Splunk Search

Discussions

Thread Info

Question on regex field extraction in props.conf - in which search time variable they are stored?

Hi All, I have some question on the regular expression extraction they can be added in props.conf Supposing I have...

by Contributor in

How do you match extracted CSV and index value and use geo values to visualize a map?

I have index =s1 with a field called city, and an uploaded CSV file with fields like "office", "latitude" and "longit...

by Communicator in

How can I extract fields from a space delimited event with potential spaces in the field values?

How would I go along extracting fields for the below? The challenge I am seeing is that it seems to be delimited by s...

by Communicator in

How do you send events from a custom command asynchronously without waiting for the whole command to finish?

Hi, I have a custom generating command that queries an external API and yields the results as events. As the AP...

by Explorer in

How do you Join or Merge multiple events at index time based on a common field?

I'm looking for a method to merge events based on a common field at index time, not at search time, and I've have alr...

by New Member in

How do I consolidate the count of similar values in a table?

I have a Search that looks at some XML responses from an API and should create a time chart by the count of each type...

by New Member in

Time modifier - tstats - subsearch

I am trying to compare two different results using subsearch. Both searches are using tstats. I am wanting the tstats...

by Engager in

Could you help me with a couple questions I have about the eventcount search command?

Hi everyone, I have a couple questions about using the eventcount command... 1.) I noticed that if you set summ...

by Path Finder in

Blacklist files greater than a certain size from inputs.conf

Hi All, I have to monitor a folder where there are very huge files with file name automatically generated. Is ther...

by Contributor in

Field Extractions Vary Per App

I am running into this very strange issue. Our splunk instance is setup to extract fields at index time. What I am se...

by Path Finder in

How can use fields to calculate the percentage in data and find comparison of measurement?

Hello, I have a question about getting data out of these fields. I want to use these fields to calculate the Nu...

by New Member in

Different searches based on a radio button selection

Hello Everybody I have 4 input fields: Username,IP, System,mac The goal: user enters one value(Username,IP, System,ma...

by Explorer in

SED command on props

Good Day all. I am trying to replace a last name using SED command on my props. my data looks like below. asdfa asdf...

by Communicator in

Searching by sourcetype finds no results, searching by host finds events with that sourcetype

I'm seeing some really weird behavior. If I run | metadata type=sourcetypes index=XYZ, I see the sourcetype I'm lo...

by Builder in

Why is my field not showing up with the following search query?

Dear all, I have a suspicious case using Splunk 7.2. I have a data source type with about 15k rows. Each row is ab...

by Explorer in

Can you help me extract the following data into separate fields?

Hi I have data in the following format: 1,20181030154237,XYZ/ABC - Something Anything,2018-10-30 15:42:37,2018-10...

by Path Finder in

Splunk query to compare counts from 2 different query and trigger alert

Hi, I need help with building query which compares value from 2 different search and trigger alert if count from b...

by Explorer in

How can I remove or hide a column in a table?

Here is my query; I'm trying not to have the "Total_Datapoints" column show up in the table since it has the same val...

by Explorer in

Pattern search through the delivered list in dashboard panel

Hello, I was wondering if it is possible to have kind of search through the delivered results in the dashboard pan...

by Builder in

Use field extractor with a search?

Hello, I am wandering to know if there is a way to apply a field extractor not to a source type but to a search. ...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Question on regex field extraction in props.conf - in which search time variable they are stored?

How do you match extracted CSV and index value and use geo values to visualize a map?

How can I extract fields from a space delimited event with potential spaces in the field values?

How do you send events from a custom command asynchronously without waiting for the whole command to finish?

How do you Join or Merge multiple events at index time based on a common field?

How do I consolidate the count of similar values in a table?

Time modifier - tstats - subsearch

Could you help me with a couple questions I have about the eventcount search command?

Blacklist files greater than a certain size from inputs.conf

Field Extractions Vary Per App

How can use fields to calculate the percentage in data and find comparison of measurement?

Different searches based on a radio button selection

SED command on props

Searching by sourcetype finds no results, searching by host finds events with that sourcetype

Why is my field not showing up with the following search query?

Can you help me extract the following data into separate fields?

Splunk query to compare counts from 2 different query and trigger alert

How can I remove or hide a column in a table?

Pattern search through the delivered list in dashboard panel

Use field extractor with a search?

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...