Splunk Search

Discussions

Thread Info

Native Chart Format Limitations

I'm trying to build a timechart (line graph) over 13 years using a 12 month span. My search to generate the visual...

by Contributor in

Converting a timestamp, but the hour always becomes: 00

Hi, I was hoping for help on this. I want to reformat a date as follows (and if there is an easier--more condense way...

by Path Finder in

Changing sourcetype with regex

I try this in transforms.conf : [Hirschmann] DEST_KEY = MetaData:Sourcetype REGEX = "\S[A-Z]+\s[0-9]+\s[0-9]+:[0-...

by Communicator in

define and search on space delimited fields

Hi, I have the following data: (time x y word1 word2 ) 20131116-162406.698 569 609 burbled his 20131116-162407.59...

by New Member in

Multi-value Field extraction

Hello, I would like to create a multi-value field for my data, how can i do that? here's a sample of my data (S...

by Explorer in

how to create slide charts based on time in splunk using simple xml

Hi all, how to create charts slide show based on time in splunk using simple xml,can u plz help me......

by Path Finder in

Correlating results from different searches

I am trying to generate a report that returns a number of different account activities, specifically when new account...

by Communicator in

How to search for a field whose value is *

Hi I have a field whose value is "*", When i use that field value pair splunk is assuming it as a wildcard and ret...

by Path Finder in

How can I color fields in a table based on date?

Requirements: I have a dashboard to display a table containing a list of my sourcetypes with the first date last date...

by Path Finder in

cron in decimal

I use Splunk 5.0.1 I want a scheduled search to run by 2.5 hours. Does the search accept decimal values? like f...

by Path Finder in

Count filled rows in multiple columns

I have a table that has three columns. Normally the columns will have different numbers of entries, for example Col1 ...

by Builder in

Search time Time-fields

Hello, I have defined a search macro which is taking 3 arguments: starttime, endtime, (starttime-1y). This works v...

by Path Finder in

How do i capture login ID as the same field across two differently-formatted logs?

Hi, Looking for ideas on how to attack a problem... I have a couple of different systems (servers and vpn's) an...

by Champion in

Data from large search deleting during search. How do I override?

I have a user that is reporting that data is dropping out from a large search in splunk after a time. The user report...

by New Member in

Adding results, fields from two different queries

I have two completely different queries which of them output fields like below The output of the fields will be ju...

by Influencer in

Color in a table based on cell values on 6.0

Does anybody know how to configure the necessary .js and .css in an app to color the backgrounds of cells in a table ...

by Motivator in

Regex error

I am trying to validate that the user has entered their phone number in this format (555) 555-5555. I keep getting th...

by Engager in

newbie question

Hi basic question. How do i search data and return results on content that has a colon in it? Such as Ser...

by New Member in

How to combine results from 2 servers into 1 combined field?

Hello, Is there a way to combine the results for 2 different servers (DNS names) into a third field that becomes t...

by Builder in

How to build a tranform which applies to a events with a field value found in a provided list

I have a index time transform which is a bit loose in what it matches. I would like to limit it to a whitelist of ind...

by Communicator in

Splunk Search

Discussions

Native Chart Format Limitations

Converting a timestamp, but the hour always becomes: 00

Changing sourcetype with regex

define and search on space delimited fields

Multi-value Field extraction

how to create slide charts based on time in splunk using simple xml

Correlating results from different searches

How to search for a field whose value is *

How can I color fields in a table based on date?

cron in decimal

Count filled rows in multiple columns

Search time Time-fields

How do i capture login ID as the same field across two differently-formatted logs?

Data from large search deleting during search. How do I override?

Adding results, fields from two different queries

Color in a table based on cell values on 6.0

Regex error

newbie question

How to combine results from 2 servers into 1 combined field?

How to build a tranform which applies to a events with a field value found in a provided list

Conditional cell format without JS?

ldapfilter does not return all attributes

Observing 30 mins dip in my Splunk Graph

When there is no result filed is displays as &quot...

SPLUNK ITSI (Cloud)