Splunk Search

Community Activity

Remove fields from a query The title says it all. I'm looking for a way to remove fields from searches and subsearches. I know I can hide fields... by kahless1985 Explorer in Splunk Search 03-05-2019 0 3	0	3
HEC large field value not extracted but is in _raw Have a field in our HEC input that is larger the 10,000 characters. When searching the data input from HEC the field ... by simpkins1958 Contributor in Splunk Search 03-05-2019 0 6	0	6
How do you put constraints in rex? Data: message: ================> Request Details: [requestId:123122313-3453-1122-1112222] [requestMethod = GE... by changj New Member in Splunk Search 03-05-2019 0 3	0	3
How come the rex command is not working like normal regex? Given a string: (path=/myPath/123/endpoint,method=GET,accept=text/plain;version=0.0.4;q=1,/;q=0.1,content-type=nul... by jmorri6 Engager in Splunk Search 03-05-2019 0 2	0	2
Looking for assistance with regex when extracting json from inside of syslog events Original syslog format of json message: Feb 25 16:24:24 hostname.fqdn.com Feb 25 22:24:24 log-forwarder-pn4c9 edge-4... by rhendle Observer in Splunk Search 03-05-2019 0 2	0	2
How to calculate moving average based on 2 fields? Hi Splunkers, Suppose I have 2 values in my seach: Date, # of items purchased, UnitPrice Day1, 4, 0.12 Day2, 10, 0.1... by ADRIANODL Explorer in Splunk Search 03-05-2019 0 7	0	7
How to add values to the fields? Hi, index="osh" sourcetype="Service" CaseNumber=1111 status=* assignment_group=* \| dedup _time,CaseNumber,assignmen... by ramesh12345 Explorer in Splunk Search 03-05-2019 0 3	0	3
Analyze where the users "looking for" information in our application Our log looks like as following after first filter: Date...Time...UserID...Function...Level 1...Level 2...Section...... by jyab6z Path Finder in Splunk Search 03-05-2019 0 8	0	8
Is there any result limit of CIDR() in lookup? I want to add AS number to ip by using some geo data. This data has column AS number and network like below. AS_num... by yutaka1005 Builder in Splunk Search 03-04-2019 0 2	0	2
How do you use the IN function with a free text search? I would like to search the entire record for a list of text strings using the IN function. At the moment, I have a s... by toryan Engager in Splunk Search 03-04-2019 0 7	0	7
How do you calculate the difference between two different dates? HI all, I've read many articles in Splunk community to find out how to calculate different dates. I get the correct ... by wagnerlucena Explorer in Splunk Search 03-04-2019 0 6	0	6
How to edit my SEDCMD-mask regex on a heavy forwarder to mask a string in my sample data? Having issues using SEDCMD on Heavy forwarder layer. I have a complex REGEX with multiple pipes \|\|\|\| But it is not wo... by ssyed2009 New Member in Splunk Search 03-04-2019 0 1	0	1
Eval Equals Another Field Greetings, I have a query that ends with a timechart command \| timechart span=1h eval(round(avg(FIELD),0)) as "Resp... by cquinney Communicator in Splunk Search 03-04-2019 0 3	0	3
the way fields are arranged in a timechart / join combination particularily the 2nd search being joined I basically have 3 KPIs that I want to do a search on search1 will be for yesterday and search 2 will be for some p... by HattrickNZ Motivator in Splunk Search 03-04-2019 0 5	0	5
How do you compare dynamic field values created after xyseries? I have the below output after my xyseries comp, Field1,Field2,Field3 A,a1,a1,a1 B,b1,b2,b3 C,c1,c2,c2 I want to ad... by bapunpatel New Member in Splunk Search 03-04-2019 0 4	0	4
Match condition to unset a token based on value in input field I am trying to clear a input field based on user's input. I am able to clear input field by using unset form.token I... by praphulla1 Path Finder in Splunk Search 03-04-2019 0 2	0	2
Event Timechart with event duration Hello, I need help making a graphical presentation of the event happening over time. The X-axis will represent the t... by lain179 Communicator in Splunk Search 03-04-2019 0 5	0	5
How do you return multiple fields from a subsearch to a main search? I'm 99% there guys. The query works fine. Soliciting assistance getting me to the end zone. Would like to also includ... by yepyepyayyooo New Member in Splunk Search 03-04-2019 0 4	0	4
How do you Identify and replace a CSV field name by WildCard or Regex Pattern? I need to replace some CSV field Names with standard names for further easier processing. I tried to rename with a ... by xshen_anji New Member in Splunk Search 03-04-2019 0 7	0	7
How do you use the Join command even if the substring of a particular column matches? Hi, I want to join two searches based on a column, even if the substring of the two column matches . Below is my sa... by Nadhiyaa Path Finder in Splunk Search 03-04-2019 0 1	0	1
maxsearches limit reached Hi , I have configured 20 Alerts with below run every - "5 min" and Alert mode "Once Per Result". Each... by kamlesh_vaghela SplunkTrust in Splunk Search 03-04-2019 1 3	1	3
How can we administer the lookups better? We would like to administer the lookups in bulk, meaning, to upload them in bulk, to change permissions in bulk, etc.... by ddrillic Ultra Champion in Splunk Search 03-04-2019 0 7	0	7
Can you help me find details of event that happens at 25% point of a search (or the nth record of a search)? Good afternoon. I have a search that has approximately 2 million results$. I am trying to find out which record woul... by ChrisCLewis Communicator in Splunk Search 03-04-2019 0 4	0	4
In a table powered by a stats count search, can you help me display status codes as column headings? Hi, I wonder whether someone can help me please. I've put together the following query... w2_wmf(RequestCompleted... by IRHM73 Motivator in Splunk Search 03-04-2019 0 24	0	24
Search a word not indexed Suppose i search for a word that is not indexed by splunk, whether those logs which contain that word will be returne... by simisreedharan Engager in Splunk Search 03-03-2019 0 5	0	5