Splunk Search

Community Activity

How to search for a specific field Here is the output of my log message: {"line":"2019-11-21T22:09:29.982Z LCS LCE [abc-75] INFO i.r.queue.poller.S... by balash1979 Path Finder in Splunk Search 11-22-2019 0 4	0	4
How to add up the number of IPs in a row and output the count into a field within the same table Good morning to all, I want to add up the IPs in each row under the Affected_IPs field and output the count into the... by majek81 New Member in Splunk Search 11-22-2019 0 8	0	8
How to search against multiple elements I'm trying to capture occurrences when multiple criteria are true in an event where elements can exist multiple times... by 47024 New Member in Splunk Search 11-22-2019 0 4	0	4
Inconsistent Count result Original Search sourcetype=xxx \| dedup user \| timechart span=1d count(user) I found that the results are different ... by kcchu01 Explorer in Splunk Search 11-22-2019 0 3	0	3
Help with rex for part of a file path Here is my path: C:\WebLogs\sample.domain.com\W3SVC1\u_ex191121.log I would like to grab just the "sample.domain.c... by rileyken2 Path Finder in Splunk Search 11-22-2019 0 6	0	6
iplocation returning erronius results Hello, we are seeing some strange results when trying to map RAS connections to our organisation.. The search i am r... by lavster Path Finder in Splunk Search 11-22-2019 0 1	0	1
How to ingest .doc format file into splunk with correct format I am trying to ingest a doc format file into Splunk but getting it in 00\x00c\x00\x00\x00 format. Can someone help pl... by splunkitsipoc Explorer in Splunk Search 11-22-2019 0 1	0	1
include date in request - stats count Hello, I have a problem. This is my request, it works well. index=wineventlog EventID=4624 host=wipr625a OR h... by numeroinconnu12 Path Finder in Splunk Search 11-22-2019 0 3	0	3
Multi Field values into Single field value I need help in getting multiple field values into single field to compare it and get the match if any. For example, ... by kamaleshwar Explorer in Splunk Search 11-22-2019 0 5	0	5
SPLUNK BOOT The value of env var SPLUNK_OS_USER, "splunk", does not match any user on this system; Error: Success This command ... by dani9 Explorer in Splunk Search 11-21-2019 0 1	0	1
Bug? Custom drilldown cannot handle question mark Update: I found this question https://answers.splunk.com/answers/610037/my-search-string-is-truncated-after-a-questio... by yuanliu SplunkTrust in Splunk Search 11-21-2019 0 2	0	2
How to extract words and digits from a particular field Hello everyone, I am trying to extract strings containing SAMM #2222-A-1111 from other strings in a field named SA... by majek81 New Member in Splunk Search 11-21-2019 0 3	0	3
How to get a numeric field extracted I am trying to extract the "Time taken" from this field. 2019-11-20 09:38:22,157 INFO Time taken: 01:35:53.514 The... by Regleston New Member in Splunk Search 11-21-2019 0 3	0	3
Splunk querying nested log I have a log below and I want to get the value of Description under :- Calling Checklist1003 How do I do that ?? Me... by shwetamis Explorer in Splunk Search 11-21-2019 0 21	0	21
How to remove a duplicate from a lookup or only return one of the results? I am performing a lookup on a table that contains data that I don't manage and cannot change. The lookup is returning... by bmkaiser Explorer in Splunk Search 11-21-2019 2 5	2	5
Unable to extract value and receiving error message What am I doing wrong here?? index=du sourcetype="du:sbaservice-log" du_service="dugovt4.0" "ERROR=" \| rex field=_... by shwetamis Explorer in Splunk Search 11-21-2019 0 3	0	3
extract valued of a field Hi, we have client_id=tom. client_id=thomas, client_id=Jack, client_id=tom-new, client_id=tom_old.. so on like 100s ... by mmengu416 New Member in Splunk Search 11-21-2019 0 2	0	2
Dynamic multiple field and value extraction Hello together, i use splunk the version 7.2.4.2 and had the following issue by creating a dynamic field exctration.... by ronpestler1 Explorer in Splunk Search 11-21-2019 0 2	0	2
How to combine information to a list Hello, I have a query to get the following lines: element ID value temp (wanted) ABC 1 fal... by jenniferhao Explorer in Splunk Search 11-21-2019 0 1	0	1
Seeking help running excessive DNS queries report Hi Splunkers. I'm not very good with writing more complicated searches so I am seeking your help. I wrote a search to... by dharveynswccd Path Finder in Splunk Search 11-21-2019 0 6	0	6
How to join two events based on one common value? Hi, I have two different events of data : Event 1 = mail : id_mail : 1 title_mail : test mail_srv : host1 Event 2 ... by Naaba New Member in Splunk Search 11-21-2019 0 9	0	9
How do I get a unique count with my query? Below is a query that I am able to get a list of accounts, and the total times they each have been received. How can... by lyonsbm New Member in Splunk Search 11-21-2019 0 4	0	4
Table Different from Return Hello, I don't understand why the values in my \| table are different from the values in my \| return.... \| format comm... by genesiusj Builder in Splunk Search 11-21-2019 0 6	0	6
How do we clean our multi-site replication and search factor settings? On our cluster master I see the following - [clustering] .... mode = master multisite = true available_sites = site... by danielbb Motivator in Splunk Search 11-21-2019 0 1	0	1
Alert - Throttling is not working for search query Hi, I have a requirement. Please suggest how to proceed further. In the Alert need to run the search query for every ... by prsubramanian New Member in Splunk Search 11-21-2019 0 0	0	0