Splunk Search

Discussions

Thread Info

appendcols - How can I match the same row in a query?

Hi All I have a query that join two searches I need to complete the information from the second query in the same ro...

by Explorer in

Is it possible to modify medata?

Hello, I would like to know if I can use Splunk to access and modify metadata. And if the answer is yes, which plugin...

by New Member in

Unable to mask data with regex

Example Log: CEF:0|WAF|SIEMintegration|1|1|Normal|0| fileId=989000730114151753 sourceServiceName=website.com postb...

by Engager in

How to search based on a time field that is not _time?

Hi, I have two time fields. _time (This is the splunk time stamp)abctime (format YYYY-MM-DD) How do I searc...

by Path Finder in

Trouble extracting field using regex

I'm having an issue using regex to extract some _raw data and I hope someone can help me. The below regex examples...

by New Member in

Regex to extract information in specific field

Dear Experts , Need experts advice to extract "ABC6_IN_S14093456789" from below information which is available in fi...

by Explorer in

How to have the query input the url="field1" from the input token="field1"

How can I get the url=field1 to have the value I decide to enter in the input field1. <label>Search by URL Test<...

by New Member in

Showing Logical Map of time between events across multiple sources

Hi Experts, I run a small order management system. When have a ticket say 1000004 which traverses 4 different proces...

by Path Finder in

search within a sub-search

I have been working on a search for a table view, what I want is to be able to see the results from this search from ...

by New Member in

Searchmatch with AND does not work

Notifications and ChangeNotifications present in both indices and I want to separate them by index type and count the...

by New Member in

Timechart query for Splunk Visualization 42

Need help with the following code: index=corp_security_tanium splunk_server=phx11* sourcetype=ABC | eval time=strpti...

by New Member in

sort by Time desc

Hi, I tried to format the eventtime and would like to show the latest time event first. However, the search string be...

by Builder in

How to remove columns from search results table?

This question was asked before, but not really answered. I have a search that returns columns dynamically created so ...

by Path Finder in

Get the timestamp of stats latest(field)

I'm currently getting the latest value of a field like: | stats latest("field"). However It only shows the column wit...

by Path Finder in

Replacing join command to integrate data from two different sources with lookups

Hello people, I am new in Splunk. So far I have been using join commands to integrate data from two different sour...

by New Member in

How to remove duplicate events if all data is identical except the time and duration fields?

Hey, Fellow Splunkers I have multiple duplicated events, all data on the event is identical to the exception of th...

by Path Finder in

How to get top 10 values of a column and its raw data for each value

index=omi_Uat host=DEFRNCMP* sourcetype=all_events_attributes | eval {idx} = elt | fields ID,UMN,TicketID,node | top ...

by Loves-to-Learn Lots in

How to filter the values of 5 columns using checkbox?

Let's imagine that I have a table as the picture below displayed. Column 5 listed the column names who have the "YES"...

by Explorer in

predict function query

at time i find the predict function predicts values over 100% based on historical data. is there anything i can confi...

by Builder in

How to count unique events pr class

I need help with stats in Splunk Let's say you have these example data: | stats count | eval car="Opel" | eval ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

appendcols - How can I match the same row in a query?

Is it possible to modify medata?

Unable to mask data with regex

How to search based on a time field that is not _time?

Trouble extracting field using regex

Regex to extract information in specific field

How to have the query input the url="field1" from the input token="field1"

Showing Logical Map of time between events across multiple sources

search within a sub-search

Searchmatch with AND does not work

Timechart query for Splunk Visualization 42

sort by Time desc

How to remove columns from search results table?

Get the timestamp of stats latest(field)

Replacing join command to integrate data from two different sources with lookups

How to remove duplicate events if all data is identical except the time and duration fields?

How to get top 10 values of a column and its raw data for each value

How to filter the values of 5 columns using checkbox?

predict function query

How to count unique events pr class

Index This | A sphere has three, a circle has two, and a point has zero. What is it?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

how do i clean a lookup csv table over 90 days

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...