Splunk Search

Ask a Question

Discussions

Thread Info

Events from 2008 r2 fileshare to splunk

hi All, i have a 2008 r2 server that is a file share, i have setup a universal forwarder to send logs to splunk. T...

by New Member in

How can I run searches against the Splunk API?

I want to run searches against the Splunk API. How can I do this?

by Splunk Employee in

Formatting output in table

Hi all, I've a request to come out with a table with information as below. My query so far is to extract the re...

by Path Finder in

How do I subtract two fields containing %m%d%y format time values to get the age of an event?

I'm trying to create a new field that is the result of the Current Date minus the time stamp when my events were crea...

by Communicator in

How to add a static value to a table with one column?

I'm trying to add a single value to a table I use to dynamically populate a selector in a dashboard. The search I use...

by Communicator in

How to find time range duration or value?

In searching, I understand that I can specify the time range using one of the presets (like "Last 4 hours") or set it...

by Explorer in

How do I chart 2 searches on one chart?

Searches index=nix sourcetype=cpu host="host a" CPU="all" | eval Percent_CPU_Load = 100 - pctIdle | timechart lim...

by Path Finder in

updating geolocation DB

Currently, we are running 6.6.2 and are using the geolite2 DB to do the iplocation mapping. I have read the follo...

by Engager in

How to extract a field with date string values?

I extracted a field SNDateCreated (regex shown below), the values in this field are represented as strings. index...

by Explorer in

How to trigger map only when variable value exists?

This query capture the id from logs and make a search in the database, when there is a id value in logs it works well...

by Communicator in

Universal Forwarder blacklist - Can anyone help with a simple regex?

Hi everyone, On my Universal Forwarder, I'm able to effectively blacklist Windows event codes when I do it based o...

by Path Finder in

chart count over in splunk

| rest /services/authentication/users splunk_server=local | search [| rest /services/authentication/current-context |...

by Communicator in

Best way to have the Splunk Indexers handle a CSV log file...

by Contributor in

How to find out the event with max duration?

How to find out the event with max duration? I used command transaction to group events and I want to find out the ev...

by New Member in

How to find unmatched value present in the list?

Let suppose,In a list(owner_name) as owner_name we are having following values, shyam ram Shyam Shyam And we have ...

by Path Finder in

Match data from items listed in column of csv file

I have a .csv file with multiple columns. This is an auto-generated .csv file, and I only need to search against one ...

by Explorer in

Populating Additional Information on Field Data

I'm getting log data from a system that uses codes for each entry and I'd like to replace or add a description of the...

by Path Finder in

How to Group data by a few factors?

Hello, I need to prepare statistics of some events occurrences and this is my data in splunk: 07-03-18;11:55:1...

by Engager in

Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user

Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user?

by Loves-to-Learn in

question involving breaking out multiple multivalue fields into events

I'm having issues trying to break out individual events that are combined into multi-value fields When I do a tabl...

by Motivator in

Why are my dashboard panels using a base search showing no results, but shows results if opened in search?

Hi, I've encountered this problem a couple of times now. I have a dashboard where some of the panels run on a b...

by Builder in

Syslog-help me

How can I transfer data from splunk to syslog? I did not understand the explanation in the link: http://docs.splunk.c...

by Engager in

Time format and table sorting issues

So, I have this search on events that cover from the 28th of February to the 6th of March, 2018: Some basic sea...

by Explorer in

How to display the data for the last 4 weeks by week number?

Hi, I want to create dashboard that displays the 4 weeks data by week number. The database normally have 3 months ...

by Communicator in

search to find Bush's stolen watch

Does anyone know how to craft a search to find George Bush's stolen watch?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Events from 2008 r2 fileshare to splunk

How can I run searches against the Splunk API?

Formatting output in table

How do I subtract two fields containing %m%d%y format time values to get the age of an event?

How to add a static value to a table with one column?

How to find time range duration or value?

How do I chart 2 searches on one chart?

updating geolocation DB

How to extract a field with date string values?

How to trigger map only when variable value exists?

Universal Forwarder blacklist - Can anyone help with a simple regex?

chart count over in splunk

Best way to have the Splunk Indexers handle a CSV log file...

How to find out the event with max duration?

How to find unmatched value present in the list?

Match data from items listed in column of csv file

Populating Additional Information on Field Data

How to Group data by a few factors?

Is there something like a "sql database view" in splunk to hide the complexity of a search/report from the end user

question involving breaking out multiple multivalue fields into events

Why are my dashboard panels using a base search showing no results, but shows results if opened in search?

Syslog-help me

Time format and table sorting issues

How to display the data for the last 4 weeks by week number?

search to find Bush's stolen watch

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions