Splunk Search

Discussions

Thread Info

"Your maximum number of concurrent searches has been reached" Why are scheduled reports not cached?

Background: I created a dashboard (actually a few dashboards) that used many heavy hitting searches. Well, the Splunk...

by Path Finder in

How do I find the time difference between these two events?

Hello, I have following events: event 1: product_category=dvd product_name="the martian" event=to_basket eve...

by Explorer in

Using an eventtype/tag to create a field based on a sessions direction per CIDR

I want to have a field/something called traffic_direction that will populate with the values "internal", "inbound", o...

by Explorer in

Group result by fields combination and generate a table

I have a search that will return 4 fields from a report database, say f1, f2, f3, f4. I want to group result by combi...

by Path Finder in

サーチ文chart で表示させる列数について

スクロールバーは表示されているのにPIVOTと違いサーブ文でchartで表示される列(データ項目)数が不足するのですが、これはSplunkの不具合なのでしょうか。回避策あるいは、対応方法はあるのでしょうか。ダッシュボードの場合、...

by Explorer in

How to create dashboards so they update/refresh search results?

I save dashboards from both search and report, and it appears that the dashboards run the search every time it is bro...

by Path Finder in

Is there a way to tell if a lookup file is in use on a dashboard, report, or alert without manually checking each of these searches?

I employ a fair number of lookup files across my app which is heavily populated with dashboards and reports. Quest...

by Path Finder in

Display row numbers in output

I am indexing a CSV file into Splunk and wish to display the row number in a seperate column called 'row count'. E...

by Communicator in

How to filter a search result based on the results of another search?

I have 2 searches: search AAA|table User Search BBB|tabble User How can I filter the result of Search AAA so i...

by Explorer in

Specifying a date range in field extraction window

Hey guys, I am looking through a very very very large log of files for events. In the normal search screen, you ca...

by Path Finder in

Trying to bring in an NFS share of JSON files, why are they coming up as individual line items when I search with no field extractions?

All, Trying to bring in a NFS share of JSON files, but they are coming up as individual line items when I search ...

by Builder in

How do I monitor Splunk's latest event timestamp or index count from another tool?

We recently had an issue where Splunk services were up and running, but new data wasn't being indexed. I'd like to ca...

by New Member in

How to make a report with TOP and Table?

I would put in the same report the "TOP logon failures" and below the table with _time and all failures. The TOP s...

by New Member in

Can you tell Auto KV to honor values within single quotes instead of double quotes?

I feel like I should know the answer to this, but just in case I missed something.... Splunk automatically handles...

by Super Champion in

How to extract key/values from a string?

Hi, Well, there must be a really easy answer for this, but I seem to be mentally blocked.  So if I have fi...

by Contributor in

What is the practice for including additional info to searches (i.e. registration date)?

I have a registration log and a session log. When performing a search against the session log, I would like to know i...

by Builder in

Why do I get no results when search internal indexes?

Why does the search index=_internal not return any results?

by Splunk Employee in

How to extract the earliest and latest dates for a certain time range to filter the values of a lookup containing a list of dates?

I need to extract the first and the last dates of a period to use to filter the values of a lookup table containing a...

by SplunkTrust in

How do I edit my regex to parse fields correctly if a field delimiter appears within a field?

Hi, Another regex problem I'm afraid..... I've got a very long event with 37 fields where all the fields are qu...

by Path Finder in

How to edit my search to sort by subtotal?

Hi at all I have to show the subtotal of a stats command, but the problem is to sort the results. My search is: ...

by SplunkTrust in

Blue Coat Proxy Logs - User Agent Field Extraction

I can't find how to extract the User Agent field from the Blue Coat proxy logs. I couldn't find the correct answer ye...

by Contributor in

Regex for field extraction is not working properly

I just did a regex for proxy fields extractions and it seems that is not working as it should have. Not sure why. Fie...

by Contributor in

How to use a lookup file to create a new field? (Ex: Http Status code and description from csv file -> create new field http_description)

Hi , How do I create a new field based on the lookup file (csv file has tow columns - status , description). Now I wa...

by Path Finder in

How to plot every minute between a start and end time for multiple events on a timechart?

All, I hope someone can help me. I am trying to plot every minute of an event between a start and end time to get...

by Path Finder in

How to deduct two sums

I am trying to sum 2 Fields of a search and then deduct the one from the other: my idea is not working: | stats...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"Your maximum number of concurrent searches has been reached" Why are scheduled reports not cached?

How do I find the time difference between these two events?

Using an eventtype/tag to create a field based on a sessions direction per CIDR

Group result by fields combination and generate a table

サーチ文chart で表示させる列数について

How to create dashboards so they update/refresh search results?

Is there a way to tell if a lookup file is in use on a dashboard, report, or alert without manually checking each of these searches?

Display row numbers in output

How to filter a search result based on the results of another search?

Specifying a date range in field extraction window

Trying to bring in an NFS share of JSON files, why are they coming up as individual line items when I search with no field extractions?

How do I monitor Splunk's latest event timestamp or index count from another tool?

How to make a report with TOP and Table?

Can you tell Auto KV to honor values within single quotes instead of double quotes?

How to extract key/values from a string?

What is the practice for including additional info to searches (i.e. registration date)?

Why do I get no results when search internal indexes?

How to extract the earliest and latest dates for a certain time range to filter the values of a lookup containing a list of dates?

How do I edit my regex to parse fields correctly if a field delimiter appears within a field?

How to edit my search to sort by subtotal?

Blue Coat Proxy Logs - User Agent Field Extraction

Regex for field extraction is not working properly

How to use a lookup file to create a new field? (Ex: Http Status code and description from csv file -> create new field http_description)

How to plot every minute between a start and end time for multiple events on a timechart?

How to deduct two sums

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown