Splunk Search

Thread Info

How to restore the data lost from a lookup file that was overwritten by the outputlookup command?

I was using one lookup file in dashboards. Mistakenly, the outputlookup command was fired and the file was overwritte...

by New Member in

Why is an updated ulimit for a Splunk user account on a forwarder not reflected in a Splunk search?

Hi All, I updated the ulimit settings for a Splunk user account on a forwarder from 8192 to 10240. I checked in th...

by Communicator in

How to remove CSV headers from raw data in order to extract fields and separate events?

Good morning. I hope you can help. I am currently trying to monitor specific files (in .csv format) that are updat...

by Path Finder in

Why is my post process search not displaying all columns in tables?

Hi, I have created a dashboard with 4 panels. I have post process and below is the xml, but some how all columns a...

by Communicator in

Why is the top command not working when searching in two indexes?

Hello all, For some reason, the search below isn't working for me... I am trying to search for the Top 25 Business...

by New Member in

Single Value Trend Interval: How to compare values from "start of the day to current time" with the same time period yesterday (-1d@d)?

In a single value trend interval, I am trying to compare number of certs issued "from start of the day to current tim...

by Builder in

Why is foreach with wildcards not picking up all fields in my search?

I'm not exactly sure why this isn't working. I couldn't find it in the documentation. I'm on 6.4.3. basic search |...

by Communicator in

Using inline REX to extract duplicate hosts, how do I identify the unique number of hosts reporting from a source?

I am trying to identify the unique number of hosts reporting from a source. When the source is indexed, the host fiel...

by Engager in

How to dynamically search logs with terms like "error" or "exception"?

HI, i have logs written by Tomcat application i have a table which displays time, environment, applicationame, and lo...

by Communicator in

How to edit my search to filter transactions based on standard deviation of event count?

I have a search that is grouping events into transactions and includes the eventcount as part of it. The transaction ...

by Explorer in

How to build a regular expression that will capture multiple numbers in a field?

my log looks like below and i wanted to know if i could make a single regular expression to extract all xxx-xxx numbe...

by Path Finder in

How to make a time chart with a list of time values I extracted with rex?

I have timestamps in my logs like this: [23/Oct/2016:23:56:00 --0700] I extracted them from my log files with ...

by Explorer in

What's the best way to version control a lookuptable?

I have a Splunk app I'm building that will eventually be bundled ( .tgz ). The app has an optional csv file that the ...

by Communicator in

How to extract multiple values for multiple fields from my sample multiline event using rex?

Below is my mentioned sample event details. I want to extract fields into a table using regex operations. I need to o...

by Engager in

How do you quantify how much data is coming in for a specific key-value pair?

I am trying to find out just how much data is coming in for a specific key value pair? So we have only two sourcetype...

by Explorer in

How to write a recursive search to build a tree structure?

I have a csv index imported in Splunk and it represents static pairs "child-account" structure i,e: account,parent...

by Explorer in

How to edit my search to calculate a field?

Hi, I am trying to calculate a field from a data that I receive from a vulnerability system. severity field r...

by Path Finder in

How to write a transaction search to expand multivalued fields into separate single value events?

Hi, I'm having difficulties expanding a multivalued Transaction event back into individual events. The overall goa...

by Explorer in

How to create a time chart using multiple custom time fields, not _time?

I'm trying to chart two different things in the same graph using two different custom time fields. It almost works (t...

by Engager in

How to build a search that compares the results of 2 dates and shows delta?

I have the following data Date Server Value 1st Jan abc 10 1st Jan xyz ...

by Path Finder in

How to search errors for last month and the current month, and find what errors are new based on the error message?

I haven't found any resource in the threads on how to do this, but what I would like to do is ask Splunk: Get me e...

by New Member in

How can I use the lookup command where the target field is the root of the source field?

Hello all, I have to use a lookup to get data but the problem is that the source field for the lookup is longer th...

by Motivator in

How to display my table in xyseries?

I Have the following Display Domain Application ReportingMonth Price ADD Dotnet ...

by Engager in

How to write a search to monitor data center traffic?

Hello All, I have 2 CIDR lookup files uploaded in Splunk with all necessary configurations done. fFirst Lookup fi...

by Explorer in

How to search for a pair of substrings in a subsearch to filter my results?

Hi at all, I have a lookup with two fields: field1field2 I have to filter a search using the pairs of the two f...

by SplunkTrust in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

How to restore the data lost from a lookup file that was overwritten by the outputlookup command?

Why is an updated ulimit for a Splunk user account on a forwarder not reflected in a Splunk search?

How to remove CSV headers from raw data in order to extract fields and separate events?

Why is my post process search not displaying all columns in tables?

Why is the top command not working when searching in two indexes?

Single Value Trend Interval: How to compare values from "start of the day to current time" with the same time period yesterday (-1d@d)?

Why is foreach with wildcards not picking up all fields in my search?

Using inline REX to extract duplicate hosts, how do I identify the unique number of hosts reporting from a source?

How to dynamically search logs with terms like "error" or "exception"?

How to edit my search to filter transactions based on standard deviation of event count?

How to build a regular expression that will capture multiple numbers in a field?

How to make a time chart with a list of time values I extracted with rex?

What's the best way to version control a lookuptable?

How to extract multiple values for multiple fields from my sample multiline event using rex?

How do you quantify how much data is coming in for a specific key-value pair?

How to write a recursive search to build a tree structure?

How to edit my search to calculate a field?

How to write a transaction search to expand multivalued fields into separate single value events?

How to create a time chart using multiple custom time fields, not _time?

How to build a search that compares the results of 2 dates and shows delta?

How to search errors for last month and the current month, and find what errors are new based on the error message?

How can I use the lookup command where the target field is the root of the source field?

How to display my table in xyseries?

How to write a search to monitor data center traffic?

How to search for a pair of substrings in a subsearch to filter my results?

Buttercup Games: Further Dashboarding Techniques (Part 7)

Stay Connected: Your Guide to April Tech Talks, Office Hours, and Webinars!

Mastering Data Pipelines: Unlocking Value with Splunk

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...