Splunk Search

Discussions

Thread Info

how can I troubleshoot logs not getting forwarded to indexers

Hi, I have splunkforwarder installed to monitor garbage collection for glassfish servers A and B side. I have a da...

by Loves-to-Learn Lots in

Combining multiple independent searches result into excel/csv file and send a single mail

Hi, i have a requirement of combining multiple independent searches into a single excel/csv file and schedule a singl...

by Path Finder in

How to change the color of a bar if it is the highest value in the chart?

Hi, I'm trying to figure out a way to change the color of one of the bars in a series to RED if that bar happens t...

by Motivator in

In Advanced XML, can a search output to a collect?

I have this code which is intended to just write one event to a tracking index when a user clicks a button: <modul...

by Motivator in

How to overlap two bars in a Splunk chart?

I have this search that counts the times a product has been purchased and the times the same product has been purchas...

by Explorer in

After upgrading from 5.0 to 6.4, getting a regex error issue at startup related to dashes, i think

Bad regex value: '(?i) .*? (?P<foo-bar>\[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+\-[a-f0-9]+)(?= )', of param: props...

by Communicator in

Finding the number of unique ip-addresses per country using geostats

So what I have been able to do is display the total event count in each country/region using host="NC-CORP-3098-Ac...

by New Member in

Regex that covers both cases

I have the following log events both on the same source log: Log 1: [21/Jul/2016:11:34:28 +0000] 99.125.125.201...

by Motivator in

timepicker and real time

Hi friends I am using timepicker to select a time range, and pass it to dbquery command to search the database. ...

by Path Finder in

fields.conf

Hi, I read the field.conf examples, but I still don't understand how to set it up. I am using Field Extraction fro...

by Communicator in

difference between NOT and !=

Hi fellow Splunkers, I just fell over the difference between "NOT src_ip=1.2.3.4" and "src_ip!=1.2.3.4" in a bases...

by Path Finder in

how to remove characters from strings

Hi all, I have some value under geologic_city fields as below, but it has some problems. For example, actually Ans...

by Path Finder in

How do I add days taken from a field to a date field?

I have a field called "date"(2016-07-21) and a field called "countdown"(e.g. 30) which shows the number of days. How ...

by Communicator in

Panels that use basesearch won't display different times

I tried taking a look at this question: https://answers.splunk.com/answers/395258/how-to-specify-different-time-range...

by Explorer in

Append or join transactions

Hi All, I have two different transactions. individually it works perfect but can some one help me to append the tw...

by Explorer in

How to get the top 10 URL's visited by count and then sort those 10 URL's by sum(bandwidth) in ascending order.

So basically what i need is 3 columns which contains the top 10 visited URL's with count sorted by highest bandwidth ...

by Splunk Employee in

Specific Hour Search

Anyone know splunk's built-in time variables? For example, I'm trying to create a search based on events occuring aft...

by Path Finder in

How to join normalized data into a single timechart?

We have normalized data where multiple rows represent a single point in time, but attributes within the row represent...

by New Member in

Trying to index a csv lookup table

I have a .csv file that is just over 2GB, I noticed that the lookup table could only handle 500MB or less, so I reduc...

by Path Finder in

How to search the daily average of the top 95% of events and the percentage change?

Hello! I have two separate searches that I would like to combine into one, someone able to assist, please? I am...

by Path Finder in

How do I remove certain IP addresses with only 3 octets in the Search app?

I have a file that contains a list of IP addresses (Some that are full IPv4 and some that only have an IP with the fi...

by Explorer in

How to create an alert to trigger when a user visits 5 blocked websites in 1 minute?

Hello, I'm trying to create an alert that will go out every time a single user visits 5 blocked websites in 1 minu...

by Path Finder in

How do I edit the regex for my Windows Security 4656 blacklist?

I am beaten.. I cannot get this blacklist regex to work. We have a Windows host producing a ton of 4656 errors all fo...

by Builder in

Timechart by Two Fields

This is probably the simplest thing, but I can't find the answer: I am searching for all events with either eventCode...

by Explorer in

How to schedule an export of triggered events to output a csv file to the splunk server

I want to be able to have a automate export of the csv file that will have the data of what alerts have been triggere...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how can I troubleshoot logs not getting forwarded to indexers

Combining multiple independent searches result into excel/csv file and send a single mail

How to change the color of a bar if it is the highest value in the chart?

In Advanced XML, can a search output to a collect?

How to overlap two bars in a Splunk chart?

After upgrading from 5.0 to 6.4, getting a regex error issue at startup related to dashes, i think

Finding the number of unique ip-addresses per country using geostats

Regex that covers both cases

timepicker and real time

fields.conf

difference between NOT and !=

how to remove characters from strings

How do I add days taken from a field to a date field?

Panels that use basesearch won't display different times

Append or join transactions

How to get the top 10 URL's visited by count and then sort those 10 URL's by sum(bandwidth) in ascending order.

Specific Hour Search

How to join normalized data into a single timechart?

Trying to index a csv lookup table

How to search the daily average of the top 95% of events and the percentage change?

How do I remove certain IP addresses with only 3 octets in the Search app?

How to create an alert to trigger when a user visits 5 blocked websites in 1 minute?

How do I edit the regex for my Windows Security 4656 blacklist?

Timechart by Two Fields

How to schedule an export of triggered events to output a csv file to the splunk server

Thanks for the Memories! Splunk University, .conf25, and our Community

Data Persistence in the OpenTelemetry Collector

Introducing Splunk 10.0: Smarter, Faster, and More Powerful Than Ever

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions