All forum topics Previous Topic Next Topic dauren_akilbeko Communicator 11-05-2020 04:50 AM You probably meant to filter by event content, if so check here https://docs.splunk.com/Documentation/Splunk/8.1.0/Forwarding/Routeandfilterdatad#Filter_event_data_...and herehttps://community...
All forum topics Previous Topic Next Topic Solution scelikok SplunkTrust 04-05-2024 03:16 AM You are right, I missed to filter again for exceptions. Please try below, you should see only correlationId exceptions that have no SUCCESS. index="mulesoft" applicationName="s-concur-api" ...
Solved: Hi team, I have below sample events in splunk. 2021-04-09 07:12:41 , 323 PLV=EVENT DT=MANUALEVENT CIP=0.0.0.1CMID=shangThai CMN= "
All forum topics Previous Topic Next Topic Solution sundareshr Legend 10-19-2016 06:42 AM If there are many users in the exclusion list, your best option would be to create a lookup file/kvstore (http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Lookup) and use ...
I need to do a search where I only display results where the Arguments, Command fields in events DOES NOT contain a value in the scheduled_tasks lookup table. Where it is going wrong? Thank you!My query is: (index IN (index1, index2)) EventCode=4698 NOT [|inputlookup scheduled_...
All forum topics Previous Topic Next Topic gcusello SplunkTrust 04-02-2021 01:45 AM Hi @phanichintha, if you have few words to search, you can insert them in your main search: <your_search> (Kafka OR Jps OR <other_words>) if these words are in a field, you can use the ...
This search has completed and has returned 311,256 results by scanning 343,584 events in 13.064 seconds So there you have it. There isn't a clear winner, but there a loser in the bunch. Sorry regex, you just can't keep up. (Now if Splunk was written in Perl that would be a...
I want to exclude the field values that starts with i and their corresponding rtim value as well. Tags: exclude field-values splunk-enterprise 0 Karma Reply All forum topics Previous Topic Next Topic FrankVl Ultra Champion 06-05-2018 02:15 AM Wouldn't a simple | where request_...
| makeresults | eval message= "Happy Splunking!!!" View solution in original post 1 Karma Reply All forum topics Previous Topic Next Topic somesoni2 Revered Legend 02-01-2018 11:13 AM Generally, in this type of cases, you can just use lookup table to filter...
All forum topics Previous Topic Next Topic Solution richgalloway SplunkTrust 08-04-2022 08:09 AM Skip erex and go directly to the regex command. This query will filter out users with names consisting of "ituser" followed by 2 digits. index=notable source="Endpoint - Anomal...