Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How do you retrieve date from the following string using regex?

Hi, Test-20190212-0912 from this string. I want to retrieve date like this 2019-02-12 How do I write this in re...

by Explorer in

Splunk search does not return event data when there is multiple json in same event

I have a created a splunk alert when there is a failure occurs. I have query as follows: index=* source=*** |spath...

by Path Finder in

How to change the default color formatting on a table header?

I just want to color the column headers and not the cells of my dashboard tables

by Communicator in

Populate field based on subsearch

I have a Splunk query that parses out some Windows event log data. One of the things that I examine is the user name ...

by New Member in

How do you match on multiple fields in a lookup table?

Hi all, I've been banging my head against the wall trying to get this to work. What I'm trying to do is to use ...

by Engager in

How to get earliest time and latest time token in JOB

Hi splunk comuniti! I have a job in splunk. In "Edit Search" i have two fields - Earliest time and Latest time. Ho...

by Explorer in

Can you help me with a stats count that returns a percentage?

Hi, I use the search below in order to count event number. I want to do the same calculation, but in percent ...

by Motivator in

Can you help me use multiple regex for a single field?

Hi all, We are trying to do the following: At index time we want to use 4 regex TRANSFORMS to store values in t...

by Path Finder in

How do you create a regex that keeps only specific events?

I'm looking to send junk data to nullque on our heavy forwarder and I only want to key in on specific events in the r...

by Contributor in

Extract numeric value from CHKDSK event

A schedule task on a Windows server runs a CHKDSK /SCAN on every logical drive. The resultant Message field looks lik...

by Path Finder in

How do you remove special characters from a token?

What would be the easiest one line solution to remove special characters from a token? I'm taking a text input (ma...

by Contributor in

Time picker : can we convert presets, relative time into date range ?

Hello, I am doing: case(strptime($latest$,"%Y/%m/%d %H:%M:%S")-strptime($earliest$,"%Y/%m/%d %H:%M:%S")<518...

by Explorer in

Correlation 2 sourcetype with common fields different name

Hello guys, I have 2 sourcetype, the sourcetype A have the fields [ IP , hostname , source_mac ] , the sourcetype ...

by Explorer in

Missing data after I increase the numeric data in my where clause

Greetings I'm using the following query over 24hrs. | initial search | timechart useother=f span=1h avg(field1)...

by Communicator in

How do I make a Splunk query to find where X is greater than 0?

I have a log: "TOTAL NUMBER OF RECORDS IS:0" I need to Query it in a way that it finds a log message if the number...

by New Member in

Filtering data based on results of another sub-query

Hi team, I have a query about sub-queries. I've searched this forum for a while and tried a few different things b...

by Explorer in

minspan ?? for transaction

Is there such thing to display a minspan for transaction... Trying to looking for users from building A to Buildi...

by New Member in

Can someone help me with a search that parses through two lookup tables?

Hi, I have two lookup tables lookup1: RealName, username Smith, J ( LDN), smithj Andy, H (LDN),andyh T...

by Explorer in

Can you help me with dedup and date field. How to get the latest record?

I figured out how to use the dedup command by the user (see example below) but I still want to get the latest record ...

by Communicator in

Sme search with same slot time doesnt returns same number of events

Hi I have something strange when I execute the search below, I have 47 events on a one week slot time eventtype="A...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you retrieve date from the following string using regex?

Splunk search does not return event data when there is multiple json in same event

How to change the default color formatting on a table header?

Populate field based on subsearch

How do you match on multiple fields in a lookup table?

How to get earliest time and latest time token in JOB

Can you help me with a stats count that returns a percentage?

Can you help me use multiple regex for a single field?

How do you create a regex that keeps only specific events?

Extract numeric value from CHKDSK event

How do you remove special characters from a token?

Time picker : can we convert presets, relative time into date range ?

Correlation 2 sourcetype with common fields different name

Missing data after I increase the numeric data in my where clause

How do I make a Splunk query to find where X is greater than 0?

Filtering data based on results of another sub-query

minspan ?? for transaction

Can someone help me with a search that parses through two lookup tables?

Can you help me with dedup and date field. How to get the latest record?

Sme search with same slot time doesnt returns same number of events

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...