Splunk Search

Community Activity

Performing calculations on multi-valued fields Hello, I am trying to perform calculations on multiple fields. I am working with data in the format of Key='value1,... by ztayluh New Member in Splunk Search 03-26-2019 0 5	0	5
Add search field based on value of another field I have a dashboard panel with a radio input. If the user choose Selection A (4624), I need to add a field to the sea... by jsoderling New Member in Splunk Search 03-26-2019 0 7	0	7
How do you build a regex to index only specific files? Hello, i have these 3 stanzas in my transforms.conf file: [set_f270_header] REGEX = (^\$\w+\s\d+\|^\-\-\-\-\- heade... by sarit_s Communicator in Splunk Search 03-26-2019 0 3	0	3
Break events based on a string hi , Below is my single event indexing into splunk.I want to break the events into single events .It should break an... by Nadhiyaa Path Finder in Splunk Search 03-26-2019 0 11	0	11
How to write an eval condition to replace a field ? I have a query which displays some tabular results and when a certain condition is matched for 2 field values I want ... by pavanae Builder in Splunk Search 03-26-2019 0 2	0	2
Retrieve TransactionId from the following string through regex Wanted to retrieve the transaction id from the given string Level="ERROR", Date="2019-03-25 23:02:59,600", Message=... by JyotiP Path Finder in Splunk Search 03-26-2019 0 1	0	1
How to show threat names in field1 and not in field2? I have 2 different fields that both contain threat names. I want to show which of the threat name are in field1 and n... by mcohen13 Loves-to-Learn in Splunk Search 03-26-2019 0 15	0	15
How to list out all users who access a particular IP? How to search all users who access a particular domain/ip I have a list of source ips and i wish to find users who a... by kuki_junior New Member in Splunk Search 03-26-2019 0 1	0	1
How do you fetch JSON embedded in plain text logs using regex or spath? I have been running into a problem where I need to fetch the value from JSON data in the log. I am aware of spath bu... by maulikdesai21 Engager in Splunk Search 03-25-2019 0 3	0	3
How to extract multiple field values for a field from single log event and cross check with the data from a file? Hi All , Good Day My log will generate 2 types of log events 1)tid and mid in single log event 2)multiple field va... by raj_mpl Path Finder in Splunk Search 03-25-2019 0 4	0	4
Splunk search for failed count percentage out of total of each event Hi, I need help in creating one query. There is one field "Operator" having multiple values like airphone,bphone,vsph... by sahil237888 Path Finder in Splunk Search 03-25-2019 0 4	0	4
search cidr without using "src_ip OR dest_ip"? Is there a way to search a cidr notation without using "src_ip OR dest_ip"? I have a bunch of ips i want to search f... by jpreis New Member in Splunk Search 03-25-2019 0 1	0	1
stats count not working Hi, I am trying to get a table type of alerting but I am not getting the output index = ops host = Srxxxx sourcet... by dbashyam Explorer in Splunk Search 03-25-2019 0 2	0	2
Schema Accelerated Event Search performance I am super stoked about the potential of Schema Accelerated Event Searches- might be one of the best improvements i'v... by awmorris Path Finder in Splunk Search 03-25-2019 1 8	1	8
Perform a join where the timeframes are different In my data, events can have children. There is data in those events that I would want to associate with the parent ev... by swangertyler Path Finder in Splunk Search 03-25-2019 0 4	0	4
How to get the latest name from the data? Hi, index=os sourcetype=Service status=* (Group="Data" OR Group="Secur") AND (Section="Local" OR Section="data heal... by ramesh12345 Explorer in Splunk Search 03-25-2019 0 1	0	1
Column chart based on field value, without everything being the "count" field Currently having a hard time figuring out how to create a column chart where the field values show up in the side, so... by jwiley_splunk Splunk Employee in Splunk Search 03-25-2019 0 4	0	4
Regex field extraction I am having trouble with field extraction. I have a regex which works in a pcre regex tester but when I attempt to us... by saulverde Path Finder in Splunk Search 03-25-2019 0 2	0	2
How do you compare two multivalue fields and get the result in one number (the difference)? I am trying to compare multivalue fields, but I cannot figure out how to do it correctly? Here is the original query... by javanue New Member in Splunk Search 03-25-2019 0 1	0	1
How to change charting.fieldColors through JS of already rendered chart? Hi, does anyone know how can I change fieldColors after chart was rendered? Thing is that we have two different visu... by seva98 Path Finder in Splunk Search 03-25-2019 0 2	0	2
Converting unique IDs into chart column names Hi All This is my second SOS this week as I get acquainted with Splunk. I've exhausted all possibilities trying to s... by jimmymccauley Explorer in Splunk Search 03-25-2019 0 4	0	4
Optimizing a search in splunk Hi, I am trying to do a search which basically generates measures based on the value of a field such as X: search ... by gimbil Explorer in Splunk Search 03-25-2019 0 4	0	4
How do you trim a value in a field with a proper format? I have a field FQ with the value as "ServerName.domain.com" I want to get only the server name in another field. Pl... by veerendra_modi Loves-to-Learn in Splunk Search 03-25-2019 0 2	0	2
help on stats count by command hello I use the search below in order to do a total count by OS and by build It mean that it counts only events whic... by jip31 Motivator in Splunk Search 03-25-2019 0 2	0	2
How can I remove one of event from transaction result Recently i create a transaction search, command and result a per below Search command: search \| transaction Session... by henrysoon80 New Member in Splunk Search 03-25-2019 0 5	0	5