Splunk Search

Discussions

Thread Info

How to remove event that contain special characters only

Hi Splunk Ninjas, Good Day. Just like to ask on how can I remove event that contain special character only, as sam...

by Communicator in

How to get started with making a choropleth map using data within a CSV file?

I went through documentation but not able to relate with my requirement. If someone is already in practice with maps,...

by Communicator in

How to get 3 different hours data

by Explorer in

How to extract the fields in my raw event data at indexing time?

Hi, How to extract the fields in the below Raw event using props.conf and transforms.conf 05/24/17 13:22:12 ab...

by Builder in

Search affinity for non-multisite cluster

I have 2 locations, and not a ton of resources. Multisite clustering took too much -- it seems like I need at least 3...

by Communicator in

How to edit my stats search to display a bar chart?

Hi I have a data with fields OS and Name. I need to show the count and values of OS for Each Name like on X-axis ...

by Builder in

How to extract the month from date field in string?

I have a date field in a string with the format as mn/day/year. I need to extract the month from the same. Can someon...

by New Member in

Is it is posible to use a variable in a regex of a field extraction ?

Hi I would like to know if it is possible to use a variable in a regex extraction. ....| eval snr=602 | rex "(?<bl...

by Builder in

Strange message for SMS Alert

Hi, I'm currently trying to implement SMS Alert for Splunk. I have a SMS Gateway server in my organisation and I'm us...

by Path Finder in

Regex help!

How to use the Regex to extract the first 2 words OR 3 words from below field values? OS: Windows 10 Enterprise Wi...

by Builder in

How to use rex out the below text ?

Full or partial cease : </strung></td> <td width="100%" galign="top" >Full< I would like to extract the below text...

by Explorer in

Trying to extract the value of a field which occurs twice in one event. Regex maybe?

I am hopeful someone has a suggestion for this reporting issue. I have an event generated by Microsoft SQL Audit, ...

by Path Finder in

field rename help

Hi, I am receiving the logs from McAfee Email gateway. In this log, there is a field name as "action" which has vendo...

by Path Finder in

comparing events within same field and it should continues

We need to find out the Ids along with DispatchTime which are not dispatched in correct sequence. ID DispatchTime 1 0...

by Explorer in

working with timestamps and need to pull the records which are matching conditions

I wrote a Splunk search and it's giving my expected results: index=main sourcetype="log" | rename SERVICE_ID AS S...

by Explorer in

How to reconcile a field in two different sourcetypes?

My use case is: There is sourcetype1, which has tradeID field; also sourcetype2, which also has tradeID field. I t...

by Path Finder in

How can I view and search multiple indexes from dashboards

I have a dashboard that lists/groups recently updated dashboards and I just wanted to know if there was a way to also...

by Path Finder in

timechart function issue

Hi everyone, my query look like this base search | reg " " | | bin _time as desired_times span=4h | table _time serv...

by Explorer in

How to display a chart with search jobs and the time range within they run?

I have some jobs, which have some time frame to run. Every job belongs to some track. My purpose is to plot Track vs ...

by New Member in

Finding a field value that is available in sourcetype2 but not available in sourcetype1

Hi, I would like to find a field value of a field (Email_Address) that is available in only sourcetype2 and not avai...

by Explorer in

How expand two related mutli value fields ?

Hi, I'm trying to analyze some data that contains two related multi value fields that i want to expand. What i hav...

by New Member in

How to make a field extraction for my sample data?

I want to make a field extraction by the name of Action to show this whole text ,'update ggsourceadmin.monitor set OR...

by New Member in

How do I make a couple of indices in one table?

Is it possible to have two different indices and have results in a single table? The Indices are... index=_interna...

by Path Finder in

How to find RSA connection failures for a user?

I need a script that will find rsa connection failures for a user

by New Member in

Is it possible to count the number of times a field occurs within a transaction?

Is it possible to get the number of times a Field occurs within an event? I've read posts on how to arrive at uniq...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to remove event that contain special characters only

How to get started with making a choropleth map using data within a CSV file?

How to get 3 different hours data

How to extract the fields in my raw event data at indexing time?

Search affinity for non-multisite cluster

How to edit my stats search to display a bar chart?

How to extract the month from date field in string?

Is it is posible to use a variable in a regex of a field extraction ?

Strange message for SMS Alert

Regex help!

How to use rex out the below text ?

Trying to extract the value of a field which occurs twice in one event. Regex maybe?

field rename help

comparing events within same field and it should continues

working with timestamps and need to pull the records which are matching conditions

How to reconcile a field in two different sourcetypes?

How can I view and search multiple indexes from dashboards

timechart function issue

How to display a chart with search jobs and the time range within they run?

Finding a field value that is available in sourcetype2 but not available in sourcetype1

How expand two related mutli value fields ?

How to make a field extraction for my sample data?

How do I make a couple of indices in one table?

How to find RSA connection failures for a user?

Is it possible to count the number of times a field occurs within a transaction?

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

Stay Connected: Your Guide to February Tech Talks, Office Hours, and Webinars!

Preparing your Splunk Environment for OpenSSL3

tstats with | search()

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

StateSpaceForecast holdback and forecast_k for eva...

ITSI thresholds: adaptive vs static