Splunk Search

Discussions

Thread Info

maxresults and stats command

Does maxresults in limits.conf have an effect when piping results to the stats command? For example, if I run a searc...

by Communicator in

How do I search across a specific or custom time range within each hour of the day?

I have millions of events being indexed by Splunk now and I suspect something is happening within my IT environment a...

by Builder in

How to assign a value to a key when working with fields?

Hi Splunkers, I have a sample Perforce log file and I'm trying to extract the code contributors. Here is an exampl...

by Communicator in

How do i perform a UI search via the CLI

How do i use the same search strings in splunks UI on the command line?

by Communicator in

How to I specify a minimum time between events?

There are plenty of ways to specify the exact time range or maximum range between two events in a search. But I need ...

by Engager in

what does connected mean in transaction

explain the significance of the connected flag in transaction

by Motivator in

annotated raw field in transactions

Dan Goldburt asks: I'm consistently getting the following request from customers: "can I see where each event came fr...

by Motivator in

View dashboard subsearches using HiddenSearch

Hi, I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value...

by Explorer in

what will it take for MULTIKV to format a table (1 header row, 1+ data rows) properly?

Such a helpful command, and yet doesn't work for me...

by Communicator in

Why do I only see 10 results/columns in my count table?

When I run this search - source="*conn.log" | rex field=_raw "\.IP = '(?<connectionIp>[^']+)" | fields host, conne...

by Builder in

How do I report on message volume over time

We are attempting to create a report that compares message traffic for the past two complete weeks. We have this ...

by Builder in

Managing Eventtypes and Tags

Any recommended best practices for managing eventtypes and their corresponding tags? I've found the Splunk Common ...

by Path Finder in

"Invalid Regex: no named extraction" in the interactive field extractor

What is wrong with this regex? (?P<AUTH_PIN_TYPE>[^ ]+)( [^ ]+){2}$ The interactive field extractor gives this...

by Path Finder in

How do I refer to the first, nth or last value of a multivalue field?

I am using the transaction command to sessionize web access log events and therefore have made referer, uri etc. into...

by Explorer in

How do I group and identify a set of events based on a time range?

Let say I have events coming in everyday and I want to group the events as Monday's events, Tuesday's events, and so ...

by Explorer in

How to best determine IP range membership?

Use Case: Find Juniper firewall events where the source/destination IP (Src_Zone/Dst_Zone) does or does not belong in...

by Builder in

Can the transaction command be used to group events where different fields have the same value?

Use Case: Correlate logon events from a Windows desktop to events on the domain controller. Sample (shortened) eve...

by Builder in

Can I alert when the value of a field changes?

I've got an application that logs status events. The values in these events generally will not change. Is there a sea...

by Contributor in

Error on using eval in a subsearch

What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<Re...

by Path Finder in

How do I search for a single specific event?

Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...

by Contributor in

Speak Up for Splunk Careers!

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Splunk Search

Discussions

maxresults and stats command

How do I search across a specific or custom time range within each hour of the day?

How to assign a value to a key when working with fields?

How do i perform a UI search via the CLI

How to I specify a minimum time between events?

what does connected mean in transaction

annotated raw field in transactions

View dashboard subsearches using HiddenSearch

what will it take for MULTIKV to format a table (1 header row, 1+ data rows) properly?

Why do I only see 10 results/columns in my count table?

How do I report on message volume over time

Managing Eventtypes and Tags

"Invalid Regex: no named extraction" in the interactive field extractor

How do I refer to the first, nth or last value of a multivalue field?

How do I group and identify a set of events based on a time range?

How to best determine IP range membership?

Can the transaction command be used to group events where different fields have the same value?

Can I alert when the value of a field changes?

Error on using eval in a subsearch

How do I search for a single specific event?

We want to better understand the impact Splunk experience and expertise has has on individuals' careers, and help highlight the growing demand for Splunk skills.

Share your experience in our
Career Survey Now!

Lookup table help

How to set span for 1day and 2 hours?

Event Spliting

DBSCAN Cluster Visualization Interpretation, Machi...

Retain special characters at the end of field valu...