Splunk Search

Discussions

Thread Info

Using head command

I have the query with stats, and I want to use head command to retrieve limited events for everyday. But head command...

by Explorer in

Top 10 for every timespan

I have data of mail sending activities of 1000s of customers and need to find the top 10 mail sending customers for e...

by Explorer in

how to iterate a column's values like python in command?

"daily.cld" | rex field=_raw "version: (?\d+.)," | rex field=_raw "sigs: (?\d+.)," | convert timeformat="%Y-%m-%d" ct...

by Explorer in

How to get " stats count as hitcount " for logs saprated by commas in rows

Hi All, Requesting your help with Log Example. I have 54 fields separated by comma The field data is variable ...

by New Member in

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

Hello All, We are in the process of cleaning up unused and Real Time Searches from the system. I can see there are...

by Path Finder in

splunk monitoring console output

Can anyone please explain what is instance freezing due to size , median data age , oldest data age , instances freez...

by Path Finder in

Highlight with color if SLA missed

Hi Team, Below my search from which i am getting the completion time of job. I need ur help for couple. 1 - If ...

by Path Finder in

Splunk Data Input Whitelist: Regex not matching

I am trying to add a directory input monitor to Splunk. In this directory I have many different CSV files. Since ther...

by Engager in

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

When I upgrade Splunk from 6.4.2 to 6.5.1 and search in Splunk Web, then get error: JournalSliceDirectory: Cannot ...

by New Member in

How to find which group was matched in a regex when multiple groups are extracted to the same field?

I am using multiple capturing groups in regex and extracting the value of multiple groups to same field. For ex: ...

by New Member in

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

Basically looking to create a table with matching items ie if I search for the following field username in active dir...

by Engager in

What is the correct way to edit conf files and propagate changes in a search head cluster ?

Let's say I've made an action that triggers configuration replication across the SH Cluster (e.g: created a field ext...

by Explorer in

Eval If statement with searches as arguments

I am using the eval as follows: eval result= if(var1=="All", [search1], [search2]) where search1 and search2 bo...

by Path Finder in

How to find the retention period of an index

Hi here, Query to find the retention period of an particular index in days and all the configurations associated w...

by Path Finder in

Why is the eval command not working for Calculated Fields in Data Model?

I am designing a Data Model wherein I am specifying two or more sourcetypes in the constraints. The eval does not ret...

by Communicator in

How can I escape backslash in a token to modify a search?

I have a search which sometimes I want to do an append, and sometimes not - this should be driven by a dropdown in th...

by Explorer in

How to resolve Splunk from missing some automatically recognized source types?

I have transforms like access-extractions and access-request, which map to the automatically recognized source types ...

by Engager in

How to arrange my bar chart to represent time in chronological order?

Hi, I am reading data from a csv file using a lookup. I need to plot monthly transaction charge volume on a bar c...

by Engager in

json spath variable and timeseries data output i need

I am newbie to splunk Data is json output {"fdc": {"available": 1248, "unavailable": 0, "undefined": 0}, "mwdc": ...

by New Member in

Struggling with a multi-log transaction

I'm trying to establish a transaction. The information is in two different indexes, different sourcetypes, etc. Basic...

by Path Finder in

How to extract values from multivalue field and Count number of co-occurences of values in a table?

Hi! I'm really new to Splunk so please excuse the simplicity of my question. I have an inputlookup table (eg.c...

by Engager in

How to create a line between two markers on a map?

Hello, I have a geographical map on which I have plotted a number of markers/points based on their longitude and l...

by Engager in

How to generate a search to find the all the indexes and their sourcetypes without using a wildcard?

hi, i would like to know the search to find all the indexes and their sourcetypes . But my search is: index=* |...

by Path Finder in

Multiple URL's response time by URL's

Hi All, I have this scenario where i have couple of diff types of URL's like /webapp/wcs/services/Key /webapp/...

by Engager in

What does search error "ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0." mean?

Splunk 6.3.4 - While looking search log - inspect - search.log, I saw this error log, ERROR HTTPClient - Should have ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using head command

Top 10 for every timespan

how to iterate a column's values like python in command?

How to get " stats count as hitcount " for logs saprated by commas in rows

What are the consequences of disabling real-time searches or converting them to saved searches for a Prod environment?

splunk monitoring console output

Highlight with color if SLA missed

Splunk Data Input Whitelist: Regex not matching

"Cannot seek to rawdata offset 0" running a search in Splunk Web after upgrading Splunk Enterprise from 6.4.2 to 6.5.1

How to find which group was matched in a regex when multiple groups are extracted to the same field?

How can I use a dashboard form to search an index for multiple single field values space delimited simultaneously, such as usernames and then in my output match them against another field such as phonenumber, address etc?

What is the correct way to edit conf files and propagate changes in a search head cluster ?

Eval If statement with searches as arguments

How to find the retention period of an index

Why is the eval command not working for Calculated Fields in Data Model?

How can I escape backslash in a token to modify a search?

How to resolve Splunk from missing some automatically recognized source types?

How to arrange my bar chart to represent time in chronological order?

json spath variable and timeseries data output i need

Struggling with a multi-log transaction

How to extract values from multivalue field and Count number of co-occurences of values in a table?

How to create a line between two markers on a map?

How to generate a search to find the all the indexes and their sourcetypes without using a wildcard?

Multiple URL's response time by URL's

What does search error "ERROR HTTPClient - Should have received at least 3 tokens in status line, while getting response code. Only got 0." mean?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!