Splunk Search

Discussions

Thread Info

What does the "startup.handoff" value represent in the search job inspector?

Apologies if this is blatantly obvious. I have been troubleshooting search performance, and like many others, have...

by Path Finder in

Search Head Cluster captain election fails with error -NOT_LEADER CURRENT_STATE = FOLLOWER

We have 5 Node SHC member on splunk version 6.3. The Captain election is not suceeding. We followed steps and cleared...

by Communicator in

How to change the _time to X-axis in a time chart table?

Currently I am using the search below to generate an error codes report in my application. source="log_file_name.l...

by Explorer in

Is it possible to specify a regular expression for srchIndexesAllowed srchIndexesDefault in the role definition?

Is it possible to specify a pattern or regular expression for allowed and default indexes in the role definition? ...

by Explorer in

How to search for any account lockout events, then filter by Active Directory group membership?

I found another question on this same subject, but haven't found an answer. For instance, I'm trying to search for an...

by Explorer in

Pass String Field from Outer Search into Inner Map Search

My search looks like this: index=index_name source="Source A.csv" | eval Start2=strptime(Start, "%m/%d/%Y%H:%M") ...

by Communicator in

A tabular report on list of unique exceptions and # of occurrences

Hi I'm new to splunk. I want to search "exception" over a lot of different types of log files with a return of a tabu...

by Explorer in

How to stream real-time search results into a summary index or another index?

I had some pre-processing requirement using splunk real-time search, so once I put together those results, I would li...

by Communicator in

How to parse a time duration of the format "4s", "9.1ms", etc.

The default duration output from go (golang) is to use a single float with one or two characters identifying the unit...

by New Member in

Why does a tstats search for an accelerated data model require allow_old_summaries=t (or: tstats has no results in some apps)

Experience Seen: in an ES environment (though not tied to ES), a | tstats search for an accelerated data model return...

by Splunk Employee in

How to write the regex to extract a field from XML data if the field is not completely XML?

Hi I have a field which I would like to extract a field from the XML being displayed. The only problem is the fie...

by Explorer in

Can anyone explain how this transaction search for average request execution works?

Can anyone please explain this search? It's for average request execution: index=main sourcetype=access_combined O...

by Builder in

How can I extract multiple email values from a single field in a CSV?

I have a CSV with a fields Recipient, Sender, File name..etc which is currently set to be monitored from a remote mac...

by Communicator in

How to make HTML table column width's adjustable?

I am using TableElement/TableView component in my HTML dashboard to render a table. My search results are showing up...

by Communicator in

Why are my nested subsearches failing?

Hello, I'm running into a problem where if I nest subsearches too far, I start to return no results. I'm unable t...

by Explorer in

Pie charts are not loading on dashboard

I have used javascript to display pie charts on dashboard. It works fine with other browsers on windows as well as ub...

by New Member in

How to get previous search results as a sub-search

Hi all, hope you can help me with this question. What I'm trying to do is, given the information Splunk keeps abou...

by New Member in

Can AND or OR be used in case statements in eval expressions?

Right now I have a search that contains c(eval(status<=400)) AS SUCCESS c(eval(status>400)) AS FAILURE. This works, p...

by Explorer in

Which of my two searches is more accurate for monitoring scheduled searches?

Hi to all, I'd like to know the difference between two kind of results that I get with 2 different searches: 1...

by Communicator in

Regular Expression to Extract Values From a Field

Hello Ninjas, Am having some trouble trying to figure out how to use regex to perform a simple action. So I hav...

by Explorer in

How do I edit my "eval field=substr..." syntax to remove part of a stacktrace after a certain string?

Hi I'm trying to create a dashboard where I count stacktraces in the logging. (the long term goal is to get rid o...

by Engager in

HTML Drop-down Search not populating

I have a KVstore and created a drop-down input filter. I can't seem to get it to filter my data. The drop-down lists ...

by New Member in

How to create drop-down search inputs in HTML to filter my data?

I want to have search inputs/drop downs that can filter out my data similar to this question: https://answers.splunk....

by New Member in

Is there a way to display a different name in a drop-down list, but use the original string value in the search using the chart replace function?

Hi I have a drop-down and Chart/List. The chart should show the event on the item selected from list. Is there...

by New Member in

streamstats to get last value with field clause

I'm using streamstats to get some values from the last event, but I need to do it where that last event has a propert...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What does the "startup.handoff" value represent in the search job inspector?

Search Head Cluster captain election fails with error -NOT_LEADER CURRENT_STATE = FOLLOWER

How to change the _time to X-axis in a time chart table?

Is it possible to specify a regular expression for srchIndexesAllowed srchIndexesDefault in the role definition?

How to search for any account lockout events, then filter by Active Directory group membership?

Pass String Field from Outer Search into Inner Map Search

A tabular report on list of unique exceptions and # of occurrences

How to stream real-time search results into a summary index or another index?

How to parse a time duration of the format "4s", "9.1ms", etc.

Why does a tstats search for an accelerated data model require allow_old_summaries=t (or: tstats has no results in some apps)

How to write the regex to extract a field from XML data if the field is not completely XML?

Can anyone explain how this transaction search for average request execution works?

How can I extract multiple email values from a single field in a CSV?

How to make HTML table column width's adjustable?

Why are my nested subsearches failing?

Pie charts are not loading on dashboard

How to get previous search results as a sub-search

Can AND or OR be used in case statements in eval expressions?

Which of my two searches is more accurate for monitoring scheduled searches?

Regular Expression to Extract Values From a Field

How do I edit my "eval field=substr..." syntax to remove part of a stacktrace after a certain string?

HTML Drop-down Search not populating

How to create drop-down search inputs in HTML to filter my data?

Is there a way to display a different name in a drop-down list, but use the original string value in the search using the chart replace function?

streamstats to get last value with field clause

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!