Splunk Search

Ask a Question

Discussions

Thread Info

If I initially run a search, I get no results, but why do I get results running the same search 1 minute later?

I'm seeing the following error message, Problem replicating config (bundle) to search peer 'SPLUNKNAME:8089',Read...

by Path Finder in

Using Rex to extract string from event for table

Hi, I'm sure this is very simple, but I'm fairly new to regex and rex. I'm trying to use rex to extract a strin...

by Explorer in

How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field?

I have a database with multiple fields, one being a phone number field that has a ton of phone numbers. But certain v...

by New Member in

Lookup table greater than 2GB - possible solutions?

I have a lookup file as CSV which contains > 27 million rows and is 2GB in size. When zipped it is 500MB. I need t...

by Explorer in

How to write the regex to extract these 2 fields from this result?

Hi all, How to extract the fields UDP_PORT and TCP_PORT from this result? FIXED_SEVERITY_3=10, FIXED_SEVERITY_2...

by New Member in

How to search multiple indexes for the same value under different field names?

Scenario: Ultimately, I would like to create an alert for an event in index A. Then I would like the alert to kickoff...

by Contributor in

What efficient subsearch options do I have while avoiding the 10k result limit?

**Problem #1** ** I am struggling to avoid the 10k limit on subsearches within Splunk. I have two data sources ...

by New Member in

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

I have access to Splunk.com without issue. However when I try to install any app such as SoS and Sideview Utils, ...

by Splunk Employee in

How to set up an alert to trigger if any values change for 3 fields from the last scan and now?

Hi all, From a scan report of Qualys, I will get IP and its PORT, TCP_PORT, UDP_PORT. Now when the scan is done af...

by Builder in

How to index Azure Table storage data without a valid DateTime column?

Hi, Do someone have experience using the Splunk Add-on for Azure app, and retrieving Azure Table storage data? ...

by Path Finder in

How to edit my regex to extract all user field values from my sample logs?

Here is the regex that I have: ^\(\d+\)\s+\d+/\d+/\d+\s+\d+:\d+:\d+\s+\w+\s+\-\s+\(\w+\s+\w+\s+\w+\)\s+\(\d+\.\d+\...

by New Member in

Splunk Memory error with YARN

When running a search in splunk such as 'index=syslog date_hour=12' we get the below error to do with memory configur...

by Engager in

In the "New Search" window, why does typing * result in "No results in current time range"?

I have tried multiple time ranges. no luck. Cisco app shows data coming in. License section of Splunk Utilization Mon...

by Explorer in

Splunk bug with lookups matching on fields that include spaces

OK one of our devs discovered a weird bug where if a lookup is being performed on a CSV where the field to match cont...

by Builder in

Any use cases on time commands in splunk SPL....?

Can anyone explain the time commands in Splunk with a use case? I see few of these searches in Splunk Answers, but I ...

by Builder in

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

I am getting the below error while running Splunk integration spring adapter. org.xml.sax.SAXParseException; lineN...

by Path Finder in

Correlation of events

Hi! Is it possible to create a correlation of fields over several different events? For example, I have to find a...

by New Member in

How to search the delta between the Unix Time of each sequential web log grouped by ID?

To put it as simply as possible: Imagine 8 log entries with only two fields per log, t = time & ID = Identifier ...

by Explorer in

streamfwd is shutting down

Has anyone faced this problem - root@ip-172-31-19-68:/home/ubuntu# tail /opt/splunkforwarder/var/log/splunk/stream...

by Builder in

How do I extract this field from my sample data using rex?

Scenario: I need to extract the User out of the following field msg using rex. So, I need abcdefg Group <XGroupPol...

by Contributor in

How do I optimize my search?

I have the following search and takes a lot of time to output data. Is there a way to optimize the search? eventty...

by Explorer in

How to remove only a single value when there are more multiple same values are present in a field?

Hi , I am trying to update a multivalued field in a KV store. So let's say there are 3 values in the field: A,B...

by Explorer in

How do I edit my search to display two time charts in one graph?

I am using appendcols to put two timecharts in one graph to show the correlation, however, the values are off in diff...

by Engager in

Splunk unable to start and emits "Conf is currently being modified by process ####."

This morning after rebooting my computer with splunk on it, Splunk refuses to start. Trying to investigate the pro...

by Explorer in

How to display 3 separate search results on one dashboard?

For Example: Suppose you have 3 numbers from search results: 1,000 2,000 and 3,000. I want to be able to display...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

If I initially run a search, I get no results, but why do I get results running the same search 1 minute later?

Using Rex to extract string from event for table

How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field?

Lookup table greater than 2GB - possible solutions?

How to write the regex to extract these 2 fields from this result?

How to search multiple indexes for the same value under different field names?

What efficient subsearch options do I have while avoiding the 10k result limit?

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

How to set up an alert to trigger if any values change for 3 fields from the last scan and now?

How to index Azure Table storage data without a valid DateTime column?

How to edit my regex to extract all user field values from my sample logs?

Splunk Memory error with YARN

In the "New Search" window, why does typing * result in "No results in current time range"?

Splunk bug with lookups matching on fields that include spaces

Any use cases on time commands in splunk SPL....?

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

Correlation of events

How to search the delta between the Unix Time of each sequential web log grouped by ID?

streamfwd is shutting down

How do I extract this field from my sample data using rex?

How do I optimize my search?

How to remove only a single value when there are more multiple same values are present in a field?

How do I edit my search to display two time charts in one graph?

Splunk unable to start and emits "Conf is currently being modified by process ####."

How to display 3 separate search results on one dashboard?

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions