Splunk Search

Discussions

Thread Info

Work of OR/AND condition search query based on the match & should give the result.

Hi Team, I am trying to populate a panel on the dashboard on the basis of two input fields Profileid & Transact...

by Explorer in

Unrelated lookup table goes missing after setting [replicationBlacklist]

Hi all, we have a non-clustered distributed Splunk. It has a number of big lookup files that are updated regularly. A...

by Path Finder in

Regex help in transforms : key-value extraction and assigning to key

I'm trying to match key-value pair within an SNMP trap message whereby the KEY and VALUE are present in two fields ...

by Super Champion in

How to edit my search to create a table grouped by User based on multiple events?

Hi, I am struggling with the correct way to approach this. I have VPN data that performs 5 posture checks before c...

by Explorer in

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Can you please help with the following search? It returns 0 events. I want all the errors that occurred today, and no...

by New Member in

Best practice for forwarding data to a differently named index?

I have three independent geographic sites, A, B, C. A forth site, Z, needs a searchable copy of all data from A, ...

by Engager in

Does transforms.conf support a regex group based rerouting?

Hi all; I am trying to build some logic for a docker/k8s integration that we are doing through fluentd. Basically ...

by Builder in

How to edit my search to add the total count for the number of times process appears in the logs per host?

index=GenericHostName host=GenericServerName process="GenericServiceName" | fields _time, host, PID, process, source,...

by New Member in

Which online, regular expression editors can I use to validate a regex I generated?

I have extracted regex for a log, need to validate it on programming editor. Which platform do i need to use? Any Onl...

by New Member in

How to set the X-axis range in a time chart

Hi all, I am a relatively new user of splunk, so do be patient with me if you think that my questions had been ans...

by New Member in

Using head command

I have the query with stats, and I want to use head command to retrieve limited events for everyday. But head command...

by Explorer in

Top 10 for every timespan

I have data of mail sending activities of 1000s of customers and need to find the top 10 mail sending customers for e...

by Explorer in

how to iterate a column's values like python in command?

"daily.cld" | rex field=_raw "version: (?\d+.)," | rex field=_raw "sigs: (?\d+.)," | convert timeformat="%Y-%m-%d" ct...

by Explorer in

How to get " stats count as hitcount " for logs saprated by commas in rows

Hi All, Requesting your help with Log Example. I have 54 fields separated by comma The field data is variable ...

by New Member in

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

Hello All, We are in the process of cleaning up unused and Real Time Searches from the system. I can see there are...

by Path Finder in

splunk monitoring console output

Can anyone please explain what is instance freezing due to size , median data age , oldest data age , instances freez...

by Path Finder in

Highlight with color if SLA missed

Hi Team, Below my search from which i am getting the completion time of job. I need ur help for couple. 1 - If ...

by Path Finder in

Splunk Data Input Whitelist: Regex not matching

I am trying to add a directory input monitor to Splunk. In this directory I have many different CSV files. Since ther...

by Engager in

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

When I upgrade Splunk from 6.4.2 to 6.5.1 and search in Splunk Web, then get error: JournalSliceDirectory: Cannot ...

by New Member in

How to find which group was matched in a regex when multiple groups are extracted to the same field?

I am using multiple capturing groups in regex and extracting the value of multiple groups to same field. For ex: ...

by New Member in

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

Basically looking to create a table with matching items ie if I search for the following field username in active dir...

by Engager in

What is the correct way to edit conf files and propagate changes in a search head cluster ?

Let's say I've made an action that triggers configuration replication across the SH Cluster (e.g: created a field ext...

by Explorer in

Eval If statement with searches as arguments

I am using the eval as follows: eval result= if(var1=="All", [search1], [search2]) where search1 and search2 bo...

by Path Finder in

How to find the retention period of an index

Hi here, Query to find the retention period of an particular index in days and all the configurations associated w...

by Path Finder in

Why is the eval command not working for Calculated Fields in Data Model?

I am designing a Data Model wherein I am specifying two or more sourcetypes in the constraints. The eval does not ret...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Work of OR/AND condition search query based on the match & should give the result.

Unrelated lookup table goes missing after setting [replicationBlacklist]

Regex help in transforms : key-value extraction and assigning to key

How to edit my search to create a table grouped by User based on multiple events?

How to edit my search to get new errors from today, and that not occurred in last 7 days?

Best practice for forwarding data to a differently named index?

Does transforms.conf support a regex group based rerouting?

How to edit my search to add the total count for the number of times process appears in the logs per host?

Which online, regular expression editors can I use to validate a regex I generated?

How to set the X-axis range in a time chart

Using head command

Top 10 for every timespan

how to iterate a column's values like python in command?

How to get " stats count as hitcount " for logs saprated by commas in rows

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

splunk monitoring console output

Highlight with color if SLA missed

Splunk Data Input Whitelist: Regex not matching

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

How to find which group was matched in a regex when multiple groups are extracted to the same field?

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

What is the correct way to edit conf files and propagate changes in a search head cluster ?

Eval If statement with searches as arguments

How to find the retention period of an index

Why is the eval command not working for Calculated Fields in Data Model?

New Case Study Shows the Value of Partnering with Splunk Academic Alliance

How to Monitor Google Kubernetes Engine (GKE)

Index This | How can you make 45 using only 4?

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6