Splunk Search

Community Activity

REST endpoints /data/indexes and/data/indexes-extended give different number of event counts I'm trying to obtain the total number of events stored in an index. However, using 2 REST endpoints give me two diffe... by thenhaque Explorer in Splunk Search 03-09-2018 0 1	0	1
Pass a selected value to a join after calculations and other join with the same eventtype This is the question; In general, I have been able to resolve my doubts after the publications here, but I have had p... by ricardocastille New Member in Splunk Search 03-09-2018 0 3	0	3
How to customize stats using simple math? If I wanted a count of all the events in all my indices, I can just do: index=* \| stats count, which just returns a s... by flow2k Explorer in Splunk Search 03-09-2018 0 6	0	6
Why is Splunk Service not starting with 'authDb' error? Hi - any idea why my Splunk service is failing with this error? What is 'authDb'? ~]# service splunk start Starting... by NicholasLeader New Member in Splunk Search 03-09-2018 0 1	0	1
How to combine the output of 2 different fields into one single field? I have two fields I would like to combine into one field. field1 \| field2 \| combined field 1. ... by snix Communicator in Splunk Search 03-09-2018 0 3	0	3
Using `eval` to match all values (or existence) of a field Often, we can use eval(myField=someValue)) with aggregate functions like count and avg, as well as time function like... by flow2k Explorer in Splunk Search 03-09-2018 0 6	0	6
Is there a way to make use of a list of IP addresses for servers which have sensitive information in a Splunk search? Our campus is putting together a database of systems with sensitive or restricted information on them. I'd like to ex... by wrangler2x Motivator in Splunk Search 03-09-2018 0 10	0	10
Search not returning results from lookup table Hi all, Been racking my brain trying to create this search and I can't seem to get it working, so I was hoping you a... by celestekiyoko Explorer in Splunk Search 03-09-2018 0 3	0	3
Wildcard search not producing accurate results Hi I am running a wild card search as i am using an input window (with the default value as a wildcard search that w... by colinmchugo Explorer in Splunk Search 03-09-2018 0 3	0	3
How to move an index to another app? In the Settings->Indexes screen I found one of my indexes is listed as being part of a different app than the one I'm... by richgalloway SplunkTrust in Splunk Search 03-09-2018 1 7	1	7
Signaling a problem with a Splunk Web page (I know this isn't a question, but since the contact page only leads to Sales or to phone numbers, I'm using this pla... by DUThibault Contributor in Splunk Search 03-09-2018 0 2	0	2
Field Extraction If the event has field names and values both separated by pipe, how to do field extraction. Field1\|Value1\|Field2\|Val... by ReachDataScient Explorer in Splunk Search 03-09-2018 0 1	0	1
Can you pipe the output of a transaction command into a rex command? I want to pipe the output of a transaction command into a rex command to parse something out of the result. Is this p... by jbrenner Path Finder in Splunk Search 03-09-2018 0 3	0	3
Multiple Searches with BRO LOGS - Trying to correlate certificate data. In BRO 2.5.X there are about 3 or 4 log files that have SSL Certificate information: x509.log, ssl.log, conn.log an... by baegoon Explorer in Splunk Search 03-09-2018 0 0	0	0
How to run two searches and table the results? Good afternoon Guys, Second question in as many days, but this one is puzzling me and my tiny useless uneducated br... by Barty Explorer in Splunk Search 03-09-2018 0 5	0	5
tstats in macro without pipe Hello, is it normal that tstats must be without pipe \| to run in a macro? The macro is scheduled. Thanks. by splunkreal Motivator in Splunk Search 03-09-2018 0 1	0	1
How can we only see results when they are NOT found? I have a large CSV lookup table operational and working well but would like to run a search on my data that only show... by jtitus3 Explorer in Splunk Search 03-09-2018 0 2	0	2
Subsearch in eval not working I'm trying to get the eval value in subsearch and use it for further searching in the query. I guess there is issue w... by k_harini Communicator in Splunk Search 03-09-2018 0 4	0	4
Increasing the number of ad-hoc searches for the user Is it possible to increase the number of concurrent ad-hoc searches for the user, without increasing the number of sc... by kiril123 Path Finder in Splunk Search 03-09-2018 0 2	0	2
Finding the minimum and maximum value Hi All, I have 3 files in one index, Cycle 10.csv, Cycle 11.csv, and Cycle 12.csv. All of the 3 files have a "Cycl... by jvmerilla Path Finder in Splunk Search 03-09-2018 0 1	0	1
Can you display a long list using multiple columns to fit more data on the screen I have a table that has 2 narrow columns. Is there a way to get splunk to display the output in multiple columns of t... by a238574 Path Finder in Splunk Search 03-09-2018 0 1	0	1
how do I know if a search head restart did make my results incomplete? My admin team frequently needs restart our search heads while I have a long running query still running. When this h... by MonkeyK Builder in Splunk Search 03-09-2018 0 4	0	4
Transaction missing fields I have a search defining a Transaction across (2) different log files. The problem is that some fields (not all) are ... by ericrobinson Path Finder in Splunk Search 03-09-2018 1 4	1	4
Why does the map command return no results? Hi everyone, I have a use case where I need to iterate over multiple query strings and execute each of them, so I th... by bojanisch Path Finder in Splunk Search 03-09-2018 0 2	0	2
How to change the position of splunk loginform? HI! Could you help me changing the position of the splunk loginform in the top right corner of the splunk login page... by johnraven Explorer in Splunk Search 03-09-2018 0 4	0	4