Splunk Search

Ask a Question

Discussions

Thread Info

Can I force Splunk to set a minimum number of bins for timechart?

Hi, I have a timechart with some data (earliest and latest); Splunk displays 2 bins, and I want to have 20 bins. M...

by Communicator in

use rex to extract last word/number in a line

Hi, I have logs like theses: blah blah (Linux+amd64+2.6.18-308.11.1.el5;+Java+HotSpot(TM)+64-Bit+Server+VM+20.5...

by New Member in

How do I represent an Eval result with timechart?

Hi, With the support of Splunk's community, I have this search below. However, right now I would like to take the ...

by Engager in

Why are some default fields not being extracted for data coming in via TCP syslog with my current props and transforms.conf?

I have data incoming via TCP syslog. I have created the following transforms to process them: etc/system/local/pro...

by Explorer in

Splunk Stream question

I work for energy capture and storage organisation and we were thinking of using Splunk to capture data from our main...

by Contributor in

Merge 'sourcetype-too_small' with 'sourcetype'

I have the same sourcetype log files separated in different directories by day, and different files for every hour. S...

by Engager in

How can I get external JavaScript framework app to wait until the search has completed before executing additional code?

I need my app to wait until the search has completed before it executes additional code. I'm using the following meth...

by Builder in

What is a Web server, which is used in splunk?

What is a Web server, which is used in splunk? Splunkで使用しているWebサーバーは何ですか？

by New Member in

How to retrieve Chart Title and use it in the search?

I am wondering if it is possible to get the value of the chart title and use it/reference it in the search? <panel...

by New Member in

How to create a dashboard panel of alerts triggered in the past 24 hours that also displays the alert search results?

I have set up alerting for my app such that it emails the user whenever the count or volume for today is outside of a...

by Contributor in

If I delete all accelerated searches inside a summary index, would it delete the summary as well?

I have a massive summary index that contains multiple searches that I have selected to use acceleration. Instead o...

by Path Finder in

How to search the list of devices that have sent logs the past 30 days, but not within the last 24 hours?

Dear Experts, I am looking to find the difference in the devices sending logs in the last 24 hour with devices whi...

by Path Finder in

How and where do I filter logs with regex before indexing?

I have a .txt log file and it has many patterns in it. I need logs of only a particular pattern. How and where can I ...

by Path Finder in

Unable to find the difference in time between two events. What am I doing wrong?

Hello, I am trying to report on the differences in time between two events. To do so seems straightforward enough. Ta...

by Communicator in

Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?

I am trying to run a search ( Macro) but I am not able to get past this error "The remote server returned an error: (...

by New Member in

How to mask sensitive data in search from any app in Splunk

I have looked at answers for this already, but when I try any of them, my search still shows the unmasked data. Sa...

by Explorer in

Trying to chart ONLY the reprocessed cartons.

(Data coming from a PLC Conveyor system.) I'm trying to show how many cartons were RE-processed manually, each day, d...

by Path Finder in

How to use geostats with a lookup containing Zip Codes, Population, and Latitude/Longitude to aggregate number of events against Population?

Hey guys, So I have events that contain a lat / long. Here's an example of an event from the access log /searc...

by New Member in

How to use the email sender from one search as input for another search?

Hello, I'm still learning a lot about Splunk so bear with me. My current search: 'get_phished' | stats value...

by Contributor in

Why is my "NOT [subsearch...]" still returning events that should be excluded from results?

Hi, I wonder whether someone may be able to help me please. I've put together the following search which: For e...

by Motivator in

How do I use eval with two searches and format the result as a Single Value?

Hi, I've done a search that uses eval with two searches to get the final result. Then, I'm trying to see the resul...

by Engager in

Calculate Between Current Date and 30 Days

Hi, I wonder whether someone may be able to help me please. I'm trying to put together a search which extracts rec...

by Motivator in

How to import a list of IP and port pairs, then compare this against firewall logs to generate statistics?

I regularly generate a list of IP addresses and port pairs for which I should see traffic, and I log firewall traffic...

by New Member in

Can we change how limit function behaves in chart command?

When using limit function in chart command, Splunk automatically adds columns and filters based on largest number. ...

by Engager in

What do I need to change to make this regex work in Splunk?

I've been fighting with and researching Splunk regex for the past month, and I just cannot seem to get the PCREs bein...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can I force Splunk to set a minimum number of bins for timechart?

use rex to extract last word/number in a line

How do I represent an Eval result with timechart?

Why are some default fields not being extracted for data coming in via TCP syslog with my current props and transforms.conf?

Splunk Stream question

Merge 'sourcetype-too_small' with 'sourcetype'

How can I get external JavaScript framework app to wait until the search has completed before executing additional code?

What is a Web server, which is used in splunk?

How to retrieve Chart Title and use it in the search?

How to create a dashboard panel of alerts triggered in the past 24 hours that also displays the alert search results?

If I delete all accelerated searches inside a summary index, would it delete the summary as well?

How to search the list of devices that have sent logs the past 30 days, but not within the last 24 hours?

How and where do I filter logs with regex before indexing?

Unable to find the difference in time between two events. What am I doing wrong?

Why is remote server returning error: (400) Bad Request trying to run a search macro using C#?

How to mask sensitive data in search from any app in Splunk

Trying to chart ONLY the reprocessed cartons.

How to use geostats with a lookup containing Zip Codes, Population, and Latitude/Longitude to aggregate number of events against Population?

How to use the email sender from one search as input for another search?

Why is my "NOT [subsearch...]" still returning events that should be excluded from results?

How do I use eval with two searches and format the result as a Single Value?

Calculate Between Current Date and 30 Days

How to import a list of IP and port pairs, then compare this against firewall logs to generate statistics?

Can we change how limit function behaves in chart command?

What do I need to change to make this regex work in Splunk?

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions