Splunk Search

Discussions

Thread Info

index only a part of a logfile

is there a way in Splunk to index only the event of a log files that contains a specific expression or doesn't contai...

by Explorer in

Search for multiple keywords.

Hi, I want to do a search having multiple strings. Example: Consider,I am looking for SearchKey1 and SerachKey2...

by New Member in

Field extractions with default value

Can a field extraction be devised so that it has a default value when the regex is not matched? I have defined an ...

by Explorer in

Assigning a max value from one field as a new field

I am attempting to write a search that creates arbitrary "buckets" for qualifying events using a numeric code (1-5). ...

by Builder in

Googlemaps local IP lookups for geoip and populating _geo

I have the GoogleMaps app and MAXMIND installed. I have a stream of syslog data that I am extracting a Field named...

by Explorer in

The files props.conf and transform.conf don't work

Hi guys, I did the following configuration in props.conf in the splunk: C:\Program Files\Splunk\etc\system\loca...

by Contributor in

Timechart Graph extends into the future

index=summary_security earliest=-1d@d latest=now orig_sourcetype=dhcp | timechart count by orig_sourcetype | eval mar...

by Path Finder in

Empty Lookup Tables - disable warning banner

version 6 I maintain a set of csv files as lookup tables and everything works perfectly fine with one exception. I...

by New Member in

searchFieldsToDisplay order

I cant manage to find a way to order my select as I want. I got this script: <module name="SearchSelectLis...

by Communicator in

Some hosts come in as IP some as hostname easy way to make searching easier?

Hey, So we have a few hundred hosts coming in, some come in as dns hostname, some come in as IP address. What is t...

by Path Finder in

サーチ結果をpie chartに反映する

以下のデータは、A〜Dのネットワークのトラフィックを表しています。このA〜Dそれぞれの合計値をパイチャートに結果と反映するために、以下のサーチを組んだのですが、statisticsでは結果が出せても、それをパイチャートに反映...

by Contributor in

Parse first/last error in an event

I have an event that has multiple lines, it can have multiple Errors in the event and I need to query either the firs...

by Path Finder in

changing column name

host=server| eval size = len(_raw) | eval DSize = round(size/1024,2)| chart count(counter),sum(DSize) as "Daily index...

by Explorer in

Set Expiry Time for a saved Search with an action script

Hi All, I have a set of saved searches which i have scheduled for run for every 15 min interval. Each of the saved...

by Path Finder in

Query with Thousands of "OR"s

Greetings, I want to know the least resource intensive way of searching thousands of URLs in one search. So what I...

by Builder in

join two table

hi all , after using the below search i got one table which has the transactional data as source="aaa"|transact...

by Communicator in

Using Stats Command

this search works great to provide me a list of hosts showing how much license usage over a 1 day period, but when I ...

by Explorer in

Self Join Statement does not work

Self Join Statement does not work Host Demo RequestID | Method | Type 111 Method_X 1 222 Method_T 1 11...

by Explorer in

grouped graphing over time

Hi, I have a csv file which contains the following information: Date,Pool,DiskType,RaidType,Description,UserCapacity,...

by New Member in

Using Lookuptables

Hello, I've got a "Report A" that creates a lookuptable. Is it possible to tell "Report B" (this Report is using t...

by Motivator in

Splunk Search

Discussions

index only a part of a logfile

Search for multiple keywords.

Field extractions with default value

Assigning a max value from one field as a new field

Googlemaps local IP lookups for geoip and populating _geo

The files props.conf and transform.conf don't work

Timechart Graph extends into the future

Empty Lookup Tables - disable warning banner

searchFieldsToDisplay order

Some hosts come in as IP some as hostname easy way to make searching easier?

サーチ結果をpie chartに反映する

Parse first/last error in an event

changing column name

Set Expiry Time for a saved Search with an action script

Query with Thousands of "OR"s

join two table

Using Stats Command

Self Join Statement does not work

grouped graphing over time

Using Lookuptables

Why isn't transaction working for me?

How to determine working duration of user on Chang...

ML Users hitting Limits

Splunk dashboard single value trendinterval as dyn...

Adding appendcols to table to produce two curves