Splunk Search

Ask a Question

Discussions

Thread Info

When running a search in Splunk 6.2.6, why do results not display and I only see the message "Finalizing job..."?

Hi Team. I am using SPLUNK version 6.2.6 and when I run my search in search app, I could see it's executing for a ...

by Motivator in

rex regex to extract first folder name from the path

Hello, My source filed has value such as, */icsws/log/INSTANCE1/was/base/icsws_ca_server/SystemOut.log* /icsws*...

by Communicator in

How to edit my search to calculate time availability based on gaps between logs?

I would like to calculate availability time based on gaps between logs so far I have this: index=servers sourcetyp...

by New Member in

Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager?

Hi, I am having a problem with the disk usage quota. Actually, I have this error message whenever I try to make a...

by Path Finder in

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

Hi, I'm trying to plot all carpark locations on the Splunk Map. I have a lookup CSV file with the following colum...

by Path Finder in

Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations?

<141>Jun 99 15:03:13 f5-vpn-99 zzm1[3645]: 01490506:5: fi87dde3: Received User-Agent header: Mozilla%2f5 <141>Jun 99 ...

by Contributor in

How do I set the default search index in Splunk Light?

In Splunk Enterprise you can set the default search index per user. In Splunk Light you cannot it seems? I read an...

by Engager in

How to stitch together a session by userid with dissimilar formats

Scenario: I have to match up two events into a session by the userid; one event represents a vpn login (vpnIdIn) and ...

by Contributor in

How do I write the regex to extract all instances of this field from unstructured data?

This is the first time I am using IFE and having some difficulty extracting data. I am not good at regex, so I used t...

by Communicator in

If I initially run a search, I get no results, but why do I get results running the same search 1 minute later?

I'm seeing the following error message, Problem replicating config (bundle) to search peer 'SPLUNKNAME:8089',Read...

by Path Finder in

Using Rex to extract string from event for table

Hi, I'm sure this is very simple, but I'm fairly new to regex and rex. I'm trying to use rex to extract a strin...

by Explorer in

How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field?

I have a database with multiple fields, one being a phone number field that has a ton of phone numbers. But certain v...

by New Member in

Lookup table greater than 2GB - possible solutions?

I have a lookup file as CSV which contains > 27 million rows and is 2GB in size. When zipped it is 500MB. I need t...

by Explorer in

How to write the regex to extract these 2 fields from this result?

Hi all, How to extract the fields UDP_PORT and TCP_PORT from this result? FIXED_SEVERITY_3=10, FIXED_SEVERITY_2...

by New Member in

How to search multiple indexes for the same value under different field names?

Scenario: Ultimately, I would like to create an alert for an event in index A. Then I would like the alert to kickoff...

by Contributor in

What efficient subsearch options do I have while avoiding the 10k result limit?

**Problem #1** ** I am struggling to avoid the 10k limit on subsearches within Splunk. I have two data sources ...

by New Member in

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

I have access to Splunk.com without issue. However when I try to install any app such as SoS and Sideview Utils, ...

by Splunk Employee in

How to set up an alert to trigger if any values change for 3 fields from the last scan and now?

Hi all, From a scan report of Qualys, I will get IP and its PORT, TCP_PORT, UDP_PORT. Now when the scan is done af...

by Builder in

How to index Azure Table storage data without a valid DateTime column?

Hi, Do someone have experience using the Splunk Add-on for Azure app, and retrieving Azure Table storage data? ...

by Path Finder in

How to edit my regex to extract all user field values from my sample logs?

Here is the regex that I have: ^\(\d+\)\s+\d+/\d+/\d+\s+\d+:\d+:\d+\s+\w+\s+\-\s+\(\w+\s+\w+\s+\w+\)\s+\(\d+\.\d+\...

by New Member in

Splunk Memory error with YARN

When running a search in splunk such as 'index=syslog date_hour=12' we get the below error to do with memory configur...

by Engager in

In the "New Search" window, why does typing * result in "No results in current time range"?

I have tried multiple time ranges. no luck. Cisco app shows data coming in. License section of Splunk Utilization Mon...

by Explorer in

Splunk bug with lookups matching on fields that include spaces

OK one of our devs discovered a weird bug where if a lookup is being performed on a CSV where the field to match cont...

by Builder in

Any use cases on time commands in splunk SPL....?

Can anyone explain the time commands in Splunk with a use case? I see few of these searches in Splunk Answers, but I ...

by Builder in

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

I am getting the below error while running Splunk integration spring adapter. org.xml.sax.SAXParseException; lineN...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

When running a search in Splunk 6.2.6, why do results not display and I only see the message "Finalizing job..."?

rex regex to extract first folder name from the path

How to edit my search to calculate time availability based on gaps between logs?

Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager?

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations?

How do I set the default search index in Splunk Light?

How to stitch together a session by userid with dissimilar formats

How do I write the regex to extract all instances of this field from unstructured data?

If I initially run a search, I get no results, but why do I get results running the same search 1 minute later?

Using Rex to extract string from event for table

How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field?

Lookup table greater than 2GB - possible solutions?

How to write the regex to extract these 2 fields from this result?

How to search multiple indexes for the same value under different field names?

What efficient subsearch options do I have while avoiding the 10k result limit?

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

How to set up an alert to trigger if any values change for 3 fields from the last scan and now?

How to index Azure Table storage data without a valid DateTime column?

How to edit my regex to extract all user field values from my sample logs?

Splunk Memory error with YARN

In the "New Search" window, why does typing * result in "No results in current time range"?

Splunk bug with lookups matching on fields that include spaces

Any use cases on time commands in splunk SPL....?

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!