Splunk Search

Ask a Question

Discussions

Thread Info

How DBX decides dbmon interval

Hello, I am using DB Connect to pull data from my DB. I had configured dbmon interval manually (interval = 30s, fo...

by Motivator in

How do I edit my search to append a subsearch result to a count on an hourly basis?

Hi, I'm trying to create a scheduled report that runs daily at 3am. The use case is to track the occupancy number...

by Path Finder in

Powershell output containing Curly braces gets parsed as System.String[]. How to parse and extract fields within the curly braces?

Hello, I hope one of you here can help me out. I have a PowerShell script which is am running via PS modular i...

by Path Finder in

How do you view the search used to generate an alert?

Hello-- I am trying to see the search that was used to create a certain alert. Is there a search or dashboard that...

by Explorer in

How to write a search to return all rows for each value of field_b where field_a = a, b, and c?

I am new to Splunk with questions below. Can anyone can help interpret the following request into a Splunk search sta...

by Engager in

Why are the counts inconsistent for metadata under Data Summary after using Delete?

After running the delete command to remove some incorrectly indexed data, the data is indeed gone from the index, but...

by Explorer in

Join, appendcols how to collect data from several events and combine them into one row?

Hi. I am building up a table with a row for each key. Each row is build up by selecting field values from differen...

by New Member in

How do I write this SQL query as a join search in Splunk?

I will ask my question using online forum as an example. It has Event Log that tracks all user actions from login...

by Communicator in

Can I use a search again in an eval if condition?

Hi, From a search, I will get two fields HOST and SRC. I have to join this with other two searches (query-1, query...

by New Member in

Why am I getting error "Cannot find viewstate with vsid="XXXXXXXXX""? while saving searches?

I'm trying to save the search, but getting this error: Saved Search - Cisco - Error - Encountered the following er...

by Explorer in

Is there a way I can see what data is being indexed on a specific port?

Hello, In the last year, I became the manager of a Splunk system with 0 documentation. All logs were being thrown ...

by Path Finder in

How do I get my search to produce my expected output?

Hi, I have a requirement. Below are the sample events: 20140122T100510 EMP MESSAGE=REQ COUNTRY=USA ACCNO=1234 ...

by Explorer in

Is there a programmatic way of finding the sum of events returned from a search via REST API?

Hi Folks, Just getting started trying to figure out the API. My mission which I have chosen to accept is to report...

by New Member in

Unable to specify more than 4 index="" strings in a metadata search. Is it possible, or is there another alternative?

I have a requirement where I need to have only a specific index and that index string appends dynamically which will ...

by New Member in

Old events are not searchable

Hi We are very new to Splunk. We had added some server events for CPU usage values using settings>Data Inputs>Rem...

by Path Finder in

Why is my automatic lookup not populating a field?

Hi, Usually lookups aren't an issue, but today seems it is. I'm hoping this is just a pebcak  This is the first ...

by Contributor in

Should a search head cluster rolling restart kill searches in Splunk 6.3.0?

I changed alert_actions.conf [email] in an app that is pushed to the Search Head Cluster by the deployer which initia...

by Communicator in

Should we add metadata...?

Hi, I read this blog, which was great. I noticed that the app being mentioned - https://splunkbase.splunk.com/app/...

by Champion in

How to do a lookup on multiple values in a text file on an HTTP URL?

I have a requirement to be implemented in Splunk. Facts: I am a newbie to Splunk. Problem Statement: a. There ...

by Explorer in

How to change the value of a field with information from another field?

Suppose that there is a log with two fields, userName and phoneNumber, the structure is like: userName | phoneNumb...

by New Member in

How do I interpret these Bonnie++ results?

Hi All, I have read a few threads in the Answers forum and in a number of them, it states that Random Seeks == IOP...

by Path Finder in

How to incrementally subtract values to calculate duration

Hi all, I'm running a search which outputs something like this, ( where time_diff is the date the code was loaded,...

by Path Finder in

How to change values in a column based on a value in a different column in the same row?

Hi, I have a requirement: My table data shows like this: ACCNO STATUS TYPE CODE 123 A ...

by Explorer in

How to group by host, then severity, and include a count for each severity?

I know this is probably very trivial to most, but I am a pretty new user. I am struggling quite a bit with a simple t...

by Builder in

What's the difference between host=abc and host::abc

Hi, Was reading some doc (http://docs.splunk.com/Documentation/Splunk/6.4.1/Search/Writebettersearches) and it men...

by Champion in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How DBX decides dbmon interval

How do I edit my search to append a subsearch result to a count on an hourly basis?

Powershell output containing Curly braces gets parsed as System.String[]. How to parse and extract fields within the curly braces?

How do you view the search used to generate an alert?

How to write a search to return all rows for each value of field_b where field_a = a, b, and c?

Why are the counts inconsistent for metadata under Data Summary after using Delete?

Join, appendcols how to collect data from several events and combine them into one row?

How do I write this SQL query as a join search in Splunk?

Can I use a search again in an eval if condition?

Why am I getting error "Cannot find viewstate with vsid="XXXXXXXXX""? while saving searches?

Is there a way I can see what data is being indexed on a specific port?

How do I get my search to produce my expected output?

Is there a programmatic way of finding the sum of events returned from a search via REST API?

Unable to specify more than 4 index="" strings in a metadata search. Is it possible, or is there another alternative?

Old events are not searchable

Why is my automatic lookup not populating a field?

Should a search head cluster rolling restart kill searches in Splunk 6.3.0?

Should we add metadata...?

How to do a lookup on multiple values in a text file on an HTTP URL?

How to change the value of a field with information from another field?

How do I interpret these Bonnie++ results?

How to incrementally subtract values to calculate duration

How to change values in a column based on a value in a different column in the same row?

How to group by host, then severity, and include a count for each severity?

What's the difference between host=abc and host::abc

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Transform your security operations with Splunk Enterprise Security

Splunk Admins and App Developers | Earn a $35 gift card!

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6