Splunk Search

Thread Info

rex field extraction

How would I extract account number here, message:Receiving exp from: Long URL /Eex for account(s): 8768 rex fie...

by New Member in

Find consecutive duplicates in a field, by terminal

Hi, I can't find a similar example already answered, so here goes: The data looks like this - _time, Termin...

by New Member in

Question on Selected fields in fields side bar

Hi, In the selected fields to the left, I have a selected field by name source_address and it looks like below: ...

by Explorer in

implement excel countif function in Splunk

Hi All, Following is my source table (pelase consider the first 2 fields:- Value and Root_Value only):- I want...

by Communicator in

Post process search

I have two searches I have a dashboard with two panels. 1st panel has a query search1 join type=outer[search 2...

by New Member in

Timechart/chart for getting the count of events with specified field value

Hi , I want a graph which actually gives me a ratio of count of events by host grouped together in a 15 minute int...

by Contributor in

Where with subsearch

Hi All, I am trying correlate 2 different search queries using where with subsearch it goes like this: host="ho...

by Path Finder in

How do I edit my rex search to extract a string between two other strings from a sample line of data?

Hi, How do I get "x868686@test.com" between "Account:" and "Source Workstation:" from following text: Account:...

by New Member in

How to Parse a complicated Field

Hello, I have a JSON file with a huge field: It looks like '"outputs": [ { "custom_desc...

by Explorer in

How to add a field to an event, based on a field from another event.

I feel like I'm having a brain dead moment. I've been scratching my head over this one... Essentially, I want to p...

by Communicator in

extract text between two slashes from the end

hi I am trying to extract the email id from the text eg: PUT /api/users/usernames/eejuy.alves92%40gmail.com/ PUT /api...

by Path Finder in

How to convert String values into factor variable?

I have string fields; an example is "URL". I want it to convert it to numeric / factor variable to perform statist...

by Contributor in

timechart return 0 if no results found

Hi . I have a sourcetype = Queue and i'm sending the number of messages waiting in the queue . index=monitoring ...

by Explorer in

What is causing the Rex Raw c-ip syntax error?

Hi, I'm getting error at search time: Error in 'rex' command: Encountered the following error while compiling the...

by Contributor in

How does Splunk log keyword pair extraction overwrites field value unintentionally?

I have a log of the form <timestamp> field1 field2 field3 field4 urlfield .... For example: <timestamp> ...

by SplunkTrust in

Problem in time query

Hello everyone, i have this search that uses time range picker and my specific time range is 01/07/2018 to 01/13/2...

by Engager in

how to assemble 2 distinct splunk searches into one?

hello everyone, I just want to merge the 2 splunk searches. In the first query, i have all information about mo...

by Path Finder in

How can we get the Public IP details with Splunk Cloud?

Hello, We are in the process of integrating Splunk with Netcool event management tool.Here we are trying to POST t...

by New Member in

Why some of the field values are missing after stats and chart command?

Hi Guys, When I run the below query, it only returns the eventHour up to 14 (2pm) when there are events up to even...

by Communicator in

how to make lookup fields as static and the results as dynamic from the search query

Hi I am having some of the fields in my lookup file (csv file). And I want list down the lookup fields along with the...

by Contributor in

How to calculate processing rate of metrics within specified time range?

Here's an example snippet of the logs I'm working with: 2018-04-17 18:26:02 app=test-app, env=qa, total_msg=0 2018...

by Explorer in

How to not automatically invoke the spath command in raw data?

Hi, We are using JSON data and the field extractions are done already. So we no need to use the spath command. But...

by Builder in

Field data from fieldname in variable

Any way of achieving this: | makeresults | eval Column1="MyData" | eval TestField="Column1" | eval Result{TestFie...

by Path Finder in

Comparison of Field values

I have a JSON which has something like this "Current Free Space","value":"240 KB", i am parsing out the field name wh...

by Contributor in

How to remove overlapping address ranges from a field of address ranges?

I have a field of address ranges where i want to dedup any that overlap. For example: 10.10.20.0/23 10.10.20.160/27 1...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

rex field extraction

Find consecutive duplicates in a field, by terminal

Question on Selected fields in fields side bar

implement excel countif function in Splunk

Post process search

Timechart/chart for getting the count of events with specified field value

Where with subsearch

How do I edit my rex search to extract a string between two other strings from a sample line of data?

How to Parse a complicated Field

How to add a field to an event, based on a field from another event.

extract text between two slashes from the end

How to convert String values into factor variable?

timechart return 0 if no results found

What is causing the Rex Raw c-ip syntax error?

How does Splunk log keyword pair extraction overwrites field value unintentionally?

Problem in time query

how to assemble 2 distinct splunk searches into one?

How can we get the Public IP details with Splunk Cloud?

Why some of the field values are missing after stats and chart command?

how to make lookup fields as static and the results as dynamic from the search query

How to calculate processing rate of metrics within specified time range?

How to not automatically invoke the spath command in raw data?

Field data from fieldname in variable

Comparison of Field values

How to remove overlapping address ranges from a field of address ranges?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...