Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
ddrillic

How to store a large search result set into a lookup table?

I have a large results set of a search which I would like to store as a lookup table. How can I do that?
by ddrillic Ultra Champion in Splunk Search 04-19-2016
0 6
0
6
rickgeorge

How to create a custom chart from js_charts that extends the verticalfillerGauge chart?

I want to create a custom chart from js_charts that extends the verticalfillerGauge chart. This chart would use SVG ...
by rickgeorge Explorer in Splunk Search 04-19-2016
1 2
1
2
socalvin

Is there a way to get an event by some unique ID(s) ?

I read this but this was almost two years ago: http://splunk-base.splunk.com/answers/49/does-each-splunk-event-have-...
by socalvin New Member in Splunk Search 04-19-2016
0 2
0
2
sfellin

How to write a search using an eval object with a wildcard?

I am trying to use an eval object as the basis of a search pattern along with a wildcard and Splunk is not happy with...
by sfellin Engager in Splunk Search 04-19-2016
0 2
0
2
boddunan

How to extract the file type from my logs and get the count of successfully processed files by file type?

Hi, I am searching for some way to extract count of each file type which is successfully processed. The logs contain...
by boddunan Engager in Splunk Search 04-19-2016
0 3
0
3
garinapavan

How to combine my two searches and run another search when clicking on a field from the results?

Hi , Request any help for the below questions: 1) I have two different searches: sourcetype=bcd "JMS-120: Dequeu...
by garinapavan Explorer in Splunk Search 04-19-2016
0 2
0
2
janiceb

How to search for the same IP in multiple sourcetypes within a certain time frame?

Greetings, I am looking for a way to search through 2 sourcetypes: sourcetype=bro_http AND sourcetype=McAfee to find...
by janiceb Path Finder in Splunk Search 04-19-2016
0 7
0
7
reachskhm

How to combine two fields into one to run a stats count search?

I have log events which are little different, but each event has a unique name which I am interested in. However, thi...
by reachskhm New Member in Splunk Search 04-19-2016
0 4
0
4
David_Hodgson

How to add a column with the max values for a set of fields on each row and add these values in the totals row?

I need to add a maximum column for a set of fields on each row (created using chart ... OVER ... BY ... ), and then a...
by David_Hodgson Engager in Splunk Search 04-19-2016
0 1
0
1
djce

What is meant to clean up dispatch?

Splunk recently fell over because the dispatch directory (on an ext2 filesystem) hit 32000 directory entries, so the ...
by djce Engager in Splunk Search 04-19-2016
3 5
3
5
OD_jfraher

How to search the last 90 days of BlueCoat logs for the top 100 websites?

This is the criteria I'm using: index=bcoat_logs sc_filter_result!=DENIED cs_host!="-" | stats count(cs_host) by cs_...
by OD_jfraher New Member in Splunk Search 04-18-2016
0 1
0
1
Catie_Carmody

How to edit my search to get the counts and eval results for each value of a certain field?

The below returns the correct results, but I only get the RequestOne, RequestTwo, and meetscriteria fields when field...
by Catie_Carmody Engager in Splunk Search 04-18-2016
0 2
0
2
xvxt006

To Get sum of hosts

Hi, i have a simple query where i am getting response times by host. i want to get the sum of hosts as a filed. I ha...
by xvxt006 Contributor in Splunk Search 04-18-2016
0 7
0
7
monteirolopes

How do I table 3 distinct values within the same event if all values share the same field name?

Hi, In my log, I have the same name field for three distinct values in the same event. For example: ... Security ID...
by monteirolopes Communicator in Splunk Search 04-18-2016
0 5
0
5
rafamss

Captain Skipping Configuration Replication

Hi guys, I'm having a problem with my environment, we have 15 machines, 1 Master, 1 Deploy, 1 Universal Forwarder, 6...
by rafamss Contributor in Splunk Search 04-18-2016
5 4
5
4
LCM

"Unanswered" Questions

As a note: 17:30 CET - 4,825 questions, 1,069 unanswered!?! There are so many answered questions still "open" / unti...
by LCM Contributor in Splunk Search 04-18-2016
5 7
5
7
Branden

How to search the count of each Windows event code in my data and run arithmetic operations with these counts to display on a timechart?

Hello! I have some Windows event log data with 5 different event codes. I need to count by each of the event codes a...
by Branden Builder in Splunk Search 04-18-2016
0 2
0
2
helpmejesus

How to create a panel that displays response events which take longer than the time of X to respond?

Hey fellow Splunkers, I have a very complex problem which I am attempting to solve and thought it couldn't hurt to a...
by helpmejesus Explorer in Splunk Search 04-18-2016
0 5
0
5
thom_larner

What is the difference between `tstats` and tstats?

Hi all, I'm trying to build a simple dashboard that shows a simple graph of bytes sent by a web server. I realize th...
by thom_larner Engager in Splunk Search 04-18-2016
0 1
0
1
citizencrane

How to add the result of 2 calculations in 2 searches?

I have 2 searches which from the log I calculate a difference of a number at the current time and the beginning of th...
by citizencrane New Member in Splunk Search 04-18-2016
0 2
0
2
evan_roggenkamp

Search to display a table of only Active alerts in time frame

I am trying to build a table that will show the active alerts for SNMP trap data ingested via a text file. I can bu...
by evan_roggenkamp Path Finder in Splunk Search 04-18-2016
0 5
0
5
arkonner

How to Sort the "count by..." results

I am using the search below for the locked out accounts - Should be possible to sort the result by the user with high...
by arkonner Path Finder in Splunk Search 04-18-2016
1 4
1
4
mcrawford44

Active Directory LastLogonTimestamp EVAL/WHERE Date Math

I'm attempting to locate systems that have not logged into AD for 90 days. I am using the following search; index=f...
by mcrawford44 Communicator in Splunk Search 04-18-2016
0 4
0
4
Kavey

How to extract the date from the file name without modifying datetime.xml?

Hi everyone, I am currently trying to extract the date from the filename so I can use it for all events include in t...
by Kavey Path Finder in Splunk Search 04-18-2016
2 3
2
3
withool000

Segregate data base on IP Address

I am looking for the best solution for segregate data into multiple indexes. There are IP addresses (very vary) being...
by withool000 New Member in Splunk Search 04-17-2016
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...