Splunk Search

Discussions

Thread Info

Can search deal with bracket expansions?

I'm using splunk in HPC use cases that can span hundreds or even thousands of machines contiguously or potentially in...

by Contributor in

How to make an existing field equal a certain value based on the value of another field?

I have a need to make an existing field a value if another field is a certain value. Example: what I want to do: i...

by Explorer in

How do I edit my regular expression for rex to extract all expected fields and values from my sample multiline event?

Here is the logged event: SepsisGraphBuilderImpl: 11252495 MS VitalsGraphBuilderImpl: 2257 MS Mic2GraphBuilder...

by New Member in

Can I force Splunk to set a minimum number of bins for timechart?

Hi, I have a timechart with some data (earliest and latest); Splunk displays 2 bins, and I want to have 20 bins. M...

by Communicator in

use rex to extract last word/number in a line

Hi, I have logs like theses: blah blah (Linux+amd64+2.6.18-308.11.1.el5;+Java+HotSpot(TM)+64-Bit+Server+VM+20.5...

by New Member in

How do I represent an Eval result with timechart?

Hi, With the support of Splunk's community, I have this search below. However, right now I would like to take the ...

by Engager in

Why are some default fields not being extracted for data coming in via TCP syslog with my current props and transforms.conf?

I have data incoming via TCP syslog. I have created the following transforms to process them: etc/system/local/pro...

by Explorer in

Splunk Stream question

I work for energy capture and storage organisation and we were thinking of using Splunk to capture data from our main...

by Path Finder in

Merge 'sourcetype-too_small' with 'sourcetype'

I have the same sourcetype log files separated in different directories by day, and different files for every hour. S...

by Engager in

How can I get external JavaScript framework app to wait until the search has completed before executing additional code?

I need my app to wait until the search has completed before it executes additional code. I'm using the following meth...

by Builder in

What is a Web server, which is used in splunk?

What is a Web server, which is used in splunk? Splunkで使用しているWebサーバーは何ですか？

by New Member in

How to retrieve Chart Title and use it in the search?

I am wondering if it is possible to get the value of the chart title and use it/reference it in the search? <panel...

by New Member in

How to create a dashboard panel of alerts triggered in the past 24 hours that also displays the alert search results?

I have set up alerting for my app such that it emails the user whenever the count or volume for today is outside of a...

by Contributor in

If I delete all accelerated searches inside a summary index, would it delete the summary as well?

I have a massive summary index that contains multiple searches that I have selected to use acceleration. Instead o...

by Path Finder in

How to search the list of devices that have sent logs the past 30 days, but not within the last 24 hours?

Dear Experts, I am looking to find the difference in the devices sending logs in the last 24 hour with devices whi...

by Path Finder in

How and where do I filter logs with regex before indexing?

I have a .txt log file and it has many patterns in it. I need logs of only a particular pattern. How and where can I ...

by Path Finder in

Unable to find the difference in time between two events. What am I doing wrong?

Hello, I am trying to report on the differences in time between two events. To do so seems straightforward enough. Ta...

by Communicator in

Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?

I am trying to run a search ( Macro) but I am not able to get past this error "The remote server returned an error: (...

by New Member in

How to mask sensitive data in search from any app in Splunk

I have looked at answers for this already, but when I try any of them, my search still shows the unmasked data. Sa...

by Explorer in

Trying to chart ONLY the reprocessed cartons.

(Data coming from a PLC Conveyor system.) I'm trying to show how many cartons were RE-processed manually, each day, d...

by Path Finder in

Splunk Search

Discussions

Can search deal with bracket expansions?

How to make an existing field equal a certain value based on the value of another field?

How do I edit my regular expression for rex to extract all expected fields and values from my sample multiline event?

Can I force Splunk to set a minimum number of bins for timechart?

use rex to extract last word/number in a line

How do I represent an Eval result with timechart?

Why are some default fields not being extracted for data coming in via TCP syslog with my current props and transforms.conf?

Splunk Stream question

Merge 'sourcetype-too_small' with 'sourcetype'

How can I get external JavaScript framework app to wait until the search has completed before executing additional code?

What is a Web server, which is used in splunk?

How to retrieve Chart Title and use it in the search?

How to create a dashboard panel of alerts triggered in the past 24 hours that also displays the alert search results?

If I delete all accelerated searches inside a summary index, would it delete the summary as well?

How to search the list of devices that have sent logs the past 30 days, but not within the last 24 hours?

How and where do I filter logs with regex before indexing?

Unable to find the difference in time between two events. What am I doing wrong?

Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?

How to mask sensitive data in search from any app in Splunk

Trying to chart ONLY the reprocessed cartons.

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

MITRE_ATTACK intelligence download has failed erro...

Substituting host and source data

map value not passing

Having trouble creating an embed for a report, AJA...

Successful Brute Force Attempts using the Authenti...

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >