Splunk Dev

Thread Info

unstructured logs how to extract the given item example

The unsturctured log contains many lines and at the end below coverage report, it is not getting captured as a field,...

by New Member in

How can I get state/city when I already have lon/lat in my event?

All, So normally with iplocation and geostat I can lookup State, City etc for heatmaps. How ever with the log I h...

by Builder in

How do I create an eval statement to combine similar fields?

Hi, If I have data that looks like this abc abc456 xyz xyz456 How could I create an eval statement that say...

by Motivator in

Why does BREAK_ONLY_BEFORE work only for some events?

I have applied regex in the heavy forwarders as below. But this works only for few events and a lot of events are not...

by New Member in

With too much data, is it advisable to extract data from hive tables rather than Splunk indexes?

With too much data, is it advisable to start extracting data from hive tables rather than Splunk indexes? Does anybod...

by New Member in

Compare the Avg value for a Particular Application_Name for today with the last week for any particular timing.

index = abc earliest=-70m@m latest=@m| stats avg(AVERAGE_RESPONSE_TIME) as Today by Time Application_Name |eval Today...

by Explorer in

Java/Python等のSplunk SDKのサポート対応は可能ですか？

Java/Python等のSDKに関する質問はSplunkサポートに問い合わせても可能でしょうか？

by Splunk Employee in

How do you get start and end time of an event count?

Hi, I have an event such as "DB connection failed" in db_logs sourcetype. I would like to get the start and end...

by Explorer in

Can you help me accelerate a dataset that has streaming commands?

I am trying to accelerate a dataset I created.. and it tells me I can’t because it has streaming commands. I’m not su...

by Path Finder in

Will you help me extract rows which contain Remote Desktop Users or Administrators field names?

Hello, Will you help me extract rows which contain Remote Desktop Users or Administrators field names? "Server";"L...

by Path Finder in

Replace field value using rex

XXXXXX y XXXXXX y So this is my value of a field z . How to replace this with XXXXXX y. Below is not working ...

by Path Finder in

How do I pass some subsearch result fields to the result?

I'm trying to figure out if the following can be done with subsearch or requires a join. I'm running a search that b...

by New Member in

How to implement a logic when the page is loaded?

How to implement a logic when the page is loaded When the page is loaded, the drop-down box displays the last month o...

by Explorer in

How do you configure Splunk logging for java to work with Jboss Logging Manager?

We are trying to configure the Splunk Http Event Collector as a logging handler for red hat AMQ, which uses Jboss log...

by New Member in

Error invoking commnad: hadoop com.splunk.mr.SplunkMR - Return code: 255

We have the MapR filesystem and Hunk on the same node, have set up a Provider and Virtual and Im getting an error whe...

by Builder in

What is the best way to back up config files?

Hi, In order to take a backup of the config files, I have copied a file to, let's say, authorize.conf_bak_03_21_20...

by Builder in

'if like' help

Hi, Struggling to get this to work. I'm trying to create a new field called 'severity' with specific values return...

by Path Finder in

Why is the parsingQueue blocking on only one server?

Out of 19 windows servers running the same services, there is one server that keeps on blocking at parsingQueue. I ha...

by Communicator in

connect to splunk instance using custom endpoints

Hello All, I have developed few mashup API (combining two or more KVStore into single API) for our app in python l...

by Builder in

How do you disable a search validation when creating an alert?

I'm transferring an alert from one Splunk instance to another via REST api. The alert contains a custom search comman...

by Path Finder in

calculate average response time per application

Hi, I am a bit new to splunk and query language. In my logs, i am having "application name", "Request Time stamp" and...

by New Member in

Splunk SDK for Python insane error need help

I am looking at the examples/abc of the python sdk and get an error "connection = six.moves.http_client.HTTPSConnecti...

by New Member in

How to set the connectTimeout() and readTimeout() using splunk API Java SDK?

Hi, I am using splunk jar 1.6.0.0 and as per the Splunk github, it shows HttpService has methods to set the readTi...

by New Member in

logs not complete

Hi , I am having trouble right now on why does the splunk log is not complete/cut , in the past few months logs are ...

by Builder in

When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

Using Python to access the rest api, servicesns/{user}/{app}/saved/searches endpoint does not filter by app or user W...

by Path Finder in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Dev

Discussions

unstructured logs how to extract the given item example

How can I get state/city when I already have lon/lat in my event?

How do I create an eval statement to combine similar fields?

Why does BREAK_ONLY_BEFORE work only for some events?

With too much data, is it advisable to extract data from hive tables rather than Splunk indexes?

Compare the Avg value for a Particular Application_Name for today with the last week for any particular timing.

Java/Python等のSplunk SDKのサポート対応は可能ですか？

How do you get start and end time of an event count?

Can you help me accelerate a dataset that has streaming commands?

Will you help me extract rows which contain Remote Desktop Users or Administrators field names?

Replace field value using rex

How do I pass some subsearch result fields to the result?

How to implement a logic when the page is loaded?

How do you configure Splunk logging for java to work with Jboss Logging Manager?

Error invoking commnad: hadoop com.splunk.mr.SplunkMR - Return code: 255

What is the best way to back up config files?

'if like' help

Why is the parsingQueue blocking on only one server?

connect to splunk instance using custom endpoints

How do you disable a search validation when creating an alert?

calculate average response time per application

Splunk SDK for Python insane error need help

How to set the connectTimeout() and readTimeout() using splunk API Java SDK?

logs not complete

When trying to filter the endpoint, why replacing the user and app fields don't seem to effect the result at all?

Prove Your Splunk Prowess at .conf25—No Prereqs Required!

Splunk Observability Cloud's AI Assistant in Action Series: Observability as Code

Splunk Answers Content Calendar, July Edition I

Limit Splunk RUM coverage to a specific JS file

API call to retrieve information about a search wh...

Much needed size optimization of this app - Python...

Custom command only running a few times when getti...

Splunk JAVA SDK Version issue

Splunk Dev

Are you a member of the Splunk Community?

Discussions