Splunk Search

Community Activity

Working with dynamic values in rex and multivalue fields Hello all, I have been banging my head on a problem for the past 24 hours and I am in great need of your help. I am... by moystard New Member in Splunk Search 01-19-2020 0 6	0	6
rex in sed mode to replace special chartacter Good morning I need to replace special characters with a line return command but I am having difficulty getting the r... by ChrisCLewis Communicator in Splunk Search 01-19-2020 0 6	0	6
Using Rex command to extract time duration in hh:mm:ss Hello, I am trying to extract data, specifically time data in hh:mm:ss:nn format and put it on a table. When I do, I... by harshparikhxlrd Path Finder in Splunk Search 01-19-2020 0 7	0	7
How to extract multivalue fields and assigning them to dynamically named fields from same extraction using configuration instead of search time query? I can extract multi value fields from a field in events like these: 079184/Query key: ((0008,0016)) SOP Class UID [1... by jmartens Path Finder in Splunk Search 01-19-2020 0 2	0	2
join two rex results from different host and query I have two query... index=xxx_prod host="foo.org" 5032 submit \| rex "id=PO:(?<PO>\d*)" \| dedup PO \| table PO _time ... by x_tivity Engager in Splunk Search 01-18-2020 0 2	0	2
Match by rex field in subsearch I have one log like: log1 tid=,"tid":"abcd"; And another log like: log2 userid=11 tid=abcd I want to get the count ... by infcl Explorer in Splunk Search 01-18-2020 0 8	0	8
How to add the trigger time to loadjob? Hello, I am trying to pull out the last 24 hours worth of results for an alert using loadjob, with the following se... by lwass Explorer in Splunk Search 01-18-2020 0 3	0	3
How to search using Java? HI, I am able to use curl command as create search job and exuecte the result by sid but not able to convert curl cal... by sachinrathod New Member in Splunk Search 01-18-2020 0 1	0	1
show two different times for object per date I am trying to extract 2 different time from extend event logs 1. Processing time taken by Server. ( "Finished proces... by dpatiladobe Explorer in Splunk Search 01-17-2020 0 1	0	1
Splunk: Query not returning all columns Hello, For some reason, my search is not returning all of the columns that I'd like to include in my search. It's... by itsmevic Communicator in Splunk Search 01-17-2020 0 3	0	3
Search for data in different indexes and only return data is ip filed is same in both index=notable \|rename src as ip \| stats count by ip \| JOIN type=inner ip [search index="abcd" "tags.Dev:"cluster1 OR... by jrprez1804 Path Finder in Splunk Search 01-17-2020 0 3	0	3
Rename & Lookup I'm selecting data from two sourcetypes. There is a field in each sourcetype that is the same, but named differently ... by hollybross1219 Path Finder in Splunk Search 01-17-2020 0 8	0	8
Conditional Rex Extraction with multiple extractions I have events with large strings of text being output per event Sample Text: {"userDetails":{"uuid": "Lots of diffe... by brajaram Communicator in Splunk Search 01-17-2020 0 11	0	11
use if else to run different rex There is a field JOB_NAME. i want to extract this field contents using an IF statement. If JOB_NAME=TEST then some r... by iamniks Explorer in Splunk Search 01-17-2020 1 2	1	2
Conditional statements based on metric trends This may actually be 2 questions, but I have 3 metrics I'd like to compare based on how they're trending. So...... ... by winknotes Path Finder in Splunk Search 01-17-2020 0 3	0	3
How to covert Date and Time with timezone display? HI All, My name group extracts date time filed in the below format E.g: 21/Jan/2019 09:35:25 UTC I would like to c... by mail2uharishp Observer in Splunk Search 01-17-2020 0 6	0	6
Can anyone please tell me how to make a matrix for the below Required Output : • Matrix: Total Findings by Assessment Group by Engage, Title Fields - Engage - Title - Tota... by dtccsundar Path Finder in Splunk Search 01-17-2020 0 9	0	9
cohorting with fixed first event dates morning all, I am struggling with the logic around doing this. I am trying to run a report from 01/01/2018 to toda... by stephenreece New Member in Splunk Search 01-17-2020 0 2	0	2
Transforms.conf regex performance I am trying to capture the logging of any martian packets on a Linux system, so I decided to set a monitor in /var/lo... by ricotries Communicator in Splunk Search 01-17-2020 1 9	1	9
How to list matches of a search using lookup values Hi! I have create a search that uses a dynamic lookup to find events in some index looking at the raw: ............... by dugalle New Member in Splunk Search 01-17-2020 0 4	0	4
Regex with Line break while pushing data into splunk Hello Team, Could you please help to parse this data while pushing this in source type data into splunk. Issue is i... by mailtosnsolutio Explorer in Splunk Search 01-16-2020 0 2	0	2
Count is incorrect Trying to write a simple query in Splunk 7.0. The idea is that it would count all the unique ip addresses based on a... by TitanAE New Member in Splunk Search 01-16-2020 0 2	0	2
What command is used for trying to identify anomaly logons from common users? Is there a website on Splunk docs that describe interesting fields and what each field is about? What command can I... by keldridg2 New Member in Splunk Search 01-16-2020 0 3	0	3
Event and Statistics not the same- Geostats When I perform a search, the "events tab" count match actual data. Once I add "\| geostats latfield=Latitude longfield... by Becherer Explorer in Splunk Search 01-16-2020 0 3	0	3
Can I use splunkjs charts in an app outside of Splunk to display external data (not to be imported into Splunk)? I'm wondering if it is possible to use the chart visualizations from splunkjs to display data that is neither in Splu... by pgoldweic Communicator in Splunk Search 01-16-2020 0 0	0	0