Splunk Search

Community Activity

Unable to mask data with regex Example Log: CEF:0\|WAF\|SIEMintegration\|1\|1\|Normal\|0\| fileId=989000730114151753 sourceServiceName=website.com postbod... by cborchgrevink Engager in Splunk Search 05-03-2019 0 2	0	2
How to search based on a time field that is not _time? Hi, I have two time fields. _time (This is the splunk time stamp)abctime (format YYYY-MM-DD) How do I search the ... by Kukkadapu Path Finder in Splunk Search 05-03-2019 3 8	3	8
Trouble extracting field using regex I'm having an issue using regex to extract some _raw data and I hope someone can help me. The below regex examples w... by gopx101 New Member in Splunk Search 05-02-2019 0 4	0	4
Regex to extract information in specific field Dear Experts , Need experts advice to extract "ABC6_IN_S14093456789" from below information which is available in fi... by kirangurram Explorer in Splunk Search 05-02-2019 0 6	0	6
How to have the query input the url="field1" from the input token="field1" How can I get the url=field1 to have the value I decide to enter in the input field1. <label>Search by URL Test</l... by birito New Member in Splunk Search 05-02-2019 0 1	0	1
Showing Logical Map of time between events across multiple sources Hi Experts, I run a small order management system. When have a ticket say 1000004 which traverse... by luckyman80 Path Finder in Splunk Search 05-02-2019 0 1	0	1
search within a sub-search I have been working on a search for a table view, what I want is to be able to see the results from this search from ... by atenciodeyka New Member in Splunk Search 05-02-2019 0 5	0	5
Searchmatch with AND does not work Notifications and ChangeNotifications present in both indices and I want to separate them by index type and count th... by christi2019 New Member in Splunk Search 05-02-2019 0 2	0	2
Timechart query for Splunk Visualization 42 Need help with the following code: index=corp_security_tanium splunk_server=phx11* sourcetype=ABC \| eval time=strpti... by smthakur73 New Member in Splunk Search 05-02-2019 0 0	0	0
sort by Time desc Hi, I tried to format the eventtime and would like to show the latest time event first. However, the search string be... by shangshin Builder in Splunk Search 05-02-2019 3 5	3	5
How to remove columns from search results table? This question was asked before, but not really answered. I have a search that returns columns dynamically created so... by halkelley Path Finder in Splunk Search 05-02-2019 2 6	2	6
Get the timestamp of stats latest(field) I'm currently getting the latest value of a field like: \| stats latest("field"). However It only shows the column w... by artrune Path Finder in Splunk Search 05-02-2019 0 10	0	10
Replacing join command to integrate data from two different sources with lookups Hello people, I am new in Splunk. So far I have been using join commands to integrate data from two different source... by ej56ygur New Member in Splunk Search 05-02-2019 0 4	0	4
How to remove duplicate events if all data is identical except the time and duration fields? Hey, Fellow Splunkers I have multiple duplicated events, all data on the event is identical to the exception of the ... by asarran Path Finder in Splunk Search 05-02-2019 0 2	0	2
How to get top 10 values of a column and its raw data for each value index=omi_Uat host=DEFRNCMP* sourcetype=all_events_attributes \| eval {idx} = elt \| fields ID,UMN,TicketID,node \| top ... by anz999 Loves-to-Learn Lots in Splunk Search 05-02-2019 0 6	0	6
How to filter the values of 5 columns using checkbox? Let's imagine that I have a table as the picture below displayed. Column 5 listed the column names who have the "YES"... by Hanliamadeus Explorer in Splunk Search 05-02-2019 0 3	0	3
predict function query at time i find the predict function predicts values over 100% based on historical data. is there anything i can confi... by jiaqya Builder in Splunk Search 05-02-2019 0 7	0	7
How to count unique events pr class I need help with stats in Splunk Let's say you have these example data: \| stats count \| eval car="Opel" \| eval colo... by lakromani Builder in Splunk Search 05-02-2019 0 8	0	8
Using Where like but instead of text looping through a lookup Hello! I've been looking around for an answer to this one, either it eludes me or I'm straight up asking the wrong q... by kuroai New Member in Splunk Search 05-01-2019 0 3	0	3
Count Issues I'm trying to count all my data by each day of the week each time a host is hit. EX: machine a has a script run once... by garrettpelak5 New Member in Splunk Search 05-01-2019 0 1	0	1
How to use multiple base searches in one search? I have to base searches defined in my dashboard: <search id="num1"> <query>....</query> </search> <search id="nu... by olejor Engager in Splunk Search 05-01-2019 2 9	2	9
How to pass token during check and uncheck of the checkbox? How to pass token during check and uncheck of the checkbox in splunk? For ex- if I check the box then it will pass t... by vivek_manoj Explorer in Splunk Search 05-01-2019 0 10	0	10
Timestamp Optimization Tools All, Any cool tools out there for optimization and tuning of time stamps? Like a regex101.com style site but like f... by daniel333 Builder in Splunk Search 05-01-2019 0 1	0	1
How to apply anomaly command on timechart query? I am trying to apply anomaly detection on count field. Base query: index=test sourcetype=web source="test.log" WEB_... by PRIYANKA_1993 New Member in Splunk Search 05-01-2019 0 2	0	2
stats not pulling through after a certain date I have a search that looks at 2 indexes so it can pull 3 lots of separate data back so i can show data over a period ... by Sfry1981 Communicator in Splunk Search 05-01-2019 0 4	0	4