Splunk Search

Discussions

Thread Info

Do you think we can optimize this long search?

The search: index=queues sourcetype="jms:queues" "Queues.name"="road.sa**" earliest=-5m@m | stats max("Queues.pen...

by Explorer in

Invalid FORMAT when creating a field transformation

I have these events that come with a source attribute something like source = /var/collectd/csv/sv3vm5b/cpu-0/cpu-idl...

by Contributor in

Transformation to index events to different index not working

Goal I wish to place some events into a longer living index "staging-boeing-audit" for audit purposes. All other eve...

by Path Finder in

I would like to reuse the same field extraction name for multiple sourcetypes.

I would like to reuse the same field extraction name for multiple sourcetypes. this will help us create one alertf...

by Path Finder in

Why is my search to match events from a lookup not returning results with my current lookup definition and configuration?

I'm sure this has been answered already, but I'm hoping if I write what I did down, someone can point out what I've m...

by Builder in

Need help in trending chart with one single line

Hi , When i select a value from filter which has both true and false values , i am getting trending lines for both...

by Path Finder in

help regex

I have this kind of logs 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down 00:00:48: ...

by Engager in

How to get the sum according to field values?

Hi Guys, I am counting the number of events from field name "LOCATION".This Field have 4 locations, Location A,B,C...

by Communicator in

Remove rows with NULL from final search output

My working query returns a table with some NULL fields. This is because the query match the initial result with a loo...

by New Member in

Removing result based on timestamp

Hello, I have the following query 1.1.1.1 11 2.2.2.2 22 ciscoasafw index=firewall results are 10/01/2018 14...

by New Member in

How many indexes can be specified for srchIndexesAllowed in authorize.conf?

I wonder if there is a limit on the number of indexes specified in srchIndexesAllowed of authorize.conf. We currently...

by Ultra Champion in

Spanning event between start and end time and displaying it on one chart

Hi, I need some help displaying events on a time chart. In each event, I have a start time and end time field in epoc...

by New Member in

License Usage past 30 days don't work

There is no results found when i use this dashboard in splunk 6.0 but the first one (today) is working. How can i ...

by Communicator in

Combine RegEx with a condition

Assume the following squid log samples: (squid-1): 1515606581.001 100 1.2.3.4 TCP_TUNNEL/200 500 CONNECT some.fqdn...

by Explorer in

How to merge and make one result out of multiple results

HI, I have a result which displays common starting URI. but I have to combine it to one and have the result, how c...

by Explorer in

timechart start at certain time

I have data similiar to the following - this is just a subset as the full data file contains 4 days worth of data. Th...

by New Member in

merge two data sets

Hi, I have two sets of data (A and B): A | B 8 | 6 2 | 6 10 | 8 6 | 8 I want to count and merge into sing table...

by New Member in

Can we schedule a job which runs the attached query on database every day and also email of the output should be delivered to email address

I want to schedule a job which runs the attached query on database every day and also email of the output should be d...

by New Member in

Split a column in the search data into multiple columns

Hi All, I have a file of Tickets to analyse. I want to arrange the data as per the following image. What can I do ...

by Communicator in

Multiple grouping ofdata over chart

I have to group defects based on severity and again based on release.the chart should contain multiple grouping first...

by New Member in

General question on concatenation or joining two indexes for data

Hi all, I read a few searches on this topic but I wasn't able to get this to work for me. I have two datasource...

by Path Finder in

How can you change the width of a column in a table(HTML) or add a new line break to a field?

Hello! So I am running into a problem where my table visualization looks weird because one of my columns is too long....

by Communicator in

how to get middle string from source field in splunk

sourcetype=XXX "Server has been shutdown" | table _time, host, tag::host, _raw,source,field hear my source is /opt...

by New Member in

Splunk indexing issues for logs: WatchedFile - Checksum for seekptr didn't match

Hello Everyone, I have a questions regarding ingesting log files which doesn't have time stamp in the file name. ...

by Path Finder in

multiline extraction issue

I'm having problem with a multi-line field extraction which I have been struggling to figure out. 2017-05-19T12:48...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Do you think we can optimize this long search?

Invalid FORMAT when creating a field transformation

Transformation to index events to different index not working

I would like to reuse the same field extraction name for multiple sourcetypes.

Why is my search to match events from a lookup not returning results with my current lookup definition and configuration?

Need help in trending chart with one single line

help regex

How to get the sum according to field values?

Remove rows with NULL from final search output

Removing result based on timestamp

How many indexes can be specified for srchIndexesAllowed in authorize.conf?

Spanning event between start and end time and displaying it on one chart

License Usage past 30 days don't work

Combine RegEx with a condition

How to merge and make one result out of multiple results

timechart start at certain time

merge two data sets

Can we schedule a job which runs the attached query on database every day and also email of the output should be delivered to email address

Split a column in the search data into multiple columns

Multiple grouping ofdata over chart

General question on concatenation or joining two indexes for data

How can you change the width of a column in a table(HTML) or add a new line break to a field?

how to get middle string from source field in splunk

Splunk indexing issues for logs: WatchedFile - Checksum for seekptr didn't match

multiline extraction issue

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Splunk Education Goes to Washington | Splunk GovSummit 2024

Need solution on search query

Looking for a query to display a list of jobs stuc...

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について