Splunk Search

Discussions

Thread Info

Why is my eval calculation not displaying in table?

Hi all, I am trying to display a calculation for the failure rate when taking into consideration the volume of all...

by Explorer in

How to edit my search to find if any userIDs in a lookup table exist in URL strings in proxy logs?

I have a lookup table that contains all userIDs from Active Directory. I have proxy logs that I would like to determi...

by Explorer in

How to send splunk events into ftp server

Hi All, How to send splunk events into ftp server.based on scheduled time

by Path Finder in

How to write a search to calculate how much data was indexed every hour for each host?

index=windows is my index name, and I want to calculate that index size for every hour for each host... Please provid...

by New Member in

How to add an additional column in my results from a lookup file?

Hi , Need your help in adding additional column in my results table from lookup file We have below search which...

by Path Finder in

How to create a report to count events per day over a 6 month time span?

I am looking to set up a report counting daily occurrences over a period of 6 months, I want to be able to run this r...

by New Member in

How to parse a JSON array that follows my search string?

My log file has multiple JSONs being printed in one line. {JSON string 1} My Search String : {"key1":"value1","ke...

by Explorer in

How to edit my search to display a timechart showing the percentage of OS usage per month over several months?

Hey there, I'm scratching my head trying to figure out how to do this. Basically, I want to run a report on 6 mon...

by Communicator in

How to edit my current search to remove duplicate rows from the resulting table?

Hi I am using a table which shows up duplicates. Example shown below. Is there a way to write a search which remo...

by Path Finder in

Why is the updated value for a macro being ignored in the search for a real time alert?

We are using a macro to maintain a list of hosts that are "under maintenance" and updating the value of this macro us...

by Explorer in

How to restore the data lost from a lookup file that was overwritten by the outputlookup command?

I was using one lookup file in dashboards. Mistakenly, the outputlookup command was fired and the file was overwritte...

by New Member in

Why is an updated ulimit for a Splunk user account on a forwarder not reflected in a Splunk search?

Hi All, I updated the ulimit settings for a Splunk user account on a forwarder from 8192 to 10240. I checked in th...

by Communicator in

How to remove CSV headers from raw data in order to extract fields and separate events?

Good morning. I hope you can help. I am currently trying to monitor specific files (in .csv format) that are updat...

by Path Finder in

Why is my post process search not displaying all columns in tables?

Hi, I have created a dashboard with 4 panels. I have post process and below is the xml, but some how all columns a...

by Communicator in

Why is the top command not working when searching in two indexes?

Hello all, For some reason, the search below isn't working for me... I am trying to search for the Top 25 Business...

by New Member in

Single Value Trend Interval: How to compare values from "start of the day to current time" with the same time period yesterday (-1d@d)?

In a single value trend interval, I am trying to compare number of certs issued "from start of the day to current tim...

by Builder in

Why is foreach with wildcards not picking up all fields in my search?

I'm not exactly sure why this isn't working. I couldn't find it in the documentation. I'm on 6.4.3. basic search |...

by Communicator in

Using inline REX to extract duplicate hosts, how do I identify the unique number of hosts reporting from a source?

I am trying to identify the unique number of hosts reporting from a source. When the source is indexed, the host fiel...

by Engager in

How to dynamically search logs with terms like "error" or "exception"?

HI, i have logs written by Tomcat application i have a table which displays time, environment, applicationame, and lo...

by Communicator in

How to edit my search to filter transactions based on standard deviation of event count?

I have a search that is grouping events into transactions and includes the eventcount as part of it. The transaction ...

by Explorer in

How to build a regular expression that will capture multiple numbers in a field?

my log looks like below and i wanted to know if i could make a single regular expression to extract all xxx-xxx numbe...

by Path Finder in

How to make a time chart with a list of time values I extracted with rex?

I have timestamps in my logs like this: [23/Oct/2016:23:56:00 --0700] I extracted them from my log files with ...

by Explorer in

What's the best way to version control a lookuptable?

I have a Splunk app I'm building that will eventually be bundled ( .tgz ). The app has an optional csv file that the ...

by Communicator in

How to extract multiple values for multiple fields from my sample multiline event using rex?

Below is my mentioned sample event details. I want to extract fields into a table using regex operations. I need to o...

by Engager in

How do you quantify how much data is coming in for a specific key-value pair?

I am trying to find out just how much data is coming in for a specific key value pair? So we have only two sourcetype...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my eval calculation not displaying in table?

How to edit my search to find if any userIDs in a lookup table exist in URL strings in proxy logs?

How to send splunk events into ftp server

How to write a search to calculate how much data was indexed every hour for each host?

How to add an additional column in my results from a lookup file?

How to create a report to count events per day over a 6 month time span?

How to parse a JSON array that follows my search string?

How to edit my search to display a timechart showing the percentage of OS usage per month over several months?

How to edit my current search to remove duplicate rows from the resulting table?

Why is the updated value for a macro being ignored in the search for a real time alert?

How to restore the data lost from a lookup file that was overwritten by the outputlookup command?

Why is an updated ulimit for a Splunk user account on a forwarder not reflected in a Splunk search?

How to remove CSV headers from raw data in order to extract fields and separate events?

Why is my post process search not displaying all columns in tables?

Why is the top command not working when searching in two indexes?

Single Value Trend Interval: How to compare values from "start of the day to current time" with the same time period yesterday (-1d@d)?

Why is foreach with wildcards not picking up all fields in my search?

Using inline REX to extract duplicate hosts, how do I identify the unique number of hosts reporting from a source?

How to dynamically search logs with terms like "error" or "exception"?

How to edit my search to filter transactions based on standard deviation of event count?

How to build a regular expression that will capture multiple numbers in a field?

How to make a time chart with a list of time values I extracted with rex?

What's the best way to version control a lookuptable?

How to extract multiple values for multiple fields from my sample multiline event using rex?

How do you quantify how much data is coming in for a specific key-value pair?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions