Splunk Search

Ask a Question

Discussions

Thread Info

How do you make a regular expression to extract the first 4 words in a sentence?

I need to extract the first 4 words in a field with sample data like this, "The team performs checks for the foll...

by Path Finder in

Old Index Old Sourcetype New Field - Search Issues

Hi all, I have used back the old index & sourcetype but i have re-created new field names for my dashboard. when u...

by New Member in

It appears you do not have an active Support Contract or entitlement and as a result, cannot open a Support case !

Hello splunkers, I tried to submit a new case but unfortunately i got this error : "It appears you do not have an...

by New Member in

match and count in numerical from events

Hello, I have a CSV file containing two columns URL and IP. I'm using it to retrieve only events were a match is f...

by Explorer in

How to change the timestamp of duplicate events

I tried to change the time stamp of duplicate events. Can any one suggest me a solution.

by Explorer in

Need to find the ADM accounts with help of Normal accounts

We have 2 types of accounts in our organization user adm-user I can find the disabled users in the organizat...

by Explorer in

Can you help me with my multi-line field extraction?

Hi, I am looking to extract fields from multi-line events. Some of the events are more than 20 lines. When I am tr...

by Builder in

How do you get an average based on a date field?

I have a Splunk log in JSON format as follows: {"SCMSplunkLog":{ "SCMSuccessLog":{ "payload":{ "sourceCount":0,"le...

by Path Finder in

Can you tell me the difference between two boolean expressions?

Hi, I am currently figuring out what is wrong with my boolean expression. Currently, I'm making a whitelist of...

by Explorer in

Cant ingest csv with £ sign, changes to \XA

Good evening one and all, I have CSV files that have monetary values in them, however when they are ingested into ...

by Path Finder in

How do you create dummy values in a trellis chart?

I have locations 1-6, and I am needing them to stay in the same spot, even if in the time event, there is not a quant...

by New Member in

How do I get results of all values in 2 subqueries?

i have 2 of the same subqueries in my search with different time periods. So, both results are different. If I us...

by Communicator in

How do you extract multiline fields based on a different string?

Hi, I am looking to extract fields from multi line events. I have two different types of events. I'm looking to di...

by Builder in

How do you find the difference between the following two events?

Hi, I have two events: event1: field1="A",field2="ABC",.....,fieldN="12" event2: field1="B",field2="ABC",.....,...

by Loves-to-Learn in

Is it possible to display\calculate the ISO year number for a date ?

With strftime(_time, "%Y-%V"), I can create a period to sort on a year and ISO weeknumber. When I have events on 3...

by New Member in

How to create a field with selected values of the same field

Hi , I have OS field which has many rows .In that i need to filter only the below values and create a field , Wind...

by Path Finder in

How do you search for a specific word when you don't know what the field is?

Heya Guys, I'm very new to Splunk and this is likely an obvious answer or I have skimmed across documentation and ...

by New Member in

Deploy search head cluster

Hello, I'm deploying a search head cluster and I have a doubt about the steps described on the following link: ...

by Explorer in

Why are delimited field extractions not working?

Hello, we are inputting data via the HTTP Event collector. The "event" member has this format, which we are trying to...

by Path Finder in

Field extract NOT search.

Hi My data format is as follows. A=123456789 Field was extracted for every three digits from field A. My field extra...

by Communicator in

Why Splunk search jobs stuck at "finalizing job" status for few days?

Symptoms: It usually happen in the next couple of hours after we manually deleted the stuck search jobs It only ha...

by Splunk Employee in

subsearch for failed login

hi guys i wanted to search for a list of failed login attempts by privileged users from existing successful logons (E...

by New Member in

Trying to get month over month with detail.

My current working and pretty one is this: |eval Owner=ProductName | stats sum(Cost) as Total by TimePeriod, Owne...

by Engager in

How to specify a particular aggregate value in query for Single Value Visualization Chart?

how do i specify a particular value to be displayed in single value visualization chart? i only want the totalCount (...

by Path Finder in

When do you put a | (pipe) as the first character in a search

I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do you make a regular expression to extract the first 4 words in a sentence?

Old Index Old Sourcetype New Field - Search Issues

It appears you do not have an active Support Contract or entitlement and as a result, cannot open a Support case !

match and count in numerical from events

How to change the timestamp of duplicate events

Need to find the ADM accounts with help of Normal accounts

Can you help me with my multi-line field extraction?

How do you get an average based on a date field?

Can you tell me the difference between two boolean expressions?

Cant ingest csv with £ sign, changes to \XA

How do you create dummy values in a trellis chart?

How do I get results of all values in 2 subqueries?

How do you extract multiline fields based on a different string?

How do you find the difference between the following two events?

Is it possible to display\calculate the ISO year number for a date ?

How to create a field with selected values of the same field

How do you search for a specific word when you don't know what the field is?

Deploy search head cluster

Why are delimited field extractions not working?

Field extract NOT search.

Why Splunk search jobs stuck at "finalizing job" status for few days?

subsearch for failed login

Trying to get month over month with detail.

How to specify a particular aggregate value in query for Single Value Visualization Chart?

When do you put a | (pipe) as the first character in a search

Preparing your Splunk Environment for OpenSSL3

Unleash Unified Security and Observability with Splunk Cloud Platform

Splunk AppDynamics with Cisco Secure Application

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

Issue with StateSpaceForecast from the MLTK app

Notepad++ SPL syntax highlighting

Some cloudwatch log collection errors