Splunk Search

Ask a Question

Discussions

Thread Info

Can you help me come up with a regex expression which would extract a number from a string?

Hi, I have a field which produces a value like this example: DB=HR_10_7_3043_TGTHRLIVE I am trying extract the nu...

by Path Finder in

How can I extract all fields from a log file including json definiton?

I have a log file which entries/lines look like this: 12:17:35.4641 Info {"message":"TestKevin execution ended","l...

by Path Finder in

How do I get the difference in results from two searches over different timelines?

I want to get top 20 errors of the day & top 20 errors of the week. Then, I want to get the difference between both r...

by New Member in

Can you help me with my regex extraction of a field?

Hello Friends, I have the following issue I have two types of logs: A & B A & B are from the same Index, hav...

by Explorer in

Can you help me extract the following field values with a regex or any other alternative?

I have an event of the below format from a Firewall Source. I need to extract the field named "FieldChanges" from it....

by Path Finder in

Standalone Indexer

Hi, all. I am looking to add an indexer to my existing environment that consists of 1 dedicated indexer and 1 dedi...

by Communicator in

Using Streamstats to group the results happening within 10 seconds

Hi Experts, I have a query which finds total number of non 200 responses and total responses based on the web acce...

by Contributor in

Can you help with a Splunk query for filtering a destination port count to a table?

Hello, everyone, I need some help regarding the analysis of a firewall rule that I am trying to analyze via Splunk...

by New Member in

How to only search data for the last day of any month within a chosen time range?

Hey all, I have a bunch of billing data that is cumulative (month to date). I'm trying to gather total costs per m...

by Splunk Employee in

How do I obtain data from a search based on matching field values from multiple source types?

Dear All, I have just started using Splunk and I have a question: I have one index and two source types. The st...

by New Member in

How do you calculate a percentage from a lookup table?

I have a lookup table that is written to when a user clicks on a button to confirm that they have checked logs on a d...

by Explorer in

Can you help me pull a number and then show that value in a timechart?

2018-09-20T11:48:41.071-0600 I NETWORK [conn16918] end connection 10.16.33.19:61051 (28 connections now open) So...

by Explorer in

How do you extract the following XML fields?

Hello, I need to extract the fields from the below xml. Please help me on this. I want to extract fields from even...

by Explorer in

How do I make a search string to get Real Time data from multiple *.txt files?

Dear Team, I'm trying to to get data from two *.txt files into a single Line Chart. For example, with the follo...

by New Member in

Can you help me delete the '\' character after a field name?

Hello Friends, I have the following issue I have two types of logs: A & B A & B are from the same Index, hav...

by Explorer in

How do I extract fields and values from a multivalue field?

this is my JSON object i am getting as an event { "id": 78124, "uuid": "AWBr0ilGbvobIxfakBsC", "key": "com.v...

by Path Finder in

How do I adjust the command so that the columns are ordered numerically in a chart?

I am generating a basic chart with the following command: index=test | eval latency = (_indextime - _time) | chart...

by New Member in

extract number from a field and output to a table or new field

i am trying to extract the Printed number value from the below string deriving from field3 and out put to a table or ...

by Path Finder in

How to use a subsearch to search across two indexes with no common field?

I have one ID in a particular index and using that I want to find events in another index. My search looks like th...

by Path Finder in

How do I change bar color based on y axis value in timechart?

Hi there, I have already found several answers to the question about how to apply color ranges on the column chart...

by Explorer in

How do you normalize fields to Join two searches?

I have ran across an issue that I've been banging my head against and it will not give. I have a search that is tr...

by Engager in

Will you help me compare 2 results from different time periods?

I'm trying to compare 2 results from different time periods using the below search, but am getting a zero result wher...

by New Member in

Capturing multiple values and creating table from results - MVexpand?

Good afternoon guys & gals, This on paper is a simple one, but it's absolutely escaping me. We have been asked to ...

by Explorer in

DateTime Format for search result

index=db_apps_digital host=hst1* OR host=hst2* NOT host=hst5 NOT host=hst6 sourcetype="API.CMC-too_small" | stats c...

by Engager in

How do I pair two fields that came from the same event?

I have a handful of fields that I've extracted from the raw event data using the rex function. Now that I have these ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can you help me come up with a regex expression which would extract a number from a string?

How can I extract all fields from a log file including json definiton?

How do I get the difference in results from two searches over different timelines?

Can you help me with my regex extraction of a field?

Can you help me extract the following field values with a regex or any other alternative?

Standalone Indexer

Using Streamstats to group the results happening within 10 seconds

Can you help with a Splunk query for filtering a destination port count to a table?

How to only search data for the last day of any month within a chosen time range?

How do I obtain data from a search based on matching field values from multiple source types?

How do you calculate a percentage from a lookup table?

Can you help me pull a number and then show that value in a timechart?

How do you extract the following XML fields?

How do I make a search string to get Real Time data from multiple *.txt files?

Can you help me delete the '\' character after a field name?

How do I extract fields and values from a multivalue field?

How do I adjust the command so that the columns are ordered numerically in a chart?

extract number from a field and output to a table or new field

How to use a subsearch to search across two indexes with no common field?

How do I change bar color based on y axis value in timechart?

How do you normalize fields to Join two searches?

Will you help me compare 2 results from different time periods?

Capturing multiple values and creating table from results - MVexpand?

DateTime Format for search result

How do I pair two fields that came from the same event?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...