Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
like2splunk

How to Extract a particular string with the lowest respective Value in a single event

Hello everyone, I am trying to identify the resultant ERROR from a given event. My search is in italics bellow and an...
by like2splunk Explorer in Splunk Search 03-21-2017
0 4
0
4
wiggler

how to get the number of records of a field and sum up and show records more than one

Hi everyone. I would like to ask what is the function to get the number of records in a field? So here's my scenari...
by wiggler Explorer in Splunk Search 03-21-2017
0 4
0
4
clesto

Why does my regular expression provide inconsistent results for my field extraction?

I'm attempting to set up a Field Extraction for a log files we're forwarding from an LDAP server. For the most part ...
by clesto Explorer in Splunk Search 03-21-2017
0 9
0
9
aarontimko

Rangemap cell formatting for multiple tables

I am trying to make a simple NOC dashboard which has value-based cell formatting for multiples tables. (Before going ...
by aarontimko Path Finder in Splunk Search 03-21-2017
1 4
1
4
balendra

How to create a timechart from calculated value?

Hello I have a search to plot the calculated value over time. However the search is not working as expected. | eval...
by balendra New Member in Splunk Search 03-21-2017
0 4
0
4
echojacques

Has anyone implemented whois lookups?

Hello, Has anyone implemented whois lookups in Splunk - and if so, how did you do it? I tried the whois add-on @ ht...
by echojacques Builder in Splunk Search 03-21-2017
0 4
0
4
chetanhonnavile

How to use wildcard characters in Splunk search?

How do i use wildcard characters in my Splunk search? For example : i am looking for only 4xx http errors . index=...
by chetanhonnavile Explorer in Splunk Search 03-21-2017
0 2
0
2
tac24

How to calculate the round trip time by the modulo-type sequence number without using join command?

By monitoring "ping" packets with tcpdump software, the following records are saved as an example. The first two r...
by tac24 New Member in Splunk Search 03-21-2017
0 8
0
8
teresa1688

My initial REST call to search returned debug information

I have installed splunk on my pc (windows7) and start to play with REST web service calls to perform search. I can se...
by teresa1688 Explorer in Splunk Search 03-21-2017
0 3
0
3
prashanthberam

How to edit my search to convert values in seconds to days, hours, minutes, seconds, and milliseconds?

i have values with seconds so i need to convert those into days, hours, minutes, seconds, and milliseconds. i am usin...
by prashanthberam Explorer in Splunk Search 03-21-2017
0 4
0
4
SamChang

[subsearch]: Search auto-finalized after time limit reached (30 seconds). Results may be incomplete.

Dear Sir When I run a long search. The Splunk always reponsd this message. [subsearch]: Search auto-finalized after...
by SamChang Path Finder in Splunk Search 03-21-2017
2 12
2
12
showard22

How to use regex command to match a certain amount of characters in a field?

I want to use Splunk to match on a field name for accounts with exactly 4 characters, all numbers and letters. I kee...
by showard22 New Member in Splunk Search 03-21-2017
0 4
0
4
shreyans

how to make parent child lookup for multiple levels of child with multiple type of child

Hi, I have parent child relation data in splunk (based on dbid field) Example 1.Parent Event <parent> <dbid>10</dbid...
by shreyans Path Finder in Splunk Search 03-21-2017
0 4
0
4
dhsetty

How to delete Queried results from Splunk DB which are indexed?

event_start=1 event_stop=500 search_parms = {'date_from': '1/10/2016:05:00', 'start': event_start, 'stop': event_sto...
by dhsetty Explorer in Splunk Search 03-21-2017
0 2
0
2
pakerwe

How to JOIN the same table?

Hi, i've this table R VIP state R1 1.1.1.1 Master R2 1.1.1.1 Backup I want t...
by pakerwe New Member in Splunk Search 03-21-2017
0 10
0
10
tkwaller

Regex Field Extraction

Hello I am trying to extract the username from windows security event logs. It seems that there are 2 account name f...
by tkwaller Builder in Splunk Search 03-21-2017
0 17
0
17
sassens1

How to edit my search to display daily license usage and total license usage on a chart, with current license volume as a chart overlay?

Hi I'm struggling to find out how to add an overlay or something that will display the daily license usage for speci...
by sassens1 Path Finder in Splunk Search 03-21-2017
1 2
1
2
raghu0463

How can I use a temporary table in Splunk?

How can i use Common Table Expressions? i need to store my result in temporary table and use that result later on in...
by raghu0463 Explorer in Splunk Search 03-20-2017
0 3
0
3
yarafatin2

How to edit my search to count the number of requests per IP per 30 minutes?

I need to get the count of requests per IP per 30 minutes. The stats column headers should be clientip and all the 3...
by yarafatin2 New Member in Splunk Search 03-20-2017
0 1
0
1
saqibhome

How to edit my search to filter out results where the HTTP Referrer contains a Blank or a Dash?

I have a search as follows: (Referrer!="*bing*" AND Referrer!="*google*") Note: Referrer is the http_referrer fiel...
by saqibhome Explorer in Splunk Search 03-20-2017
0 3
0
3
Blu3fish

How to edit my search to plot time ranges for hosts based on start/stop events?

I'm trying to create a search that'll visualize when a network scan is being run against a particular target. To do t...
by Blu3fish Path Finder in Splunk Search 03-20-2017
0 1
0
1
FeatureCreeep

How to create dynamic columns based on calculated data?

I have transaction records that are pretty clear. OperationType=singon Client=abc IsSuccess=1 OperationType=changePa...
by FeatureCreeep Path Finder in Splunk Search 03-20-2017
1 6
1
6
sylim_splunk

Why is search syntax highlighting not working in Splunk 6.5.2?

Our search heads syntax highlighting does not function for any of search commands. This is with search_syntax_highlig...
by sylim_splunk Splunk Employee Splunk Employee in Splunk Search 03-20-2017
0 1
0
1
Lucas_Henry_

Is there a way to search for a list of strings, and for each match, put that string as the value of the same field?

Is there a way to search for a list of strings, and for each match, put that string as the value of the same field? ...
by Lucas_Henry_ New Member in Splunk Search 03-20-2017
0 24
0
24
moesaidi

How to generate a search to find increment user ID attempts?

I have a set of Apache access_logs where a URL is something similar to: http://mydomain.com/user.php?userid=123 I'm ...
by moesaidi Path Finder in Splunk Search 03-20-2017
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Developer Day announcements: AI agents, MCP tools, Forecasting, and Custom ...

Splunk Developer Day was packed with product and platform updates for developers building in the AI ...