Splunk Search

Discussions

Thread Info

outputlookup is limited to 10,000 results

I need to create an outputlookup file with more than 10,000 results. I've looked through the limits.conf examples and...

by Communicator in

Persistent queues splunktcp

Persistent queues are not available for splunktcp, I use several Forwarders on networks n, sending to a central forw...

by New Member in

difference between user and author field

Hi Guys, What is the difference between user and author fields along with the fields below as well? title, auth...

by New Member in

How to extract fields from JSON data based on API calls?

Hi I have the below json file in Splunk. How do I extract based on api calls? Eg. apiname coun...

by New Member in

How to create a host scanning report to count the number of IPs an external IP has connected to within 1 minute?

I don't know if this has been answered in another question, but I'm trying to run a report for external IPs that have...

by Engager in

My search returns results, but when I save it as a dashboard panel to display a visualization, why does it display nothing or "waiting for data"?

Hello I enter in the search: index =main | timechart count by sourcetype And I "save as" a dashboard pane...

by Path Finder in

How to compare logins (users) and IP addresses from server log files to a standard list in a lookup and alert if they do not match?

I have a couple logins (user) and the ip addresses (c_ip) in a lookup table. As a true test to make a search to compa...

by New Member in

How to get total count and average count of users by file name?

I'm trying to calculate Total count and avg(count) of users on a specific file... I don't think it's the right way...

by Builder in

'splunk status' return code

When I issue 'splunk status' on Linux, the exit code is 0 even when splunk is not running. This makes it hard to use ...

by Explorer in

How to calculate peak rate of certain transactions as well as avg/min/max

I have a log that records a transaction name, channel, and timing information, and need to calculate the maximum rate...

by SplunkTrust in

Why is my inputlookup search suddenly producing error "regular expression is too large"?

We use inputlookup to run large numbers (thousands) of indicators against network traffic in our org. This has worked...

by Path Finder in

How to edit my search to get the last N transactions since current time?

I have defined a transaction based on a JobID and I want to list the last N transactions. How can I do this?? sour...

by Engager in

How can I populate a lookup without filling up my search queue

I run a scheduled search over 100 days that baselines some user behavior and then saves the results off to a lookup.c...

by Communicator in

How can we write a real-time or relative search to check server uptime for last 30 seconds?

Hi, We have below search which would give us server uptime. We need to select ALL TIME or last time server recorde...

by Path Finder in

How do I extract part of a URI and store this string as a new field so I can run statistics on it?

Hi! I need to extract part of a uri and store this string in a field to run statistics on it. http://www.somethin...

by New Member in

What are the main differences between Splunk 6.3.1 and 6.3.2?

Hello, In December 2015, Splunk issued a minor upgrade (6.3.2) which is fixing bugs. Currently we have Splunk 6.3....

by Path Finder in

When using the transaction command, how do I format the duration into H:M:S?

I'm sure this may have been asked before. When using transaction, I would like to format the duration into H:M:S, my ...

by Explorer in

How can I extract key value pairs with spaces in the keys?

I am trying to extract data from plain text files which contain data like this: Angle Transverse Current (A): 0....

by Path Finder in

Why do I have events missing from search results depending on the time range?

I have a search that is returning 27 events within a 10 minute window. If I increase the window to 40 minutes, pullin...

by New Member in

Is there a way to send AMQP messages from Splunk?

We need to publish messages based on events in Splunk. Is there a way to get Splunk to publish events using AMQP? At ...

by Path Finder in

New search using values from first search

Hi all, I can't seem to figure out how to use the values from a search and use those values to kick off another ne...

by Path Finder in

Extract Milliseconds

Hi, I wonder whether someone could help me please. I'm using the query below to extract information about searches...

by Motivator in

Is it possible to have one checkbox that can be used to toggle between 2 difference searches on a dashboard panel?

I need to select two different searches for my table based on the toggle option. Please help

by New Member in

How do I get this stats count search result from the REST API?

Hi all! In the search box I wrote: source="AzureQueueToServiceBusRouter and Portal events" (FormSignInFailedMe...

by New Member in

Why is my field alias not recognized in a search?

I created in props.conf: FIELDALIAS-ipaddress = Asset IP Address AS ipaddress Now in the search, I select my ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

outputlookup is limited to 10,000 results

Persistent queues splunktcp

difference between user and author field

How to extract fields from JSON data based on API calls?

How to create a host scanning report to count the number of IPs an external IP has connected to within 1 minute?

My search returns results, but when I save it as a dashboard panel to display a visualization, why does it display nothing or "waiting for data"?

How to compare logins (users) and IP addresses from server log files to a standard list in a lookup and alert if they do not match?

How to get total count and average count of users by file name?

'splunk status' return code

How to calculate peak rate of certain transactions as well as avg/min/max

Why is my inputlookup search suddenly producing error "regular expression is too large"?

How to edit my search to get the last N transactions since current time?

How can I populate a lookup without filling up my search queue

How can we write a real-time or relative search to check server uptime for last 30 seconds?

How do I extract part of a URI and store this string as a new field so I can run statistics on it?

What are the main differences between Splunk 6.3.1 and 6.3.2?

When using the transaction command, how do I format the duration into H:M:S?

How can I extract key value pairs with spaces in the keys?

Why do I have events missing from search results depending on the time range?

Is there a way to send AMQP messages from Splunk?

New search using values from first search

Extract Milliseconds

Is it possible to have one checkbox that can be used to toggle between 2 difference searches on a dashboard panel?

How do I get this stats count search result from the REST API?

Why is my field alias not recognized in a search?

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions