Splunk Search

Discussions

Thread Info

Trouble getting syslog_ng to work on a standalone Splunk instance

Ive install syslog-ng on a standalone splunk instance but cannot get it running - ive looked at the following guide :...

by Path Finder in

Looking for thoughts on using lookup tables when data is indexed

I know I can create lookup tables and use them during a search. We would like to apply that same process to fields as...

by Path Finder in

Why doesn't rex sed work with this expression: s/=[^&]*//g

I have used rex to extract a URL from log message. I then want to eliminate the parameter values so I can build stati...

by New Member in

Different results in iplocation after migrating apps and indexes to new infrastructure

Hi at all, I have a strange behaviour in ip location: I'm migrating some apps and indexes from an old infrastructu...

by SplunkTrust in

How to index a field where identical values have different values for ID?

How to index the same field "A" different values for the unique ID? A set of field "A" values is finite and for each ...

by Engager in

Multi-conditional summation of time

Sample Data: 09/12/2017 23:58:35;E;957690.hostname user=NameHere group=GroupHere project=_pbs_project_default jobname...

by Contributor in

how to use metadata to find the last reporting time of a list of hosts from a lookuptable without getting the "Metadata results may be incomplete: 100000 entries have been received from all peers" Warning

The following is my query | metadata type=hosts | search [| inputlookup hostnames.csv | rename my_hostname as host...

by Builder in

How do I resolve a warning about incomplete metadata results (after 100000+ entries)?

How to resolve the warning "Metadata results may be incomplete: 100000 entries have been received from all peers , an...

by Builder in

Key-value pair extraction -- regex help

We have some snmp data and want to extract the data as a key-value pair Sample var.12345.5.5 = INTEGER: 10 myTa...

by Super Champion in

Is it possible to divide results into buckets of varying sizes?

I'd like to be able to provide a chart that divides data into sets (buckets) of different sizes. The underlying se...

by Builder in

Append * to the end of values in a multivalue input

I have created a multivalue parser from suggestions in the Splunk answers in the following form: [stats count | ev...

by Explorer in

Tried to add a search peer: Error while sending public key to search peer: Connection closed by peer

(attempting 1 Indexer, +1 SH setup) Tried the Following the Instructions from Splunk 1. Log into Splunk Web on the...

by Builder in

Search to see which forwarders reported in the previous 24 hours or if there is a delay in logs?

Hi there, is there any query to find out the forwarders which are reporting for last 1 day or f there is a delay i...

by Path Finder in

How do I dynamically set earliest from subsearch?

Hi folks, been all over this site and google, not finding a working solution. I'm trying to perform a search using...

by Path Finder in

Creating a transposed table in conjunction with stats command

(index=geniachip AND (geniaComplete.flag OR "DVT ready" OR "transfer complete for all banks" OR "lz4.complete*" OR "O...

by Path Finder in

How do you set a default maximum data transfer rate?

Dear Splunkers, is there a maximum KB/s of traffic a forwarder sends to the indexer? I mean is there a limit you c...

by Path Finder in

How to get earliest datetime

I have a field which contains first_found_date and due to some reason it keeps on changing for some of the assets. ...

by Path Finder in

Is there a forensic-type report that handles AD user account properties for PCI and SSAE compliance?

Hello, I'm looking for a way to track total property changes within an AD user's account. As an example, per PCI and...

by Path Finder in

Search help -- my search is inaccurately showing if hosts have been online in the past 24 hours.

I have a query as follows | inputlookup ABCD | search Forward="Yes" | table Region,IPHost, ip_address | rename ...

by Builder in

How to preserve order of json array in search results?

We are on Splunk 6.2.1 We have logging raw json including 'stack_trace' as a json array like this: {"exception_...

by Path Finder in

How to rearrange table by values in a column

So I have the following data as output statistics from a search: User Group Number Andy A ...

by Explorer in

Average of web requests blocked - span of 10 minutes

Hi mates, I'm trying to get the most 10 IP addresses with blocked web requests during a month, but the threshold s...

by New Member in

How do time based lookups apply user time zone?

I have a time based lookup set up with a lookup file containing time values of full days, such as 2017-08-14 (with a ...

by SplunkTrust in

Stats values Into timechart -- I can't get timechart to work

Hi, I wonder whether someone could help me please. I've put together this query: | multisearch [ search `fronte...

by Motivator in

Trying to extract these three fields from XML using regex

Hi! I can not extract three fields from xml using regex. Please tell me how it can be done <VULN number="MP-413771...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Trouble getting syslog_ng to work on a standalone Splunk instance

Looking for thoughts on using lookup tables when data is indexed

Why doesn't rex sed work with this expression: s/=[^&]*//g

Different results in iplocation after migrating apps and indexes to new infrastructure

How to index a field where identical values have different values for ID?

Multi-conditional summation of time

how to use metadata to find the last reporting time of a list of hosts from a lookuptable without getting the "Metadata results may be incomplete: 100000 entries have been received from all peers" Warning

How do I resolve a warning about incomplete metadata results (after 100000+ entries)?

Key-value pair extraction -- regex help

Is it possible to divide results into buckets of varying sizes?

Append * to the end of values in a multivalue input

Tried to add a search peer: Error while sending public key to search peer: Connection closed by peer

Search to see which forwarders reported in the previous 24 hours or if there is a delay in logs?

How do I dynamically set earliest from subsearch?

Creating a transposed table in conjunction with stats command

How do you set a default maximum data transfer rate?

How to get earliest datetime

Is there a forensic-type report that handles AD user account properties for PCI and SSAE compliance?

Search help -- my search is inaccurately showing if hosts have been online in the past 24 hours.

How to preserve order of json array in search results?

How to rearrange table by values in a column

Average of web requests blocked - span of 10 minutes

How do time based lookups apply user time zone?

Stats values Into timechart -- I can't get timechart to work

Trying to extract these three fields from XML using regex

Celebrating Fast Lane: 2025 Authorized Learning Partner of the Year

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Error preventing me from saving search with chart

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions