Splunk Search

Community Activity

Merge numberous data in a field Good Morning i have a field that i've called problem_detail in our Helpdesk index. it contains all the types of prob... by PaulaCom Path Finder in Splunk Search 03-13-2024 0 2	0	2
How to extract two fields using regex? How to extract the two fields from the message ?In this need to extract after API: START: /v1/expense/extract/demand/... by karthi2809 Builder in Splunk Search 03-13-2024 0 3	0	3
Separate the array value in the different event. Hi team,I mentioned that the payload field contains the entity-internal-id and lead-id in an array format. I want to ... by parthiban Path Finder in Splunk Search 03-13-2024 0 5	0	5
Datas are not getting parsed after giving table name on splunk query. Please let me know the correct data extraction? index=* "Unknown message for StatusConsumer" topicId marshall \| rex f... by Splunk-Star Loves-to-Learn Lots in Splunk Search 03-12-2024 0 3	0	3
Grouping data based off a single field I have all the relevant data I need from a single source but I am wanting to present it in a way that I can't get it ... by 1tiger105 Engager in Splunk Search 03-12-2024 0 2	0	2
Is it possible to call lookup within case statement? I want to call lookup within case statement. if possible, please share sample query. by RSS_STT Explorer in Splunk Search 03-12-2024 0 6	0	6
Modify a date field value using SED I have a weird date/time value: 20240307105530.358753-360I would like to make it more user friendly 2024/03/07 10:5... by jason_hotchkiss Communicator in Splunk Search 03-12-2024 0 3	0	3
How to search and filter by a field that contains spaces? Hello Team, I could see a lot of discussions on this forum, but none solving my issue. I have a log with content li... by teknet7 Engager in Splunk Search 03-12-2024 1 3	1	3
Geostats Cluster Map Help Any reason why this can't be visualized in a geo cluster map?source="udp:514" index="syslog" NOT src_ip IN (10.0.0.0/... by ChocolateRocket Explorer in Splunk Search 03-12-2024 0 7	0	7
How to use the REST API to fetch and filter results from a saved search? I am using REST service - my requirement is to use Splunk REST URL to fetch details from a saved search .. but I want... by samkaj Explorer in Splunk Search 03-12-2024 1 4	1	4
How to use wildcard in case like condition? Hi Guys, Thanks in Advance. So i have case conditions to be match in my splunk query.below the message based on corre... by karthi2809 Builder in Splunk Search 03-12-2024 0 5	0	5
String formating Hello All, I have an Index = Application123 and it contains an Unique ID known as TraceNumber. For each Trace number ... by Satyapv Engager in Splunk Search 03-12-2024 0 3	0	3
Regular expression works separately but, not able to work it within Splunk query. Hello,I'm trying to find average response time of all events after the field totalTimeTaken. Thing is, when I tested ... by mappu Engager in Splunk Search 03-12-2024 0 3	0	3
Using lookup table within tstats Hi All,I am attempting to use lookup table "is_windows_system_file" for the following SPL where the Processes.proces... by losttranslation New Member in Splunk Search 03-11-2024 0 1	0	1
Peak hourly volume monthly wise for last 3 months. Hi Team,I want to calculate peak hourly volume of each month for each service. Each service can have different peak t... by Allampally Path Finder in Splunk Search 03-11-2024 0 7	0	7
custom query \|tstats count where index=app-idx host="abfd" sourcetype=app-source-logs by hostThis is my alert query, i want to m... by Harish2 Path Finder in Splunk Search 03-11-2024 0 18	0	18
How to extract Json array ? Thanks in Advance.1.I have a json object as content.payload{} and need to extract the values inside the payload.Alrea... by karthi2809 Builder in Splunk Search 03-10-2024 0 3	0	3
WEC-EventCollector add permanent field to sourcetype search How would I add a permanent search or field to a sourctype? For example: I have a set of a data that I have been able... by zach-keener Explorer in Splunk Search 03-10-2024 0 2	0	2
Searching authentication attempts Hello, I'm currently doing some training as part of a SOC analyst intern position. One of the questions in the little... by Yhwhison3 Loves-to-Learn Lots in Splunk Search 03-09-2024 0 2	0	2
Events field is blank for first time query Hi, I got one weird problem that when I run query in splunk, there're events found, but the Event log field is always... by foxwu New Member in Splunk Search 03-08-2024 0 1	0	1
DISPATCHCOMM:PEER_PIPE_EXCEPTION__%s message=Search results might be incomplete: the search process on the peer Hello Splunk team...I am facing this issue while we run any searches on my splunk setup., can you help me on how we c... by HarishSamudrala Loves-to-Learn in Splunk Search 03-08-2024 0 2	0	2
ASUS Router Query Super Thread Since I cannot find much on querying ASUS router syslogs, and I am completely new to Splunk, I thought I'd start a th... by ChocolateRocket Explorer in Splunk Search 03-08-2024 0 8	0	8
Join two sources via common field to grab another field w/ multiple matches Hi,Been trying to connect/join two log sources which have fields that share the same values.To break it down:source_1... by yumeina Loves-to-Learn Everything in Splunk Search 03-08-2024 0 8	0	8
error Could not find an entitlement based on your selections, please contact support Hi I'm facing an issue with creating a support ticket. I'm on enterprise version for a company that has support accou... by molko13 New Member in Splunk Search 03-08-2024 0 3	0	3
how to use specific start date in weekly timechart? Hello,How to use specific start date in weekly timechart?For example: I have a set of Grade (Math, English, Science) ... by LearningGuy Motivator in Splunk Search 03-07-2024 0 11	0	11