Splunk Search

Discussions

Thread Info

How to count the status (ERROR or SUCCESS) for the list of clients accessing the application

Hi, I am a newbie in Splunk Enterprise. I have to write a splunk query to get the status of the clients accessing the...

by Explorer in

How do real-time searches identify both index and search-time fields if it processes data that hasn't been indexed yet?

I have gone through the Splunk Docs. It's saying that real-time search is basically used to search events before they...

by Communicator in

Why is my regex in transforms.conf to filter Windows Events on a heavy forwarder not working?

Hi, I'm using the Syslog server to gather all my Windows events. Right now, I'm trying to use a Splunk Heavy forwa...

by Explorer in

Search for either of two values, given only one value

I'm trying to lookup all lines that have EITHER a Matching Name or Phone, when given ONLY the Name to search for. And...

by Path Finder in

Capturing the final value from the final event in a transaction?

I have created a transaction that may contain one or more of these three log level types logLevels i.e. METRIC/INFO/W...

by Builder in

After saving a search as an alert and choose "add to triggered alerts", why do I not see anything in triggered alerts?

I have been trying to save a search as an alert and make sure I "add to triggered alerts". It appears under settings>...

by Path Finder in

How to track state changes for RDP sessions and generate a report show durations with start and end times?

So I am looking for help, I guess I just found something I can't do with Splunk... and I know I'm wrong, only I can't...

by New Member in

How do I create a faceted, multi-filter search with counting over multiple fields?

I'm writing a generic search layer that allows our users to have drilldown, faceted search experience. This means tha...

by New Member in

How do I extract these two fields from my sample data with regex?

Hello, I have this log below and I would like to extract the field Message and Trace. When I use the regex created...

by Engager in

Loop through lookuptable to produce averages

Hello Splunkers, I have static values (user groups) that I need to loop through to produce the results for each of...

by Path Finder in

How to search for transactions where the first event, A, happens 1 minute after the start of the search time range to deal with time drift?

I am running a search for multiple events over a range of time. In that search, I want to only find events of one spe...

by Engager in

How to search a count of events by index-name every day and output a table with certain numeric and case formatting?

All I want is a table like this with a little style: _time INDEX1 (events) INDEX2 (events) INDEX3 (e...

by Contributor in

Convert bytes to GB

Splunk noob here. I've been visting this site for awhile now so i decided to create my own account so I can learn mor...

by New Member in

Why does our heavy forwarder host_regex configuration work for Linux, but not Windows?

We are having issues getting Splunk to process log files in windows, The identical configuration works in linux. A...

by Path Finder in

Conditionaly Change form input variable value in the form search query

I have a form that is doing SQL seach and Splunk Search using one veriable input text. When I want to use a wild card...

by Motivator in

How to search for a field name that a value exists for?

I've been noodling on a problem that I can't seem to easily solve. We are bringing in JSON documents that describe fi...

by Contributor in

How can I add a name from a lookup CSV file to a tstats command data model?

Hello Everyone, I want in my reports display the name of the owner instead of the IP address. My report right now...

by Explorer in

How to get a timechart with a backup source in case the preferred source does not exist?

Hi, I have two different sourcetypes that I can graph like this: eventtype=mlc sourcetype=lts_timings host=X |...

by Communicator in

Can I use a search head in a search head pool to search both clustered and non-clustered indexers?

Hi, I am running Splunk 6.1, using Search Head Pooling. Our search heads currently search indexers that are cluste...

by Champion in

How can I see my newly created field alias in a search?

I added an alias field named event_type from the Splunk settings page, but I cannot find the new alias field in the s...

by Explorer in

Why would Search return results from old logfiles when newer ones exist.

I want to search all the logs for my Device, they're txt files and the directory structure is like this: c:\program f...

by Communicator in

How to combine two consecutive events into one based on the content of the first event?

Hello, I would like to combine 2 events into one based on the content of the first one. So every time I find a...

by Super Champion in

How do we display percentage on a pie chart?

I get below Pie chart for my SPL query . It is interactive shows the percentage when I place a mouse on the pie, howe...

by Explorer in

How can I create a chart for each column?

I have 10 columns with the name of a server, and each server has its average per day. How can I create a panel for ea...

by Engager in

Can search deal with bracket expansions?

I'm using splunk in HPC use cases that can span hundreds or even thousands of machines contiguously or potentially in...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to count the status (ERROR or SUCCESS) for the list of clients accessing the application

How do real-time searches identify both index and search-time fields if it processes data that hasn't been indexed yet?

Why is my regex in transforms.conf to filter Windows Events on a heavy forwarder not working?

Search for either of two values, given only one value

Capturing the final value from the final event in a transaction?

After saving a search as an alert and choose "add to triggered alerts", why do I not see anything in triggered alerts?

How to track state changes for RDP sessions and generate a report show durations with start and end times?

How do I create a faceted, multi-filter search with counting over multiple fields?

How do I extract these two fields from my sample data with regex?

Loop through lookuptable to produce averages

How to search for transactions where the first event, A, happens 1 minute after the start of the search time range to deal with time drift?

How to search a count of events by index-name every day and output a table with certain numeric and case formatting?

Convert bytes to GB

Why does our heavy forwarder host_regex configuration work for Linux, but not Windows?

Conditionaly Change form input variable value in the form search query

How to search for a field name that a value exists for?

How can I add a name from a lookup CSV file to a tstats command data model?

How to get a timechart with a backup source in case the preferred source does not exist?

Can I use a search head in a search head pool to search both clustered and non-clustered indexers?

How can I see my newly created field alias in a search?

Why would Search return results from old logfiles when newer ones exist.

How to combine two consecutive events into one based on the content of the first event?

How do we display percentage on a pie chart?

How can I create a chart for each column?

Can search deal with bracket expansions?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions