Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Chart set range value

Hi, I have a perfmon counter which is monitoring the SLA, most of the time it's constant in a huge number(millions...

by Explorer in

Find where a forwarder is forwarding too

Hey Guys I have multiple DMZs with forwarders all over the places that send to specific main forwarders if you lik...

by Communicator in

Cannot get external lookup to work

I am trying to set up a lookup in my test environment to hopefully push out to production. I have created an app and ...

by Communicator in

How to put search result to google map ?

HI, I would like to put search output to google maps. At the momement I`m not talking about geoip or something si...

by Explorer in

If Then? Can this be done with Splunk

First off, I’m not very strong in the scripting so If Then might not even be what I need to use. I thought Splunk jus...

by New Member in

How to extract a very long field with special characters?

I am trying to extract a field with 2 distinct problems: The field length can often creep above 498 characters. Th...

by Splunk Employee in

Filtering events and Windows Platform Filtering events

When adding a new filter to props.conf and transforms.conf does it remove events that have already been indexed or on...

by Path Finder in

Too many search jobs found in the dispatch directory (found=3079, warning level=2000). This could negatively impact Splunk's performance, consider removing some of the old search jobs.

There is no information on any jobs that can be ran within Splunk to auto remove these stagnant searches. There shoul...

by Engager in

Count unique values from a text result

I have the following result from a simple query: 184.168.152.54 10.10.42.61 - - [09/Oct/2013:09:14:38 -0500] "GET ...

by New Member in

Join search with multi-values

I have a join on two searches, from the first search, the data return is the same as the following table (equivalent ...

by Explorer in

Randomly inconsistent search result

Hi, I am executing a search on Splunk through my java application. The search query is executed through the follow...

by Engager in

Time Difference in the transaction

Below is a sample log, i want to find time difference. By this query index=[search] | transaction startswith="A star...

by New Member in

Title inside a dasboard

Hi, I've to create dashborad with two section in it. How should i give title for these sections inside dashboard. ...

by Communicator in

Extract values from all matches in regex

I have a line in my log like this 013-09-30 23:55:32,954 [pool-13-thread-18655] INFO c.p.d.r.c.release.MessageRele...

by Explorer in

I want to search on another Splunk instance

We have two separate instances of Splunk 6 (A & B) installed on two different servers that are set up independently f...

by Builder in

Filtering Fields

host=server sourcetype=iis src_ip=* NOT src_ip="x.x.x.x" This Search gives me some very helpful information - but...

by New Member in

email alert for time period that contains multiple items

I want to send an email alert only when the last X minutes of a log contains "net1 down", "net2 down", "net3 down", a...

by Engager in

How to display index time in table?

I'm having a hard time displaying the event index time in a table. What is the field name for index time?

by Builder in

Add lookup to search head app - syntax question?

Hello, I am working to put together an app which will be deployed to our search head. In the app, there is a lookup c...

by Builder in

Get the specific string from the line

Hi, I wanted to know is it possible to get a string at specific location from a line. for e.g. My line is: STE...

by Builder in

Splunk Search

Discussions

Chart set range value

Find where a forwarder is forwarding too

Cannot get external lookup to work

How to put search result to google map ?

If Then? Can this be done with Splunk

How to extract a very long field with special characters?

Filtering events and Windows Platform Filtering events

Too many search jobs found in the dispatch directory (found=3079, warning level=2000). This could negatively impact Splunk's performance, consider removing some of the old search jobs.

Count unique values from a text result

Join search with multi-values

Randomly inconsistent search result

Time Difference in the transaction

Title inside a dasboard

Extract values from all matches in regex

I want to search on another Splunk instance

Filtering Fields

email alert for time period that contains multiple items

How to display index time in table?

Add lookup to search head app - syntax question?

Get the specific string from the line

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

_time column always moves to end after rendering s...

Comparing 2 Atrributes in different indexes

Changes to user or group privileges