Splunk Search

Community Activity

Converting extracted information to 12 hour AM/PM format Hello, I am extract information from logs via rex, and I am currently extra information in military time format. (i.... by harshparikhxlrd Path Finder in Splunk Search 02-11-2020 0 3	0	3
IP Watchlist Lookup Hello, I currently have a search against our firewalls, below is the current search. index=(my index) sourcetype="m... by nlisle New Member in Splunk Search 02-11-2020 0 4	0	4
How to group a multi-regex event to form a single event until you find the date only at the beginning of the interaction Hi, I have the following log format, How can I break this multiline event on condition that "2020-01-23 03:50:49,06... by leandromatperei Path Finder in Splunk Search 02-11-2020 0 1	0	1
Extract field values by eliminating random strings I have field values as below , field1=value1 filed2=server1 field1=service/value2/a1 field2=server2... by Allampally Path Finder in Splunk Search 02-11-2020 0 1	0	1
Using result fields for earliest/latest time in secondary search I have an existing search that finds fields named "RunDate" "StartTime" "EndTime" stored as part of test run summarie... by lukepatrick Explorer in Splunk Search 02-11-2020 0 4	0	4
Is there a way to enable event sampling in a search? Is there any way to enable event sampling in a search? I know this can be enabled in a GUI using dropdown list under ... by jankowsr Path Finder in Splunk Search 02-11-2020 1 4	1	4
help on coloring a threshold number with a unit value hi I use a search wich add a unit value at the end of the result (GB) \| eval FreeSpace=FreeSpace." GB", TotalSpace=... by jip31 Motivator in Splunk Search 02-11-2020 0 4	0	4
Splunk Integration with Power BI Hi, I'm looking at possibly integrating certain of my Splunk dashboards with Power Bi hopefully using a REST API. ... by harrywren86 Observer in Splunk Search 02-11-2020 0 0	0	0
Splunk Get Earliest Data by Index and Sourcetype Hi All, Is it possible to get the Earliest available date of index and source type . I tried "Tstats" and "Metadata"... by jadengoho Builder in Splunk Search 02-11-2020 0 3	0	3
LIcense Usage by Source Type Can someone help me include sourcetype to my search below? I am trying to run a report for the past 60 days and need ... by fmpa_isaac Path Finder in Splunk Search 02-10-2020 0 6	0	6
Need help with rex command Hello I'm trying to run a rex command to extract "is set to expire" Relying party trust 'ButterCup Games - Test' xx... by locose Path Finder in Splunk Search 02-10-2020 0 2	0	2
nslookup TXT queries with Splunk I am trying to see if its possible to run nslookup -q=TXT domain 8.8.8.8 so i can compare the results of the output t... by urana Engager in Splunk Search 02-10-2020 0 3	0	3
Splunk Regex Engine Fails? We're trying to extract fields that match this [ FIELD_NAME = S0m3 Valu3 w\ reaLLy $pec!aL ch*rac+3rs ] and write th... by morethanyell Builder in Splunk Search 02-10-2020 0 9	0	9
time-based lookups and kvstore Hello all, We are having some problems defining a time-based kvstore lookup on Splunk 6.2.0. We tried defining a sim... by joaopcarvalho Explorer in Splunk Search 02-10-2020 0 17	0	17
kvstore lookups from database. Hi Please give me any feedback . ideas as to whether I am following the best action. I have a database table that is... by dmcintosh1972 Explorer in Splunk Search 02-10-2020 0 1	0	1
How to incorporate tag in the if-then-else Splunk construct Hello, I created SPL search, that should pull out the log entries, based on the if-then-else condition, but it does n... by chersergei New Member in Splunk Search 02-10-2020 0 3	0	3
Knowledge Objects for Orphaned searches I have a couple orphaned searches owned by a user who is no longer with the company ( his user id was deleted ) . Im ... by newsplunker1 Path Finder in Splunk Search 02-10-2020 0 2	0	2
Is it possible to have multiple break_only_before regex for one sourcetype I'm currently working through each of my companies Java apps and updating their sourcetypes using transforms and rege... by freern New Member in Splunk Search 02-10-2020 0 3	0	3
How to trim everything from a field after a comma I have a field that contains: CN=Joe Smith,OU=Support,OU=Users,OU=CCA,OU=DTC,OU=ENT,DC=ent,DC=abc,DC=store,DC=corp ... by sawyer2624 Engager in Splunk Search 02-10-2020 0 4	0	4
how to extract a string before the @ symbol from an email adress? I have the username filed extraction as follows in the props.conf which extracts the email address:- [sourcetype_X]... by pavanae Builder in Splunk Search 02-10-2020 0 2	0	2
Field extraction stanza help in props.conf? I have the username filed extraction as follows in the props.conf which extracts the username:- [sourcetype_X] EXTRA... by pavanae Builder in Splunk Search 02-10-2020 0 3	0	3
Can you please help me in creating a table with multiple rows of the same field using stats or some other code? I need to display multiple rows having the same PART_NUMBER value for each FLIT_COMPONENTS and AMOUNT sourcetype=fli... by dinu1701 Explorer in Splunk Search 02-10-2020 0 9	0	9
How to count top results in each column? Hi everyone, Trying to find out the top 10 values from different host long_message index functionality.. So tried l... by marisstella Explorer in Splunk Search 02-10-2020 0 5	0	5
change colon to dash in Search First, let me start by saying I am not a programmer, a Splunk expert, highly experienced with Regex or SED. I say thi... by bulu New Member in Splunk Search 02-10-2020 0 5	0	5
What's the best easter egg in Splunk 4.2? I think the title says it all. by amrit Splunk Employee in Splunk Search 02-10-2020 6 6	6	6