Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

transforms.conf extract part of sourcepath

Hello Splunkers! My eventdata places on folders: /folder1/subfolder1/123/log1.log /folder1/subfolder1/234/log2....

by Communicator in

How to search if a user in Log A also appears in Log B?

Hi community, propably a simple question, but I still hanging. I need a search over two logfiles, which shows me a...

by Path Finder in

Combine 2 searches that have a subsearch

I want to get all events related to dnis=27159866 I can perform this by getting all the events with a sessionid or pa...

by Explorer in

How to build a drop-down with a default automatic span for a timechart in a simple XML dashboard in Splunk 4.3.6?

I'm building a drop-down menu for picking the timechart span in simple dashboard. By default I'd like to have automat...

by Path Finder in

How to update a lookup table using REST API?

Hi all Hope someone can help me with this. I am building a custom application, which extracts data from a db an...

by Communicator in

Why search query works in Search app, but is not working in a dashboard?

Hi My search : index="abc" (source="tac.log" DebugLevelSrc=xxx "*ccc*") OR (source="crt.log" DebugLevelSrc=xx...

by Path Finder in

Setting fields from logs with different row values

Hello everybody, I have a question that might have been responded before but I have a log file from a server that ...

by Explorer in

Splunk SPL help...

I hope someone can point me in the right direction because I really need help. SPL transforms are anything but easy a...

by New Member in

SearchTemplate + RealTime search to SearchPostProcess

Hi. We are trying to create a dashboard in which all the panels use the same information about the current (real t...

by Engager in

Grouping similar

HI All, Im have a search and its working great for calculating averages based on the domain, the problem is that I...

by Path Finder in

Is there any way to set a higher default "bins=xxx" for timechart setting?

I know I can override the default bins=100 in any particular search. Is there any way to set something slightly highe...

by SplunkTrust in

Why is the conversion of duration from seconds to hours in a search automatically adding 18 hours to the value?

I'm looking to change the format of the useful duration tool from seconds to hours. I found out how to do this via so...

by Communicator in

Why is virtual index search showing no results found after installing Hunk?

Hello guys, I installed hunk and followed its tutorial. I have checked the HDFS location and it seems fine. Hadoop...

by Engager in

Why Splunk query returns values when run as separate search, but is not working as a subsearch?

My actual search sourcetype="xyz" Operation=q | eval msg=if(Status == "fail",[search sourcetype="xyz" Operation="p" ...

by New Member in

How Can I Save Three Count Searches Separated And Then Use Them Together Later?

I have some conditions for each search as follows: Search A index=users Channel=40 | eval Token = User."-".Cha...

by Contributor in

Match several sub-urls, regexp

I have a set of URLs in a log like so: url1:"POST /stuff/test/" url2: "GET /stuff/test-type?" url:3"POST /stuff/te...

by Path Finder in

Search query for permon counter

Hi All, we had configured splunk to get the perfmon counter data from server (every 5mins). The counter value gets...

by Contributor in

How to identify users (UID) that use program A, but have never used program B?

I've got users using 2 apps that I'm pulling from, and I'm looking at login reports. Given that the users have unique...

by Explorer in

piping events from a custom generating command into timechart results in irregular buckets when not using all-time

I have 26 days of events (Monday 9/15 through Friday 10/10) piped to a timechart span=7d. I'd like to have 3 bucke...

by Splunk Employee in

Is my regex or the Interactive Field Extractor regex more efficient? Is there a better option?

Comparing regex strings... Log format: Thu 08/07/2014, 6:41:59.97,USERA,TERM1,XXXX-YYYAPP65-5 Thu 08/07/2014, 6:...

by Path Finder in

Splunk Search

Discussions

transforms.conf extract part of sourcepath

How to search if a user in Log A also appears in Log B?

Combine 2 searches that have a subsearch

How to build a drop-down with a default automatic span for a timechart in a simple XML dashboard in Splunk 4.3.6?

How to update a lookup table using REST API?

Why search query works in Search app, but is not working in a dashboard?

Setting fields from logs with different row values

Splunk SPL help...

SearchTemplate + RealTime search to SearchPostProcess

Grouping similar

Is there any way to set a higher default "bins=xxx" for timechart setting?

Why is the conversion of duration from seconds to hours in a search automatically adding 18 hours to the value?

Why is virtual index search showing no results found after installing Hunk?

Why Splunk query returns values when run as separate search, but is not working as a subsearch?

How Can I Save Three Count Searches Separated And Then Use Them Together Later?

Match several sub-urls, regexp

Search query for permon counter

How to identify users (UID) that use program A, but have never used program B?

piping events from a custom generating command into timechart results in irregular buckets when not using all-time

Is my regex or the Interactive Field Extractor regex more efficient? Is there a better option?

Removing Object from Json Array

wql query not returning any events [WMI:Services]

How to color a panel if the result is not equal a ...

How to force today's date column to display if no ...

Generate timechart with normalized/rescaled data p...