Splunk Search

Discussions

Thread Info

How do you obtain an attribute present in numerous sourcetypes?

I want to find any IP addr present in numerous sourcetypes. That is, the IP Addr MUST be present in ALL sourcetypes: ...

by New Member in

Setting table headers?

I have a transposed table, and I want to change the header. Because of being transposed, it looks like this now: <hea...

by Communicator in

Top 10 values and other to be Grouped in "OTHERS"..??

Hi All, I am bit new to this Splunk I am able to get top 10 values but not able to group other ( not in top 10 ) i...

by Contributor in

REST API/Curl help

Hi, I have a search that runs within Splunk, but when I try it via curl, I get an error. Hoping someone can help m...

by Champion in

How to debug transforms.conf regex errors

Hi I have a logfile with different formated lines and I want to extract comon fields . My props.conf looks like: ...

by Explorer in

How i get Avg, Max, Min for every 5 min interval one by one in row?

I create query which give total Average, min and max value in one row i need the result come in every 5 minuet Avg, M...

by Communicator in

Help with search and stats

Hi, I need to report on the latest events per two fields - remotehost and FS_Name. The FS_Name could be the same o...

by Champion in

format command using up memory

I got a simple search which uses format command and I noticed that the search uses up much more memory than when I do...

by Contributor in

predict does not span the full dataset

Hello all, Using Splunk 6.2.1 enterprise, with the wonderfull "predict" feature on my dataset. Can't seem to sol...

by Path Finder in

Using "eventtype" inside "if" function of "eval" command?

This is a repost from the forums and includes the question AND THE ANSWER!</p> QUESTION: I have an event define...

by Esteemed Legend in

radial/marker/and filler gauge viualistions + controlling the ranges dynamically

I am looking at the radial/marker/and filler gauge viualistions. As I understand it I have to have my search so t...

by Motivator in

Unpivoting a lookup table

I have an interesting lookup table problem. I essentially want to unpivot a lookup table (in other words I have multi...

by Communicator in

stats count not work in sub query?

I create a query which have sub query i want total number of event on sub query but they show blank result My Que...

by Communicator in

Why would Transaction with endswith option return incorrect duration?

Following query with Transaction without endswith host=phenix ("Scheduler started" OR "Scheduler stopped" OR "Res...

by Contributor in

Return all rows in which field value included in subsearch result

Hello! I guess I need something like selfjoin, but selfjoin joins to itself, when I have to filter results with subse...

by New Member in

Lookup Works from Search Head, But Not From Indexer?

I am trying to run a search that populates a summary index using a lookup. The lookup works just fine on the sear...

by Builder in

How to write the regex to parse comma separated values for a single field in a log?

I need some help trying to parse a log that may have something like the following: 192.168.x.x process: field_a (...

by Path Finder in

How do I report on timestamps for earliest and latest field values for multiple events in a search?

I have a list of logs that are relevant to a specific sourcetype and serial Number. My search results in the followin...

by New Member in

Why Does Regex Not Match Ampersand?

I have an event field in the format of fieldTitle=Type: This is a description. Sometimes this event field contains an...

by Communicator in

Translate Column values

Hi, Say I have indexed a file that has this structure: 1|A|B 2|C|D I have a mapping like this : 1="Val1" 2=...

by Path Finder in

Splunk Search

Discussions

How do you obtain an attribute present in numerous sourcetypes?

Setting table headers?

Top 10 values and other to be Grouped in "OTHERS"..??

REST API/Curl help

How to debug transforms.conf regex errors

How i get Avg, Max, Min for every 5 min interval one by one in row?

Help with search and stats

format command using up memory

predict does not span the full dataset

Using "eventtype" inside "if" function of "eval" command?

radial/marker/and filler gauge viualistions + controlling the ranges dynamically

Unpivoting a lookup table

stats count not work in sub query?

Why would Transaction with endswith option return incorrect duration?

Return all rows in which field value included in subsearch result

Lookup Works from Search Head, But Not From Indexer?

How to write the regex to parse comma separated values for a single field in a log?

How do I report on timestamps for earliest and latest field values for multiple events in a search?

Why Does Regex Not Match Ampersand?

Translate Column values

Combine Search Results in order to use Start Time ...

Edit Splunk table column values on the UI

Largest files and its sizes in each Linux host

How do I only return the first name listed under e...

Display in range data based on application time ta...