Splunk Search

Discussions

Thread Info

Why does my Hunk search partially completes then displays message "ChunkedOutputStreamReader: Invalid transport header line"?

Hi, When I search for events from the virtual index, I start to receive events but the query only finishes partial...

by Builder in

Why am I unable to search event data for license_usage.log?

Hi Guys, I am unable to search the event data for license_usage.log , whereas I can see the log file getting updated ...

by Path Finder in

How to search and develop a chart for license usage by index over 2 days with column displaying the percent change?

Hi All, Does anyone have a search/report that shows all of your indexes with usage by day vs the previous day with...

by Path Finder in

How to edit my search to get the total count of two search queries?

I have the following query which gives me a Total count of 2 searches but after evaluating, I am not getting the Tota...

by Path Finder in

How can I write a search that shows just the first N characters of each line in my logs?

I have logs including some very long lines. To get overview of activity, I want to write a search that shows just the...

by Engager in

Why are my strftime searches not returning any results?

Simple question: both of these return null. Any idea why? | eval createDt1 = strftime("2013-03-22 11:22:33","%s") ...

by Explorer in

How to find value from lookup table dynamically by matching substring in field value?

Hi, I would like to know how to find value from lookup table dynamically by matching string in field value. For...

by New Member in

Display values inside the chart without mouse pop up

Hi all, Is there any possibility to show values inside the chart without bringing mouse over it. It should always ...

by Path Finder in

help with rex

Trying to evaluate the below: 1min=1;5min=1;60min=1;24hr=1 Below seem to be not working. Anything wrong with t...

by New Member in

rex usage in splunk

Hi, i am trying to create a pie chart with gives %age up and down time of a system. Splunk mines a log file with the ...

by Explorer in

How to calculate the sum of selected values by excluding other values in a multivalue field?

Hello, I would like to know how to calculate sum of selected values by excluding other values in a multivalue fiel...

by New Member in

How to edit my search in order to use the result from one calculation in another calculation?

Hi there, I am trying to calculate the percent of failure types by the total number of transactions (including whe...

by Explorer in

What is the best way to exclude 2 or more countries from iplocation src_ip results?

Let's say I want to look up IP location for all IPs by user, but I want to exclude 2 or more countries? For examp...

by Contributor in

How to extract the integer values from my sample log?

Hi Everyone, Could you please anyone help me to extract the Integer values from the below log? Please share the qu...

by Explorer in

Need your help to write query for below requirement.

Hi Everyone, Could you please anyone help me to extract the seconds values from the below log, please share the qu...

by Explorer in

rex error help

The regular expression is correct according to RegExr, but i keep on getting this error Error in 'rex' command: En...

by Path Finder in

rex field extraction

I am getting familiar with splunk commands, trying to extract hostname from an extracted field called monitor_name. m...

by Communicator in

How to chronologically sort headers in a table?

I have the following table ApplicationGroup 0-10 10-20 101-150 151-200 20-30 20...

by Engager in

How I can monitor my Splunk universal forwarder to make sure the forwarder is working as expected?

Hello! Recently noticed some universal forwarders hang and not sending logs to indexer. So, how I can monitor my ...

by Communicator in

How to write a Splunk transaction search that is similar to grep Before and After string pattern

Hi, I wanted to find transactions in logs using "startswith" and "endswith" but my log record does not have a comm...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does my Hunk search partially completes then displays message "ChunkedOutputStreamReader: Invalid transport header line"?

Why am I unable to search event data for license_usage.log?

How to search and develop a chart for license usage by index over 2 days with column displaying the percent change?

How to edit my search to get the total count of two search queries?

How can I write a search that shows just the first N characters of each line in my logs?

Why are my strftime searches not returning any results?

How to find value from lookup table dynamically by matching substring in field value?

Display values inside the chart without mouse pop up

help with rex

rex usage in splunk

How to calculate the sum of selected values by excluding other values in a multivalue field?

How to edit my search in order to use the result from one calculation in another calculation?

What is the best way to exclude 2 or more countries from iplocation src_ip results?

How to extract the integer values from my sample log?

Need your help to write query for below requirement.

rex error help

rex field extraction

How to chronologically sort headers in a table?

How I can monitor my Splunk universal forwarder to make sure the forwarder is working as expected?

How to write a Splunk transaction search that is similar to grep Before and After string pattern

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Reminder! Splunk Love Promo: $25 Visa Gift Card for Your Honest SOAR Review With ...

How to fetch REQUEST and RESPONSE events based on ...

How to create a chart from output of index and dat...

Why are there Different results with "earliest" th...

Bucket and eval result to percentage calculation

Can I index into array in my search to pull two sp...