Splunk Search

Community Activity

limits.conf - any settings we can change from defaults to improve performance on server with 24 CPUs and 256GB memory? We have 9,255,277,001 events indexed for 90 days of hot/warm data. We need to run on a single Splunk instance. Our se... by simpkins1958 Contributor in Splunk Search 01-11-2018 0 1	0	1
Do you think we can optimize this long search? The search: index=queues sourcetype="jms:queues" "Queues.name"="road.sa**" earliest=-5m@m \| stats max("Queues.pendi... by venkatesh296 Explorer in Splunk Search 01-11-2018 0 25	0	25
Invalid FORMAT when creating a field transformation I have these events that come with a source attribute something like source = /var/collectd/csv/sv3vm5b/cpu-0/cpu-idl... by DUThibault Contributor in Splunk Search 01-11-2018 0 5	0	5
Transformation to index events to different index not working Goal I wish to place some events into a longer living index "staging-boeing-audit" for audit purposes. All other eve... by markconlin Path Finder in Splunk Search 01-11-2018 1 12	1	12
I would like to reuse the same field extraction name for multiple sourcetypes. I would like to reuse the same field extraction name for multiple sourcetypes. this will help us create one alertfor... by vikram_m Path Finder in Splunk Search 01-11-2018 0 3	0	3
Why is my search to match events from a lookup not returning results with my current lookup definition and configuration? I'm sure this has been answered already, but I'm hoping if I write what I did down, someone can point out what I've m... by reswob4 Builder in Splunk Search 01-11-2018 0 7	0	7
Need help in trending chart with one single line Hi , When i select a value from filter which has both true and false values , i am getting trending lines for both .... by umsundar2015 Path Finder in Splunk Search 01-11-2018 0 5	0	5
help regex I have this kind of logs 00:00:47: %LINK-3-UPDOWN: Interface GigabitEthernet0/1, changed state to down 00:00:48: %... by DiviR Engager in Splunk Search 01-11-2018 0 3	0	3
How to get the sum according to field values? Hi Guys, I am counting the number of events from field name "LOCATION".This Field have 4 locations, Location A,B,C a... by auaave Communicator in Splunk Search 01-10-2018 0 4	0	4
Remove rows with NULL from final search output My working query returns a table with some NULL fields. This is because the query match the initial result with a loo... by gingyish New Member in Splunk Search 01-10-2018 0 1	0	1
Removing result based on timestamp Hello, I have the following query 1.1.1.1 11 2.2.2.2 22 ciscoasafw index=firewall results are 10/01/2018 14:22:50... by rebelnn New Member in Splunk Search 01-10-2018 0 3	0	3
How many indexes can be specified for srchIndexesAllowed in authorize.conf? I wonder if there is a limit on the number of indexes specified in srchIndexesAllowed of authorize.conf. We currently... by ddrillic Ultra Champion in Splunk Search 01-10-2018 0 2	0	2
Spanning event between start and end time and displaying it on one chart Hi, I need some help displaying events on a time chart. In each event, I have a start time and end time field in epoc... by vitalysim87 New Member in Splunk Search 01-10-2018 0 6	0	6
License Usage past 30 days don't work There is no results found when i use this dashboard in splunk 6.0 but the first one (today) is working. How can i fi... by ddarmand Communicator in Splunk Search 01-10-2018 3 8	3	8
Combine RegEx with a condition Assume the following squid log samples: (squid-1): 1515606581.001 100 1.2.3.4 TCP_TUNNEL/200 500 CONNECT some.fqdn.c... by mkrauss1 Explorer in Splunk Search 01-10-2018 0 3	0	3
How to merge and make one result out of multiple results HI, I have a result which displays common starting URI. but I have to combine it to one and have the result, how can... by raviteja029 Explorer in Splunk Search 01-10-2018 0 10	0	10
timechart start at certain time I have data similiar to the following - this is just a subset as the full data file contains 4 days worth of data. T... by dmoulais New Member in Splunk Search 01-10-2018 0 1	0	1
merge two data sets Hi, I have two sets of data (A and B): A \| B 8 \| 6 2 \| 6 10 \| 8 6 \| 8 I want to count and mer... by jakushok New Member in Splunk Search 01-10-2018 0 1	0	1
Can we schedule a job which runs the attached query on database every day and also email of the output should be delivered to email address I want to schedule a job which runs the attached query on database every day and also email of the output should be d... by vevo99 New Member in Splunk Search 01-10-2018 0 1	0	1
Split a column in the search data into multiple columns Hi All, I have a file of Tickets to analyse. I want to arrange the data as per the following image. What can I do to... by shiv1593 Communicator in Splunk Search 01-10-2018 0 4	0	4
Multiple grouping ofdata over chart I have to group defects based on severity and again based on release.the chart should contain multiple grouping first... by ujwalagangakoth New Member in Splunk Search 01-10-2018 0 2	0	2
General question on concatenation or joining two indexes for data Hi all, I read a few searches on this topic but I wasn't able to get this to work for me. I have two datasources, o... by brian1_tate Path Finder in Splunk Search 01-10-2018 0 2	0	2
How can you change the width of a column in a table(HTML) or add a new line break to a field? Hello! So I am running into a problem where my table visualization looks weird because one of my columns is too long.... by kdimaria Communicator in Splunk Search 01-10-2018 1 3	1	3
how to get middle string from source field in splunk sourcetype=XXX "Server has been shutdown" \| table _time, host, tag::host, _raw,source,field hear my source is /opt/M... by sreebms New Member in Splunk Search 01-10-2018 0 2	0	2
Splunk indexing issues for logs: WatchedFile - Checksum for seekptr didn't match Hello Everyone, I have a questions regarding ingesting log files which doesn't have time stamp in the file name. ... by rchittip Path Finder in Splunk Search 01-10-2018 0 3	0	3