Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

extract multi valued field

HI everyone, the filed containst two values. one in each line. fieldname = value1 value2 How can we exlude t...

by Communicator in

How TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP TABLE

Hi All, I have drafted a splunk query (splunk versin 6.6.2 ) which gives certain fields and i tabulated those fiel...

by New Member in

Count values in multivalue field encoded as a string

I have the following entry in several of my events: puppy_name = "Scout Windixie Spot" If it's not obvious alr...

by Path Finder in

Search failing and not returning all results in Statistics

My search does not complete even after giving it an over hour. The progress bar is all the way at the end, and it tel...

by Path Finder in

Join 2 search results where common field has multivalues in one search to display in single table

Trying to Join 2 search results (where the common field has multivalues in one of the searches) to display in single ...

by New Member in

Basic Query using Dates

We have indexed fields like the following: fname (a-z*) lname (a-z*) pdate (name_month day year) policy ( stron...

by Loves-to-Learn in

How to write a search to list roles and their capabilities in a Splunk environment?

Hello Guys, Can someone help me with a search to list the roles and their capabilities in a Splunk environment?

by Path Finder in

How to replace specific field value?

I am trying to replace a specific field. I have a table that is like: Name Street Zip Note John Wall 123 hello . ....

by Communicator in

How to fetch the values from log using regular expression?

Hi Team, Need your help on below search: I'm spitting something like this in the log: My Test Data|My Test I...

by Engager in

makemv not working

I have the following single-value field (that really should be a multi-value field): puppy_name="Spot Dexter Jake"...

by Path Finder in

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

The log entry I have has: Message=DNS query is completed for the name my.big.server.name.com, type 28, query optio...

by Path Finder in

Unable to get PREAMBLE_REGEX to work

Hi, I have a csv file with headers, and a preamble. I already have the fields being discovered, but I'm unable to ...

by Champion in

How do I add fields from a lookup table to my search event?

I have a lookup table geo-lookup.csv which has data in the format: IP, Coordinates, Location. My search has the fi...

by Path Finder in

Search results for sparkline null despite there being event values

I'm trying to create a sparkline following the magnitude example from https://docs.splunk.com/Documentation/Splunk/7....

by New Member in

How to extract string after special character

Hello everyone, I have a simple question about rex, I have not been successful. I have a string: "bllablla_t...

by New Member in

Searchbar Timeline - Change color if certain eventtype is located

Hello Splunk experts: In my organization, we trying to figure out of it's possible to customize the searchbar time...

by New Member in

Compare Two Different Fields in a Multisearch

I am trying to obtain a list of ids for orders that were abandoned/forgotten and never received a submit. I have a mu...

by Explorer in

Unable to draw timechart

I have a query that accumulates the total count for host over a 6 period of month. Now when I am trying to draw time ...

by New Member in

How to calculate the AVG of bytes_in per clientip?

Hi With this SPL, I have the average session time of each clientip in a web page. But I do not know how to put the...

by Communicator in

how to compare a field value with next whole column and fetch the result in next column?

for example, Col A Col B Col C apple apple apple orange apple orange pineapple orange pineapple grapes pineapple g...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

extract multi valued field

How TO EXCLUDE DUPLICATE EVENT FROM SEARCH QUERY WHICH IS PRESENT IN LOOKUP TABLE

Count values in multivalue field encoded as a string

Search failing and not returning all results in Statistics

Join 2 search results where common field has multivalues in one search to display in single table

Basic Query using Dates

How to write a search to list roles and their capabilities in a Splunk environment?

How to replace specific field value?

How to fetch the values from log using regular expression?

makemv not working

How can I parse out both the Named Address and IP Address and format them into an Extracted Field?

Unable to get PREAMBLE_REGEX to work

How do I add fields from a lookup table to my search event?

Search results for sparkline null despite there being event values

How to extract string after special character

Searchbar Timeline - Change color if certain eventtype is located

Compare Two Different Fields in a Multisearch

Unable to draw timechart

How to calculate the AVG of bytes_in per clientip?

how to compare a field value with next whole column and fetch the result in next column?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

run different filter in an index search based on a...

How to union two time ranges

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...