Splunk Search

Discussions

Thread Info

Help with some basic REGEX please?

In this string: Version=\x221.7.53a\x22 I want to capture everything in between \x22 and \x22 so the result on this s...

by Path Finder in

inverse join in Splunk

I have a search between two data sets using join, let's say sourcetype A and B. My search looks like this: sourcetyp...

by Explorer in

How to determine if forwarder weight distribution is good from search?

I need help figuring something out. Got this search during .conf19 to be used to do a Forwarder weight distribution s...

by New Member in

How can we find out whether a string has three open parentheses characters?

We would like to find out whether a certain string has three open parentheses characters in any order. Can we do it w...

by Motivator in

Help with Regex - Removing Text from Field

I have a field where results are 'some letter & number combination of 3 or 4 characters' that includes txt on the end...

by Path Finder in

How to regex match on back slash in character class?

I am trying to use a regex to extract a PowerShell script that is being executed in a way that also includes the dire...

by Path Finder in

Why is a long-running scheduled search running multiple times over a short time period?

Splunk Enterprise, v7.0.3 I ran the search in https://answers.splunk.com/answers/750097/search-performance-impact-...

by Communicator in

help on issue with join subsearch

hi I use the search below in order to display a pie chart When I execute the first part of the search (before join...

by Motivator in

dedup events with same timestamp ?

I am facing issues wherein the events with same timestamp are not showing in results, when I dedup based on time, but...

by Builder in

UC_tor_traffic

Hey guys, Is there any way how splunk get this lookup update itself or do we need to manually feed it? if yes what...

by Path Finder in

Need help getting grandparent/parent/child relationships to table

Hi, I have data in the following format from Microsoft Windows OS process executions: FileName,ProcessID,Parent...

by Explorer in

Help searching with not

Hi all, For some reason, my search doesn't work properly. The search is as the one below: ....| search NOT (x=3 ...

by Contributor in

Why is the same search producing different results on same dashboard?

I have created a dashboard with two separate graphs one which counts the total number of calls made to the hosts and ...

by New Member in

Why does adding a comment change the number of rows returned by a search?

Using Splunk Enterprise 7.3.2 on a MacBook. Two searches on the same static (loaded-once) search index, same date ra...

by New Member in

How to get a multiselect form input to pass two types of values?

When creating a search using pivot/data model, I can add a filter that looks something like: FILTER Brand in (bra...

by Contributor in

Use a lookup file to tag IP blocks

So what I want to do is tag all IPs that belong to certain AWS regions and filter out those IPs. I want to try and ta...

by New Member in

How to make a string date UI sortable like _time?

I have a string date field and would like to sort it in a table by clicking the field. No, I do not want it displa...

by Motivator in

Issue :- Searching hexadecimal Data from Windows host

I have recently deployed Splunk UF on windows machined, installation and setup is successful. But while searching the...

by Explorer in

How to display the difference of results by source as a single value ,along with trending arrow of difference

Hi Team, I have multiple sources in sourcetype. Want to see difference of result from last two sources. Latest source...

by Explorer in

Splunk multiply many fields in one search and compare against another field

Hello, I have data that comes in via JSON format that looks like this: name: Item1 pricePerOne:10 name: Item...

by Path Finder in

The fields are NOT showing up in an large multi-line event

I have log data for a web service call. We log the web service call response status (success OR failure) as well as t...

by New Member in

エラーの初回発生日をカウントしたい

ご教授ください。複数端末のログ情報を集計しています。その中で、ある特定のエラーが発生した日がいつで、それが端末の稼働時間のどのタイミングかを一定のレンジでまとめたいと考えています。現在の総エラー数であれば、eval ran...

by Engager in

calculate sum of duration between events

I have events like below 2019-10-21 04:17:54.968, rev=true 2019-10-21 04:17:55.968, rev=true 2019-10-21 04:17:56.9...

by Builder in

Going crazy with simple Regex

Hello, I wasted way too much time on my not working regex : Here's what my _raw data looks like : < I...

by Path Finder in

STRPTIME date question - Conf19

The below SPL works. The lastLoginDate is a range of dates from 2018 through 9/30/2019. I would like to find the last...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Help with some basic REGEX please?

inverse join in Splunk

How to determine if forwarder weight distribution is good from search?

How can we find out whether a string has three open parentheses characters?

Help with Regex - Removing Text from Field

How to regex match on back slash in character class?

Why is a long-running scheduled search running multiple times over a short time period?

help on issue with join subsearch

dedup events with same timestamp ?

UC_tor_traffic

Need help getting grandparent/parent/child relationships to table

Help searching with not

Why is the same search producing different results on same dashboard?

Why does adding a comment change the number of rows returned by a search?

How to get a multiselect form input to pass two types of values?

Use a lookup file to tag IP blocks

How to make a string date UI sortable like _time?

Issue :- Searching hexadecimal Data from Windows host

How to display the difference of results by source as a single value ,along with trending arrow of difference

Splunk multiply many fields in one search and compare against another field

The fields are NOT showing up in an large multi-line event

エラーの初回発生日をカウントしたい

calculate sum of duration between events

Going crazy with simple Regex

STRPTIME date question - Conf19

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...