Splunk Search

Community Activity

How to edit my search to calculate time availability based on gaps between logs? I would like to calculate availability time based on gaps between logs so far I have this: index=servers sourcetype=... by kanet New Member in Splunk Search 06-07-2016 0 2	0	2
Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager? Hi, I am having a problem with the disk usage quota. Actually, I have this error message whenever I try to make a s... by Kavey Path Finder in Splunk Search 06-07-2016 1 5	1	5
How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard? Hi, I'm trying to plot all carpark locations on the Splunk Map. I have a lookup CSV file with the following columns... by qiaojing Path Finder in Splunk Search 06-06-2016 0 8	0	8
Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations? <141>Jun 99 15:03:13 f5-vpn-99 zzm1[3645]: 01490506:5: fi87dde3: Received User-Agent header: Mozilla%2f5 <141>Jun 99 ... by rewritex Contributor in Splunk Search 06-06-2016 0 3	0	3
How do I set the default search index in Splunk Light? In Splunk Enterprise you can set the default search index per user. In Splunk Light you cannot it seems? I read anot... by jrailton Engager in Splunk Search 06-06-2016 0 3	0	3
How to stitch together a session by userid with dissimilar formats Scenario: I have to match up two events into a session by the userid; one event represents a vpn login (vpnIdIn) and ... by packet_hunter Contributor in Splunk Search 06-06-2016 0 6	0	6
How do I write the regex to extract all instances of this field from unstructured data? This is the first time I am using IFE and having some difficulty extracting data. I am not good at regex, so I used ... by sushmitha_mj Communicator in Splunk Search 06-06-2016 0 6	0	6
If I initially run a search, I get no results, but why do I get results running the same search 1 minute later? I'm seeing the following error message, Problem replicating config (bundle) to search peer 'SPLUNKNAME:8089',Readin... by mrtolu6 Path Finder in Splunk Search 06-06-2016 0 1	0	1
Using Rex to extract string from event for table Hi, I'm sure this is very simple, but I'm fairly new to regex and rex. I'm trying to use rex to extract a string fr... by vil505 Explorer in Splunk Search 06-06-2016 0 5	0	5
How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field? I have a database with multiple fields, one being a phone number field that has a ton of phone numbers. But certain v... by zsplunka New Member in Splunk Search 06-06-2016 0 1	0	1
Lookup table greater than 2GB - possible solutions? I have a lookup file as CSV which contains > 27 million rows and is 2GB in size. When zipped it is 500MB. I need to... by charltones Explorer in Splunk Search 06-06-2016 0 6	0	6
How to write the regex to extract these 2 fields from this result? Hi all, How to extract the fields UDP_PORT and TCP_PORT from this result? FIXED_SEVERITY_3=10, FIXED_SEVERITY_2=14... by kranthi851 New Member in Splunk Search 06-06-2016 0 2	0	2
How to search multiple indexes for the same value under different field names? Scenario: Ultimately, I would like to create an alert for an event in index A. Then I would like the alert to kicko... by packet_hunter Contributor in Splunk Search 06-06-2016 0 26	0	26
What efficient subsearch options do I have while avoiding the 10k result limit? Problem #1 ** I am struggling to avoid the 10k limit on subsearches within Splunk. I have two data sources and... by hokieb New Member in Splunk Search 06-06-2016 0 5	0	5
Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action I have access to Splunk.com without issue. However when I try to install any app such as SoS and Sideview Utils, fr... by jbsplunk Splunk Employee in Splunk Search 06-06-2016 6 3	6	3
How to set up an alert to trigger if any values change for 3 fields from the last scan and now? Hi all, From a scan report of Qualys, I will get IP and its PORT, TCP_PORT, UDP_PORT. Now when the scan is done afte... by kiran331 Builder in Splunk Search 06-06-2016 0 3	0	3
How to index Azure Table storage data without a valid DateTime column? Hi, Do someone have experience using the Splunk Add-on for Azure app, and retrieving Azure Table storage data? Th... by thilleso Path Finder in Splunk Search 06-06-2016 0 3	0	3
How to edit my regex to extract all user field values from my sample logs? Here is the regex that I have: ^\(\d+\)\s+\d+/\d+/\d+\s+\d+:\d+:\d+\s+\w+\s+\-\s+\(\w+\s+\w+\s+\w+\)\s+\(\d+\.\d+\.\... by krasay New Member in Splunk Search 06-06-2016 0 2	0	2
Splunk Memory error with YARN When running a search in splunk such as 'index=syslog date_hour=12' we get the below error to do with memory configur... by aaron_harris Engager in Splunk Search 06-06-2016 0 2	0	2
In the "New Search" window, why does typing * result in "No results in current time range"? I have tried multiple time ranges. no luck. Cisco app shows data coming in. License section of Splunk Utilization Mon... by harry_hodge Explorer in Splunk Search 06-06-2016 0 4	0	4
Splunk bug with lookups matching on fields that include spaces OK one of our devs discovered a weird bug where if a lookup is being performed on a CSV where the field to match cont... by phoenixdigital Builder in Splunk Search 06-05-2016 0 6	0	6
Any use cases on time commands in splunk SPL....? Can anyone explain the time commands in Splunk with a use case? I see few of these searches in Splunk Answers, but I ... by prakash007 Builder in Splunk Search 06-05-2016 0 1	0	1
Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd' I am getting the below error while running Splunk integration spring adapter. org.xml.sax.SAXParseException; lineNum... by maximus_reborn Path Finder in Splunk Search 06-05-2016 0 2	0	2
Correlation of events Hi! Is it possible to create a correlation of fields over several different events? For example, I have to find all... by splaccount123 New Member in Splunk Search 06-05-2016 0 5	0	5
How to search the delta between the Unix Time of each sequential web log grouped by ID? To put it as simply as possible: Imagine 8 log entries with only two fields per log, t = time & ID = Identifier Lo... by farismitri Explorer in Splunk Search 06-04-2016 0 7	0	7

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...

Splunk Search

How to edit my search to calculate time availability based on gaps between logs?

Why am I getting "Maximum disk usage quota has been reached" when searching, even after deleting everything in the job manager?

How to plot multiple coordinates from a CSV file on a Splunk map to embed in a dashboard?

Transaction, Grouping, Summary Index, Collect, Stats: Is there a best way to group my data and provide grouped-data authorizations?

How do I set the default search index in Splunk Light?

How to stitch together a session by userid with dissimilar formats

How do I write the regex to extract all instances of this field from unstructured data?

If I initially run a search, I get no results, but why do I get results running the same search 1 minute later?

Using Rex to extract string from event for table

How to edit my search to find a combination of null (using fillnull) and other specific values in a multivalue field?

Lookup table greater than 2GB - possible solutions?

How to write the regex to extract these 2 fields from this result?

How to search multiple indexes for the same value under different field names?

What efficient subsearch options do I have while avoiding the 10k result limit?

Installing app in SplunkWeb Manager: error occurred while downloading the app: [HTTP 403] Client is not authorized to perform requested action

How to set up an alert to trigger if any values change for 3 fields from the last scan and now?

How to index Azure Table storage data without a valid DateTime column?

How to edit my regex to extract all user field values from my sample logs?

Splunk Memory error with YARN

In the "New Search" window, why does typing * result in "No results in current time range"?

Splunk bug with lookups matching on fields that include spaces

Any use cases on time commands in splunk SPL....?

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

Correlation of events

How to search the delta between the Unix Time of each sequential web log grouped by ID?

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation