Splunk Search

Ask a Question

Discussions

Thread Info

サーチが遅れている旨のエラーが表示される。

サーチが遅れている旨のエラーが表示されるようになりました。どのサーチがどのくらい遅れているのか、状況を確認したいのですが、どのように確認するのが適切でしょうか。【エラー内容】 The percentage of non h...

by New Member in

Is there a "zip_longest" like function in Splunk?

I have this search/report: host=app-dev-001 terminating OR rehire | convert timeformat="%Y-%m-%d" ctime(_time) AS ...

by Explorer in

Run the condition on multiple fields of each events

I have set of events as below: EmployeeID Company C123 ABC C456 DEF C789 2598 3648 Here, all the EmployeeID st...

by Engager in

How can you rewrite log data to overwrite sensitive information?

If there were a field that one wanted to overwrite, say it was an API token for example, and it had already been logg...

by Explorer in

Applying conditional to a subset of results?

See the dataset below. Ultimately (this is part of an inner join with another search) I'd like to return the the late...

by Path Finder in

How to capture the hits per day on LiveSite/OT servers??

Hey All, Back again with another interesting question. How do we get the number of hits per day for linux/live...

by New Member in

Accelerated data model returning partial results when using summariesonly=true

Hello everybody, I see a strange behaviour with data model acceleration. I have a data model accelerated over 3 mo...

by Path Finder in

Splunk cannot index and search Charset UTF-8 without BOM

I have files encoded with UTF-8 without BOM(found out in notepad++), but splunk cannot index or search the events of ...

by New Member in

Compare two searches

Hi guys, I am having some issues extraction a comparaison between two different search, Let's assume the follo...

by Explorer in

How to visualize more than 100 rows in a table in the dashboard?

Hi, I'm using the following option for a table in a dashboard: <option name="count">xx</option> and it succes...

by Engager in

Lookup match_type WILDCARD not working

Greetings experts, I have an alert configured to output the search results to a lookup file. And I need to be able...

by Explorer in

Splunk Query for user accessing assets

Hi All, I need to create a query where user access a same destination from 5 or more sources, also in that query o...

by Communicator in

regex question

I am trying to get exactly 10 digits which might be between white spaces or symbols etc: 1234567890 ,234567890 , ...

by Communicator in

Need to understand Regular Expression

Team, Can anyone please help me to understand the below regular expression used in field extraction? (?i)CPU_CO...

by New Member in

sort descending avg time field in results

i have a field "avg_time" which i want to display in descending order. tried sort -avg_time but didn't worked eval...

by Engager in

How to arrange the common values of different fields in the same row and uncommon values after the common values

Hello, I have a data from two different sourcetypes. In that data, I have two specific columns where in I have to ...

by Path Finder in

How to deal with repeating fields in a single event

We noticed that Microsoft OWA logs produce a repeating field. How can we make them into individual ones instead of ju...

by Explorer in

Hi, I have a scenario to filter the logs events before they get index using HTTP events collector.

I am using HTTP events collector on a search head directly. On this SH I am using API token to connect to get OKTA lo...

by Path Finder in

KV_MODE=xml not working but xmlkv is

I have an app on a deployment server that takes in XML data, this app includes a props.conf with KV_MODE=xml. When I...

by Explorer in

Extract data from a txt file

Hello everyone, I have the attached file that is generated every night through my client's internal system and I n...

by Path Finder in

Subsearch return multiple fields

Hi and thank you in advance. I've simplified the problem for brevity sake. I'm trying to return multiple fields by...

by Path Finder in

use the heat map option and highlight the max and min per each column.

hi there THis is my sample data. I want to use the heat map option and highlight the max and min per each column....

by Motivator in

Math function on stats count

I would like to do some math operation of retrieved count of each values. Eg: 318*5.5 + 418*2.5 + 54*5 + 83*2 and...

by Loves-to-Learn Lots in

Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.

I have this splunk search: host=app-dev-001 terminating | convert timeformat="%Y-%m-%d" ctime(_time) AS date | sor...

by Explorer in

Can someone help me with the regex for a field extraction?

Below are clamav logs, I would like to create two new fields. one called: log_level one callled: message log_le...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

サーチが遅れている旨のエラーが表示される。

Is there a "zip_longest" like function in Splunk?

Run the condition on multiple fields of each events

How can you rewrite log data to overwrite sensitive information?

Applying conditional to a subset of results?

How to capture the hits per day on LiveSite/OT servers??

Accelerated data model returning partial results when using summariesonly=true

Splunk cannot index and search Charset UTF-8 without BOM

Compare two searches

How to visualize more than 100 rows in a table in the dashboard?

Lookup match_type WILDCARD not working

Splunk Query for user accessing assets

regex question

Need to understand Regular Expression

sort descending avg time field in results

How to arrange the common values of different fields in the same row and uncommon values after the common values

How to deal with repeating fields in a single event

Hi, I have a scenario to filter the logs events before they get index using HTTP events collector.

KV_MODE=xml not working but xmlkv is

Extract data from a txt file

Subsearch return multiple fields

use the heat map option and highlight the max and min per each column.

Math function on stats count

Why doesn't my rename work? Error in 'rename' command: Usage: rename [old_name AS/TO/-> new_name]+.

Can someone help me with the regex for a field extraction?

Buttercup Games: Further Dashboarding Techniques (Part 5)

Customers Increasingly Choose Splunk for Observability

Bridging the Gap: Splunk Helps Students Move from Classroom to Career

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...