Splunk Search

Ask a Question

Discussions

Thread Info

Attempting to build a baseline computer asset list as a datasource from existing indexes

Hi Everyone, I hope the smarter folks over here can assist me with a query that has kept me up for days. Hopefully...

by New Member in

１レコード内の複数の連続したデータを取り出して結合する方法

ご教授ください。 １つのレコードのパラメータで連続したデータA[],B[],C[]があります。これらのデータの中身の個数は同数であり、順番も連携しています。それぞれを取り出して意味のあるデータData(A[1],B[1],C...

by Engager in

How to rename field with * inside like: Service*

Hi I need to rename a field name (from lookup csv) with special character inside, like: Service* Status+ the pr...

by Explorer in

Compare values from log and lookup

I have a lookup table that contains the data similar to the: Service_name, IP, Port HTTPS, 10.10.10.10, 443 DNS, 10.1...

by Path Finder in

Search Count is different in direct search vs in table

I am seeing an odd behavior where my search event count is different when the exact query is run separately vs when u...

by Explorer in

What is the moving window for in finding outliers?

Hi Splunkers, I referenced Splunk documentation on finding outliers below. Why is there a need for moving a w...

by Path Finder in

Stats Max issue

I have a query that I am running using dbxquery for specific reasons. Anyway I have run into an interesting issue tha...

by Contributor in

How to search more than 1 year data

Hello, I want to search more than one year data for particular machine. How to check is possible to get more t...

by Explorer in

How to ignore case and remove characters?

I occasionally use Splunk as part of my job to research issues, but am very much a novice. The query below charts the...

by Explorer in

Word Count in a Url

Newbie Here ! How can I get a word count in a url? I am trying to count the number of occurrence of a word "organizat...

by New Member in

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Hi, So I'm inheriting some splunk code that I'm going through and cleaning up. It contains: rex field=source "/...

by Path Finder in

Need Particular Host "DNS-DC-01" data from metadata

I want to search "August 2018 activity on machine DNS-DC-01" Could you please help me, how to use metadata for pa...

by Explorer in

Need help in field extraction

In the below log, I need to extract genres from the log. In a single log there are multiple genres. Such as for the b...

by Path Finder in

Why doesn't my base search query work?

I wrote this base search query: host=NETWEBA* sourcetype="WinEventLog:Application" AND ApplicationSource="/jpw*" A...

by Engager in

How to build daily average (response time) with data containing hourly average and number of events per hour?

Hello Everyone, I construct a csv (output)lookup file containing the hourly average response time, the hourly numb...

by Engager in

Need to filter search to match src_user and time from one eventcode

below is what I have so far. What I need to do is match the src_user from event code 4724 and the time to events in 4...

by Explorer in

How to get transaction to ignore endswith if startswith doesn't exist

I have an issue where my transaction search finds endswith events with no startswith events. Not to go into too much ...

by Explorer in

how to transform from row to rows ?

i have data like this : used_memory free_memory total_memory used_swap free_swap total_swap 665268 6987204 7652472 0...

by Engager in

Multi search / correlate conundrum

Sorry for not spelling the problem out in the title, I'm a bit stuck even for the correct language to describe my puz...

by Explorer in

URGENT REQUEST: how to pull specific values from given query?

sourcetype=abc "responseStatus=500" "abc.xyz.logging.yyyy.zzzzz" "cccccccccccccc88888883333hhhh" | rex field=_raw "\"...

by Path Finder in

How to extract a word from raw data in Splunk using rex

SVSCPLEX,S0W1,S0W1.DAL-EBIS.IHOST.COM,SYSLOG,zOS-SYSLOG-Console,SYSLOG,-0400,NE,001C,19283 01.21.46.880 -0500,S0W1 ,J...

by Explorer in

How to format a website/service downtime duration calculation results

Hi all, I have the below dataset for a website. Time,title, response code 01/10/2019 08:22 ABC_PORTAL 200 01/10/2...

by Builder in

How to send a single email to multiple email id mentioned in different rows of the table

Hi All I have following table as outcome of my query :- Name lastname Emailid A D abc@gm.com, xyz@redif.com B E...

by Path Finder in

Compare two lookup tables

Hello all... I have to compare two lookup table files in splunk. One is a list of hosts that should Be logging, and t...

by Builder in

Return value based on another field using a muilti-value field

Here is my data in the table: Index Field1 Field2 1 0 A,B,C 1 -5 D,E,F 1 -10 G,H,I I have a complex query that ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Attempting to build a baseline computer asset list as a datasource from existing indexes

１レコード内の複数の連続したデータを取り出して結合する方法

How to rename field with * inside like: Service*

Compare values from log and lookup

Search Count is different in direct search vs in table

What is the moving window for in finding outliers?

Stats Max issue

How to search more than 1 year data

How to ignore case and remove characters?

Word Count in a Url

Your entry was not saved. The following error was reported: SyntaxError: JSON Parse error: Unrecognized token '<‘.

Need Particular Host "DNS-DC-01" data from metadata

Need help in field extraction

Why doesn't my base search query work?

How to build daily average (response time) with data containing hourly average and number of events per hour?

Need to filter search to match src_user and time from one eventcode

How to get transaction to ignore endswith if startswith doesn't exist

how to transform from row to rows ?

Multi search / correlate conundrum

URGENT REQUEST: how to pull specific values from given query?

How to extract a word from raw data in Splunk using rex

How to format a website/service downtime duration calculation results

How to send a single email to multiple email id mentioned in different rows of the table

Compare two lookup tables

Return value based on another field using a muilti-value field

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

Alerting Best Practices: How to Create Good Detectors

Discover Powerful New Features in Splunk Cloud Platform: Enhanced Analytics, ...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6