Splunk Search

Ask a Question

Discussions

Thread Info

strptime/strftime not working

Hi, I am a newbie to splunk and would like to know how to solve the following problem. I have a SharePoint dump wh...

by Engager in

How to perform calculations based on rex extracted fields?

index=aap_prod sourcetype="HDP:PROD:OOZIE" | rex "TOKEN\[\] APP\[(?<JobName>[^\]]*)" | rex "ACTION\[[^\@]*(?<Actio...

by Communicator in

Have to remove the last section of IP addresses before getting a stats count for each one?

Hi, I have a list of IPs, and I want to create a chart showing traffic from them, but I also want a version which ...

by Path Finder in

How to count by Week not using Splunk Timestamp

Problem I want to be able to create a timechart that outlines the company's incident count by week. The issue I...

by Path Finder in

How would you retrieve the latest indexed set of data with non-unique records? Example provided.

Example data; (This is one run of a DBX dump input to an index.) ComputerName1, Application1, _time1 ComputerName1...

by Communicator in

Check Point: Linking events together to produce a results set

I am looking to build a dashboard where a user can submit a session number & retrieve the entire history of a session...

by Explorer in

Is it possible to use ".exe" as an External Lookup?

Hi, Is it possible to use ".exe" as an External Lookup? Everything I make a lookup in a search I receive the fo...

by Explorer in

Help with regex to extract time in milliseconds

Hi, Can someone help me extract the time in MS from the following log line? Dec 15, 2015 9:35:08 PM org.apache....

by Path Finder in

Is there a way to keep specific logs for a longer retention time for historical searches?

Is there a way in Splunk to tag some specific logs and keep them for longer retention time? So for example, I want to...

by Contributor in

Is it possible and/or advisable to host an external lookup file on a Windows share to be used by multiple search heads?

Hi! Is it possible and/or advisable to host a lookup file on a Windows share? We are considering putting it on a ...

by Path Finder in

Join 3 tables together with conditions

Hi there, I'm into correlation searches now and I'm stuck on a problem combining tree tables, while certain condit...

by Motivator in

Add Custom Search Command to Search Help

How can someone add a custom search command to the list that search help pops up? I have already added a new custo...

by Splunk Employee in

How to extract a field that appears in 3 different formats?

Hello, I am using Splunk Light to create a proof of concept with Splunk. I have imported a .csv file. One of ...

by Engager in

How to add a field extraction to an existing default field?

I have logs that do not use the default name value format for the user field. When I add a field extractor for my use...

by Path Finder in

Eval Error In Search Statement

I'm receiving the following error message on a search: Error in 'eval' command: Failed to parse the provided argument...

by Explorer in

How to write a search to get a list of all the source files that were indexed today?

Hi Team, I have a forwarder installed and configured to forward logs that it is receiving daily. The timestamp in ...

by Motivator in

Splunk _time is not working with Inner join

We have an inner join on two indexes. When we are querying with time controller its not showing data properly with To...

by New Member in

How do get the combined search result?

I want to get the combined result of two events. E.g The first event have reference ID, Name & IP and the second even...

by Explorer in

How to run Splunk searches in a custom REST endpoint?

I have implemented a custom rest end point and it's working. Now I have another requirement to run Splunk searches in...

by Communicator in

After deploying a new app to our search head cluster, why am I getting search error "Search process did not exit cleanly, exit_code=255"?

Search process did not exit cleanly, exit_code=255, description="exited with code 255". Please look in search.log for...

by Communicator in

unable to process binary log file

i have splunkforwarder running but once a while we run into issue with the following error about file being binary - ...

by New Member in

Why am I unable to match two fields from two sourcetypes using mode=sed with rex?

I have two sourcetypes that have URL fields. I am attempting to remove the . so that both fields are just letters and...

by New Member in

Splunk Api query returns inconsistent results

Hello, I am getting inconsistent results from splunk for below queries. query1: search index=index01 AND statu...

by Explorer in

How to edit my current search to convert table data into a timechart or chart?

Hello - I am currently looking to create a timechart or chart (line or bar graph) to display table data I have cre...

by Contributor in

Difference of fields with the same name in a transaction

Given data of the form: [OPEN PLAN START] Guid=358846c0a0e9, AvailRAM=4555 ... [OPEN PLAN END] Guid=358846c0a0e9, Ava...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

strptime/strftime not working

How to perform calculations based on rex extracted fields?

Have to remove the last section of IP addresses before getting a stats count for each one?

How to count by Week not using Splunk Timestamp

How would you retrieve the latest indexed set of data with non-unique records? Example provided.

Check Point: Linking events together to produce a results set

Is it possible to use ".exe" as an External Lookup?

Help with regex to extract time in milliseconds

Is there a way to keep specific logs for a longer retention time for historical searches?

Is it possible and/or advisable to host an external lookup file on a Windows share to be used by multiple search heads?

Join 3 tables together with conditions

Add Custom Search Command to Search Help

How to extract a field that appears in 3 different formats?

How to add a field extraction to an existing default field?

Eval Error In Search Statement

How to write a search to get a list of all the source files that were indexed today?

Splunk _time is not working with Inner join

How do get the combined search result?

How to run Splunk searches in a custom REST endpoint?

After deploying a new app to our search head cluster, why am I getting search error "Search process did not exit cleanly, exit_code=255"?

unable to process binary log file

Why am I unable to match two fields from two sourcetypes using mode=sed with rex?

Splunk Api query returns inconsistent results

How to edit my current search to convert table data into a timechart or chart?

Difference of fields with the same name in a transaction

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Stats tables showing empty cells

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas