Splunk Search

Discussions

Thread Info

"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job."

I just moved my whole dashboard to production environment but when I tried to test using a search string, following e...

by Communicator in

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

The two csv files I have are customers (fields= customerName,customerID,region,IsActive) with one row per customer an...

by Explorer in

Why is stats count by fieldname not working?

In search getting list of events and stats giving count of events but when extend the search by field name, throwing ...

by New Member in

create table based on end time and time limit

Hi, i need to create a table with the following conditions: This is my log: proceso,start,end,diferencia,tiemp...

by Engager in

Coalesce Fields With Values Excluding Nulls

I know you can coalesce multiple columns to merge them into one. However, I am currently coalescing around 8 fields, ...

by Explorer in

Sendemail (Splunk CLI) always sends email whether results are available or not...

I'm running the following search from Splunk CLI: ./splunk search 'index=test | search _raw!="scoobydoo" | sendema...

by Champion in

How to create a regex to extract data?

I am new to Regex and hopefully someone can help me. I am trying to extract data between "[" and "SFP". It doesn't ma...

by Explorer in

How to combine multiple complex searches into 1 output table?

I think I didn't describe my question properly because I don't really have a good grasp of Splunk Jargons but here ar...

by New Member in

I want to match multiple fields from different indexes whether these are matching to other index or not?

I want to match multiple fields from different indexes whether these are matching to other index or not. I was th...

by New Member in

Lookup Table and Regex

Hi, I need some help with lookup table combined with regular expressions. I have the an apache log file which loo...

by New Member in

How to combine two Splunk queries and extract the matching values of one of the fields?

I have two splunk queries and both have one common field with different values in each query. I need to combine both ...

by Path Finder in

Unable to search for the first 10,000 event only

Hello, i'm trying to run a query but I would like it to stop at the first 10,000 events and I don't mean to display t...

by New Member in

Ask about splunk cookie modulation vulnerability and session fixing vulnerability

Hi Does the splunk have the following security vulnerabilities? ( in Splumk 7.1.2 ) ㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡㅡ Th...

by Communicator in

is it possible to send splunk stored data on some filter condition outside of splunk to some external rest service

I have an application which has a rest service. Now I want to send some data FROM splunk to that application rest ser...

by New Member in

splunk search produces different results when the same query is run several times - why?

I run the query index=* tag=xyz customertype=abc action=failure sourcetype=abc123_winlog | dedup _time, user, src, de...

by New Member in

is there a rest query I can use to identify all logfiles being monitored in an index, or all indexes?

If I use the query index=* source=* | dedup source | table index source this appears to provide me with a list of all...

by New Member in

Transpose and aggregate

Hello, i need help to obtain the below results. From: num has_breached sla_name 100 fals...

by New Member in

Field Extraction from html tags

align="left"> Accepted <td align="right" class="mailViewRowReadEven"> 64399 <td align="right" class="mailViewRowRe...

by Path Finder in

How to count a field that contains special values and display it with others using Piechart?

I have a column named Target that contains several values where some ends with @myemail.com, but when I just used sta...

by Communicator in

sourcetype=WinEventLog:ForwardedEvents missing details

I've an WEC server which is forwarding logs to Splunk. I can see forwarded events coming in with sourcetype=WinEventL...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"Exception - com.splunk.mr.JobStartException: Failed to start MapReduce job."

I need help joining two cvs (customers and purchases) that shows what was purchased and if certain products were not purchased

Why is stats count by fieldname not working?

create table based on end time and time limit

Coalesce Fields With Values Excluding Nulls

Sendemail (Splunk CLI) always sends email whether results are available or not...

How to create a regex to extract data?

How to combine multiple complex searches into 1 output table?

I want to match multiple fields from different indexes whether these are matching to other index or not?

Lookup Table and Regex

How to combine two Splunk queries and extract the matching values of one of the fields?

Unable to search for the first 10,000 event only

Ask about splunk cookie modulation vulnerability and session fixing vulnerability

is it possible to send splunk stored data on some filter condition outside of splunk to some external rest service

splunk search produces different results when the same query is run several times - why?

is there a rest query I can use to identify all logfiles being monitored in an index, or all indexes?

Transpose and aggregate

Field Extraction from html tags

How to count a field that contains special values and display it with others using Piechart?

sourcetype=WinEventLog:ForwardedEvents missing details

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Introducing Edge Processor: Next Gen Data Transformation

lookup file works for me but no on else.

Running multiple query based on condition

compare today hourly stats and previous week same ...

ISSUE: Starting a Spunk Docker container via Docke...

Combining results in metric index?