Splunk Search

Discussions

Thread Info

How to force rex to extract a field with numeric type

(Splunk 4.3.2, in case it makes a difference) I'm using rex to extract a sequence of digits, and I'd like Splunk t...

by Explorer in

How can a send a simple test event to my new index to test that it is functioning properly?

I have spun up a new index in Production and want to quickly test that it is properly configured. I'd like to confirm...

by Champion in

help in a regular expression extraction

I have a text that contains anything followed by a word that start with either XPOS, POS and HF and ended by - E...

by Builder in

Consecutive characters dash in a file for extraction

I have a file that contains consecutive - example: somefields - anything - anything - ... - anything ABC DEF 2323...

by Builder in

one event one filed multi value

hello I have my log form as multi lines breaked with an empty line thanks to ziegfried， I have devided each event suc...

by Contributor in

Help needed to get key-value pairs from a tabular data file

Hey everyone. This is my first time working with data like this, so I'm a little bit lost. Here is a sample: Syste...

by Builder in

REGEX - how to mark end of value?

So I have this REGEX statement in a transforms.conf file: REGEX = (service=53|service=5101) I'm new to REGEX bu...

by Builder in

Running a stored procedure with DB Connect app

I'm trying to get Splunk to login to a MS SQL database and execute a stored procedure based upon data in the events. ...

by Builder in

NTP field extraction

Hello, I wanted to know what would be the best way to extract the st (stratum) field from the NTP event (in this ...

by Explorer in

field extractor issues

Hi, I'm trying to use the field extractor to create some field. When I click on an event, and choose "Extract fiel...

by Champion in

Timespan trouble with timechart

Hi, I'm having some issues with timechart. I'm overriding _time in props.conf, since my timestamp is extracted fro...

by Communicator in

Transactions within transactions

I have a set of two logs that share a common field (RID). One log contains the "user" actions while the other log con...

by Communicator in

group by srcIP and total count dstIP

Hello, I'm trying to compose search, that will show me srcIP, dstIP, count by dstIP like this: srcIP dstIP ...

by Explorer in

Combine similar events into a single count

I have the search: index="weblogs" filter_result!="-" useragent="* (compatible; MSIE 10.6; )" OR useragent=" (comp...

by Path Finder in

Multiple SEDCMDs

Greetz, Does anyone know if multiple SEDCMDs are supported at index time in props.conf? Also, can I implement t...

by Contributor in

Best way to Join two tables

Hey. I have these kind of datas every one week : "SilkWorm48000",SwitchWWN ,160,"SwSerialNumber","http://UrlManage...

by Communicator in

testing for the occurrence of a user

Hi, I need to check to see if a list of users (150+) have logged in recently. The data comes in via syslog, and I'...

by Champion in

How can I remove text from _raw if it appears as a field in Splunk

I want to remove a string from _raw that appears as a field in Splunk say host. For example if I have the _raw messag...

by Contributor in

generating regex

hi , in my log files their is field known as CPU TIME.. which has values:- Jan 16 12:51:35 Phase 1 ended (674 seco...

by New Member in

Percent of Error Help

I am relatively new to Splunk and I am trying to create a percent of error metric. I have two log sources that have a...

by Path Finder in

search regex where one field does not contain the value of another field

I try to search for Windows logins in which the "Workstation Name" is different from the "ComputerName". The problem ...

by Contributor in

How to obtain the highest daily traffic flow data that hour

hi! I want to get the highest daily traffic by day, so I try this as below ... | convert timeformat="%Y/%m/%d" cti...

by Path Finder in

how does transaction command work?

i am still confused after reading the reference for example i fabricated some data and search with "|transaction host...

by Contributor in

To set an alert if a field doesn't exist in log messages in real time

I'm trying to set up a alert If I don't see a log message with in 15 minutes span of time. I extracted a filed from ...

by Communicator in

Is there a splunk equivalent for 'grep -f' ?

In *NIX, there is a command grep -f 'long_list_of_regex' 'my_log_file' , which reads a list of search commands ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to force rex to extract a field with numeric type

How can a send a simple test event to my new index to test that it is functioning properly?

help in a regular expression extraction

Consecutive characters dash in a file for extraction

one event one filed multi value

Help needed to get key-value pairs from a tabular data file

REGEX - how to mark end of value?

Running a stored procedure with DB Connect app

NTP field extraction

field extractor issues

Timespan trouble with timechart

Transactions within transactions

group by srcIP and total count dstIP

Combine similar events into a single count

Multiple SEDCMDs

Best way to Join two tables

testing for the occurrence of a user

How can I remove text from _raw if it appears as a field in Splunk

generating regex

Percent of Error Help

search regex where one field does not contain the value of another field

How to obtain the highest daily traffic flow data that hour

how does transaction command work?

To set an alert if a field doesn't exist in log messages in real time

Is there a splunk equivalent for 'grep -f' ?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...