Splunk Search

Community Activity

Normalise the values of a field and joining the event count of the field values Hi, I have a list of Tenants and the data is being pulled from Jira labels. Some of the labels have not been spelled... by sumaitasiddiky1 New Member in Splunk Search 05-25-2019 0 1	0	1
how to extract multiple values into one field I have windows logs in below format, and not able to extract single field for merged text value. I want to create a f... by utk123 Path Finder in Splunk Search 05-25-2019 0 3	0	3
How to extract a field using rex? This is the string in the log I 2019-05-23 18:22:38.984Z 7881 216 XObk7A6CU-I62gr3UIKfXQAAAAs 1@43465473@A WPB-Log: ... by iamtrying New Member in Splunk Search 05-24-2019 0 3	0	3
How to create transaction based on event data? So I'm trying to build a transaction based on events I am getting from a log. I'm struggling how to set the transacti... by joesrepsolc Communicator in Splunk Search 05-24-2019 0 1	0	1
how remove extra new line? i need that all lines will be one line, without newline by alina_mandarina New Member in Splunk Search 05-24-2019 0 1	0	1
How to create a search to get a list of Indices? Hello Splunkers, I am relatively new with Splunk and was wondering if someone out there can please tell me which qu... by cosmo360 New Member in Splunk Search 05-24-2019 0 1	0	1
how to write splunk query for watching abuse of a service account? Hello, I want to write a detection for watching abuse of a service being used. How to do i start writing the logic. ... by lakshmikolli201 New Member in Splunk Search 05-24-2019 0 6	0	6
How to sort a column chart to view the top 10 values? Hi, I try to make a column chart using this search: index=webtrafic \| rename ProcessName AS RootObject.ProcessName... by bogdan_nicolesc Communicator in Splunk Search 05-24-2019 0 2	0	2
Splunk SDK - Search String with parameter having Spaces By using Splunk SDK, able to use the below search string and get the results from SPlunk String searchQuery_string = ... by duddukuri Explorer in Splunk Search 05-24-2019 0 1	0	1
In a datamodel search why are tstats and stats results not the same? hello splunker. i changed search to datamodel search(tstats) for speed up. but, stats and tstats result are slight... by YUNHYEONG Explorer in Splunk Search 05-24-2019 0 5	0	5
Rex to parse key/value tags in splunk Hello all, Please help me with some regular expression. This is the text: {"Value": "arn:aws:cloudformation:us-west-2... by braicu New Member in Splunk Search 05-23-2019 0 3	0	3
Avg Day of Week does not show up, when no result found Hello, I`m trying to find a solution for this problem. The result of the following SPL query should show every day o... by Silmarillion197 Explorer in Splunk Search 05-23-2019 0 6	0	6
Can I execute several functions with a single (perhaps custom) command? Based on the statistical data we have to generate, we normally have to type out many functions like so: search strin... by kamryn Explorer in Splunk Search 05-23-2019 0 2	0	2
Why does WinNetMon report Protocol ID=58 as SIP? WinNetMon maps protocol #58 to "SIP", but according to IANA, #58 is "IPv6-ICMP"? Seems fine for others: 17=UDP,6=TCP... by templets Path Finder in Splunk Search 05-23-2019 0 0	0	0
list all fields within a sourcetype Hi, Is there a way to display all fields being used by a sourcetype, without the values? by a212830 Champion in Splunk Search 05-23-2019 2 5	2	5
How to attain a list with all the fields in which a certain string appears? For example, given the fields and values: field1=A123 field2=baba field3=A123B field4=bA123 I want a list with the... by msolgonza New Member in Splunk Search 05-23-2019 0 4	0	4
How to troubleshoot eval expressions? I'm new to Splunk, and I am trying to figure out how the eval command works in searches. Sometimes I don't get any r... by fabriziorti New Member in Splunk Search 05-23-2019 0 6	0	6
How to add a new column after lookup match? Hi all, I'm stuck with this i hope somebody can helps me. I have a csv lookup with following data for search matche... by cpm003 Path Finder in Splunk Search 05-23-2019 0 2	0	2
Trying to get stats output for 2 fields after the "by" I have data that looks like this: event,myField,myHost,myCategory yes,a,host1,category1 yes,b,host1,category1 yes,c,... by dsong555 Engager in Splunk Search 05-23-2019 0 4	0	4
How to compare an empty field with epoch time? Hello, I have two fields: dateTimeA and dateTimeB. When dateTimeA is empty, I add "NULL" string. Then I use strptim... by jam00 Explorer in Splunk Search 05-23-2019 0 3	0	3
renaming fields in search I have a query like this sourcetype="beta" index="alpha" \| table fieldA, fieldB, fieldC how do I rename fields fiel... by asarolkar Builder in Splunk Search 05-23-2019 4 8	4	8
Linux mounting/unmounting I am attempting to create a search string for a Linux box which involves mounting/unmounting removable media devices ... by mvitullo New Member in Splunk Search 05-23-2019 0 4	0	4
Lookup file : add a rule Hello, Got a lookup file looking like this : USER,GROUP Peter,group1 Parker,group1 John,group2 Kevin,group2 I'd l... by Zakary_n Path Finder in Splunk Search 05-23-2019 0 3	0	3
Can I divide by zero in splunk? I was having trouble evaluating a field and I think it was because I was dividing by zero. This is my solution. Ho... by HattrickNZ Motivator in Splunk Search 05-23-2019 0 3	0	3
How to count with inputlookup? Hi, I have a search that I have been struggle for a few days. I have an index that contains two fields: type and Tot... by thanhnv244 New Member in Splunk Search 05-23-2019 0 3	0	3