Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Extract data from JSON array

I have some data which is along the following format; {"event": { "Timestamp":"2019-01-16 22:20:26.123" ...

by Path Finder in

Why do I have empty columns when using map in my search

Hello, I have created a search using the map command to retrieve fields from another source. Both searches run sep...

by Path Finder in

The current splunk cloud version is 7.1.3 and our environment is 7.0.3 we are planning to upgrade which should we go with 7.1.3 or 7.2.1 ?

The current splunk cloud version is 7.1.3 and our splunk environment is 7.0.3 we are planning to upgrade which should...

by Path Finder in

Can you help me with the following error in my 'rex' command?: "The regex '' does not extract anything. It should specify at least one named group. Format: (?...)"

Hi, I need to generate a graph that gives me the count of all different type of exceptions occurred during the las...

by New Member in

Need help with regex

index=...| search MESSAGE="CommonAsyncGETController.execute() : scope :S01234"| Table MESSAGE Above is my string, ...

by Path Finder in

Average count based on day

index="apigee" sourcetype="apigee:hec" | search DeveloperAppName="someappname" | convert timeformat="%A" ctime(_time)...

by Path Finder in

Using stats dc with stats list and count

I have the following search looking for external hosts that are trying to brute force multiple WordPress or Drupal si...

by Influencer in

Read contents of a file in GIT based version control Bitbucket

Hi, I need help/advice on how to read contents of a file that is version controlled in GIT based application Bitbu...

by Explorer in

How to compare two field values from one index to another index

Hello Experts, We are having an issue where we are having two indexes named monitor and poll. Below is the structure ...

by New Member in

How to add custom field to event?

I want to add custom fields to specific index and have them log accordingly. Currently there are only a few defaul...

by Engager in

Two queries in one - SearchParser Subsearch error

hi apologies but i'm not very verse in splunk. i'm trying to run two separate queries in one search but i get the fol...

by Path Finder in

how to take multiple lines of single event data automatically

My event has like this data ip = 10.60.11.170 , value = 46 ip = 10.60.11.168 , value = 47 ip = 10.60.11.171 , value ...

by Explorer in

Issue with the input.config file

We are currently working to get the %Committed bytes in use to get into Splunk as a counter as we need to create an a...

by New Member in

How to Avoid alphabetical sorting on xyseries command?

Hello Everyone Below is my search query: base search | fillnull TimesRan value=1 | bucket span=1mon _time | ...

by Path Finder in

Filtering windows security event logs with Regex

Hi there. We've been having issues with our DC's sending to much information across to Splunk and require assistan...

by Path Finder in

In appendcols if input search does not fetch anything what happens to the fields of sub search?

Hi, I have a query, the definition of appendcols is as below. "Appends the fields of the subsearch results with...

by Explorer in

Spath only extracts the first sublevel in Json, how to extract additional sublevels

Hi, How can I extract the fields from Properties.Response ? With spath I only get the whole value of Properties.R...

by Path Finder in

Get the time difference between 2 different events based on common fields

I have a log that shows when the particular event was fired 2019-01-14 19:20:21,849 [DEBUG] [c.h.d.s.i.Asynchrono...

by Explorer in

how to search data created before last 14 Business days?

I have a set of data with "submit date" like "2019-Jan-16 17:42:00". How can I get data submitted before 14 Business ...

by New Member in

Summary Indexing and TZ

Hi, I am getting a raw event stream which is getting TZ per PT Splunk props.conf is looking at TZ as PT and conver...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Extract data from JSON array

Why do I have empty columns when using map in my search

The current splunk cloud version is 7.1.3 and our environment is 7.0.3 we are planning to upgrade which should we go with 7.1.3 or 7.2.1 ?

Can you help me with the following error in my 'rex' command?: "The regex '' does not extract anything. It should specify at least one named group. Format: (?...)"

Need help with regex

Average count based on day

Using stats dc with stats list and count

Read contents of a file in GIT based version control Bitbucket

How to compare two field values from one index to another index

How to add custom field to event?

Two queries in one - SearchParser Subsearch error

how to take multiple lines of single event data automatically

Issue with the input.config file

How to Avoid alphabetical sorting on xyseries command?

Filtering windows security event logs with Regex

In appendcols if input search does not fetch anything what happens to the fields of sub search?

Spath only extracts the first sublevel in Json, how to extract additional sublevels

Get the time difference between 2 different events based on common fields

how to search data created before last 14 Business days?

Summary Indexing and TZ

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Splunk search showing ingest by source method

Possible to find different of two amounts from dif...

How to Add Datamodel Fields in Search and Reportin...

Check lookup table for old/expired entries

AD servers with indexing delays when evt_resolve_a...