Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
JoshuaJohn

How to edit my search to rename a field for a timechart, and display a trendline based on a certain variable?

I am trying to get a line graph that displays response time by datacenter. I am having issues: 1) my chart is not ren...
by JoshuaJohn Contributor in Splunk Search 08-24-2016
0 5
0
5
sid19920

How can I search count by DN based on my sample event?

How can I do search count by dn here? tag=101 means search. I have already used transaction conn to separate based on...
by sid19920 New Member in Splunk Search 08-24-2016
0 13
0
13
ipops

My search displays numeric values in results, but why not string values?

I have the following search sourcetype=ivrdata | eval {message}=varValue | stats first(LogTimestamp) as Time values(...
by ipops Path Finder in Splunk Search 08-24-2016
0 1
0
1
splunker9999

How to write an eval if condition to multiply only numeric values by 100 for an alphanumeric field?

Hi, We have a field which has both numeric values and words. We are looking to multiply all numeric values with 100....
by splunker9999 Path Finder in Splunk Search 08-24-2016
0 1
0
1
christopheryu

Why is transaction maxspan=1mon span=1mon showing results for MAX that are more than 1 month?

I'm working on Juniper syslogs and trying to extract data using search below: index=A sourcetype=B LSP_DOWN OR LSP_U...
by christopheryu Communicator in Splunk Search 08-24-2016
0 1
0
1
gregcain

can't figure out line breaks on a particular file I have

Hi There, I have a log file that looks like this (where it says "blank line" is a blank line, not the words "blank l...
by gregcain Explorer in Splunk Search 08-24-2016
1 5
1
5
HattrickNZ

variable to control the value of `future_timespan` in the predict function?

Is there a way I can use a variable to control the value of future_timespan in the predict function? I have tried t...
by HattrickNZ Motivator in Splunk Search 08-24-2016
0 5
0
5
hortonew

How to edit my props.conf for a custom field extraction based on the source field?

I'm having issues creating a custom field extraction based on the source field. Here's all the information. inputs....
by hortonew Builder in Splunk Search 08-24-2016
0 2
0
2
gautham

How to group by a column value

Hi, I'm searching for Windows Authentication logs and want to table activity of a user. My Search query is : index...
by gautham Explorer in Splunk Search 08-24-2016
0 4
0
4
kltest

How can I run this query more efficiently without using so many join commands?

Hello, I'm running the following query to combine data from two different sources and to create a table for our AppA...
by kltest Explorer in Splunk Search 08-24-2016
0 3
0
3
JoshuaJohn

extracting field using rex props.conf

I have data that looks like this: **** Error Wed Aug 24 09:36:52 CDT 204941272049412507 /nitro/com/t/Manager Ce...
by JoshuaJohn Contributor in Splunk Search 08-24-2016
0 1
0
1
packet_hunter

How to optimize my search to find 30+ src_ips and any dest_ip that are not 2 specific IP addresses?

Currently I am using (OR)s For example: Index = A sourcetype=a (src="192.168.3.5" OR src="192.168.3.6" OR.... etc....
by packet_hunter Contributor in Splunk Search 08-24-2016
0 9
0
9
packet_hunter

How to edit my rex statement to extract the name out of this example string?

I am trying to rex out a person name out of the following.... .... @ xyz-2\\\\johndoe&........ Here is my current ...
by packet_hunter Contributor in Splunk Search 08-24-2016
0 2
0
2
melonman

How to extract fields from email header to get email delivery time between each email server...

Hi, I am trying to create email performance monitor using imap app. Using email header, I would like to get how lon...
by melonman Motivator in Splunk Search 08-24-2016
0 4
0
4
pasokkum

Query for Results count making performance worse

In the view, we have one table. We want to know the total results found for that particular search. So we used one mo...
by pasokkum Path Finder in Splunk Search 08-24-2016
0 3
0
3
arunloganathan

Multiline event not get breaking properly in middle of indexing

i am indexing .dat file which contains more than 5000 events. in the middle 1 or 2 events breaked wrongly This the c...
by arunloganathan New Member in Splunk Search 08-24-2016
0 6
0
6
ipops

How to extract unique values from events with multiple values?

I am importing SQL data into Splunk. Each record contains SessionID, message, and VarValue. SessionID is always uniq...
by ipops Path Finder in Splunk Search 08-23-2016
0 3
0
3
samjenk_2

Can't run "lookup" on a lookup table created by "outputlookup"

About my Environment Everything here is run using Splunk 6.4.2. The Problem I need to correlate session IDs and IP...
by samjenk_2 Explorer in Splunk Search 08-23-2016
0 6
0
6
sat94541

Splunk SDK for Ruby asynchronous search fail while connecting to load balancer

Issue : We don't see run async query using Ruby SDK against a Splunk 6.4 search head cluster via a BIG-IP load balanc...
by sat94541 Communicator in Splunk Search 08-23-2016
0 1
0
1
uhkc777

Is there a way to increase the limit of results returned for the chart command?

Chart command is limited to 10000 results by default, but I want to see all the events (Total-73228 events). index=e...
by uhkc777 Explorer in Splunk Search 08-23-2016
0 1
0
1
dbcase

How do I edit my regular expression to search for a question mark in a string?

Hi, I'm having a dickens of a time trying to figure out how to use a question mark as the termination of a search fo...
by dbcase Motivator in Splunk Search 08-23-2016
0 3
0
3
uhkc777

How to edit my search to sort dates in calendar order?

Here is my search: index=parmed-qa date_wday=monday |table _time date_month date_wday date_mday orderid|sort 0 _time...
by uhkc777 Explorer in Splunk Search 08-23-2016
0 1
0
1
leonheart78

How to split Start Time and End Time after using the Splunk transaction command?

Currently, I'm using Splunk transaction command to derive the duration using an attribute named TimeStamp from a data...
by leonheart78 Explorer in Splunk Search 08-23-2016
0 1
0
1
LIUJIEER

Join two fields within the same index

From one single index, there contains the following four fields, Source, Name, EquivalentName (part of the records un...
by LIUJIEER Explorer in Splunk Search 08-23-2016
0 7
0
7
Hemnaath

Getting TailReader - File descriptor cache is full (100), trimming in one of the splunk heavyforwarder ? How to fix this issue.

Currently we have two heavy forwarder to configured to forward the data to the indexer. Just wanted to know what are...
by Hemnaath Motivator in Splunk Search 08-23-2016
0 14
0
14
Top Labels
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...