regex to grab the data I want when using regex101 but I'm having trouble p...

by Communicator in

countfield question

What is the role of countfield please? What is it doing here? index="access_log" source="access.log" host="AccessLog"...

by Communicator in

Need help in parsing events

{{Tag not found: #Friday, November 22, 2019 1:47:00 PM: #XXXXSQL2001: #Medium: #Disk E: has an average queue length o...

by Motivator in

２つのレコードで同一カラムの差分がとりたい

ご教授ください _Timeで並んだデータがあるのですが、この中の特定のカラムの出したいのですが方法はありますでしょうか？ やりたいことの例： 日付, ID, 数, 登録日 2019/1/1 0:0:0 , ABC, 10...

by Engager in

How do I search splunk for a specific IP address to see of it is reaching our Palo Alto and ASA devices?

All I wanted was to see if the Palo Alto or the ASA’s were able to see any traffic from a specific IP address. Most o...

by New Member in

I need to do a search between two Index and extract a value in a new column

Hi everyone, I need to do a search similar to an Excel vlookup. I have two Indexes, IndexA and IndexB. The IndexA ...

by Path Finder in

PCRE Regex not working in Splunk

Required API call, RegEx i tried in https://regex101.com/ and the Regex which works in Splunk are given below. /Co...

by New Member in

splunk java sdk returns result fields in different order than requested.

I am using java sdk to query splunk, but i am not getting the result in the order requested. My search query looks li...

by Engager in

How to I sum the count with Category on specific field name and create a bar graph?

We get JSON data in which we have to calculate the sum of the count of all Categories and create a bar graph with spe...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to write a search with the condition "if field1 NOT LIKE field2"?

expect value

Which fields correspond these metrics, count and percent?

How to co-relate data from multiple sourcetypes?

Index appearing in Interesting fields

Metasearch and Rawdata is required...

calculate delta of success rate of a particular field for two hosts

Display data

Swap memory is not getting cleared ?

How to parse Powershell event logs?

How to show comparison graph of jenkins pipelines steps between two builds

| Stats wont show output when search only generates one of two values

How configure an alert to send an email based on field values?

SEDCMD regular expression question

How to get HP QC defects into Splunk

How to invert lines and columns

Field extractions

countfield question

Need help in parsing events

２つのレコードで同一カラムの差分がとりたい

How do I search splunk for a specific IP address to see of it is reaching our Palo Alto and ASA devices?

I need to do a search between two Index and extract a value in a new column

PCRE Regex not working in Splunk

splunk java sdk returns result fields in different order than requested.

How to I sum the count with Category on specific field name and create a bar graph?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...