Splunk Search

Community Activity

How do I use rex to extract fields from my sample data and get the count? I want to extract fields. This is the log: country=us,name = [peter, susan, jack],city=nyc When I do this: \| ... by melodyqu2015 New Member in Splunk Search 12-16-2015 0 4	0	4
How to search for IP addresses that have been hit on more than one port within a short period of time? I have been trying to figure out on how to do a search for IP addresses that were hit on more than one Port in a shor... by Securitas Engager in Splunk Search 12-16-2015 0 2	0	2
Why does placing "table _time" after timechart make x-axis labels disappear on JSChart? I have a simple search like: sourcetype="A" \| timechart span="1h" avg(x) as AvgCode and the resulting visualizatio... by greg Communicator in Splunk Search 12-16-2015 0 3	0	3
Why am I getting error "Invalid time bounds in search" using inputlookup on a CSV file containing date ranges? Hi, I'm trying to run this search: index="proxy" [\|inputlookup TEST.csv \| return 2 $IPs $dates] My TEST.csv file ... by abbam Explorer in Splunk Search 12-16-2015 0 6	0	6
How to increase subsearch maxout limit? Hello, I would like to run a scheduled report once. A very log time search, I don't care about performance or time t... by sistemistiposta Path Finder in Splunk Search 12-16-2015 1 4	1	4
How to get accurate transaction results for VPN Sessions which start or end at either side of the search time boundaries? Good morning. I hope you can help. I have been tasked with creating a chart for the top 25 users who spend the longe... by soniquella Path Finder in Splunk Search 12-16-2015 0 3	0	3
How do I edit my search to display users with more than 2 login failures on a server? I am trying to craft a search which will display the users who have failed logins more than 2 times against a server.... by syks New Member in Splunk Search 12-16-2015 0 1	0	1
How to search a list of IPs between specific time ranges from a lookup CSV file? I am looking to search for a given value (an IP in this case) between a specific time range. This is easy to do as a ... by rusty009 Path Finder in Splunk Search 12-16-2015 0 2	0	2
pass a subsearch result to the head command I am trying to pass the numeric result of a subsearch to the head command with no success, can anyone see what I am d... by proylea Contributor in Splunk Search 12-16-2015 0 7	0	7
How do I edit my search to only display results based on these conditions? index=app sourcetype=epcpromotionsevent \| stats count as num by eventName,hotelId The search above will display co... by manhuang Explorer in Splunk Search 12-16-2015 0 4	0	4
Why is the cluster search command not returning any data? Hi, I'm trying to use the Cluster Command to list our Authentication API used by Client IP's. Through searching the ... by tfaqir99 New Member in Splunk Search 12-16-2015 0 5	0	5
Inconsistent results when searching using dedup sortby -_time I'm monitoring log files and want to generate reports using the most recent event types I'm seeing an inconsistent n... by dstark75 New Member in Splunk Search 12-15-2015 0 1	0	1
Why am I getting different results for "stats count" and "tstats count"? Hi All, I'm getting a different values for stats count and tstats count. Sometimes the data will fix itself after a ... by thippeshaj Explorer in Splunk Search 12-15-2015 2 10	2	10
How do I filter out DEBUG entries from a linux / Unix logfile with the heavy forwarder? We're having some licensing violations when we need to turn on DEBUG on some of our services and we'd like to just ha... by gozulin Communicator in Splunk Search 12-15-2015 0 5	0	5
Does Splunk support any Identity Providers other than PingFederate's Ping Identity? I am trying to integrate Splunk with an internal Identity Provider but have been unsuccessful. I know that Splunk su... by jonesnadiam Path Finder in Splunk Search 12-15-2015 0 1	0	1
how can you search a lookup table for a value entered in a text box? I am trying to write a search where I pull data from a lookup table where one field in the lookup matches the value e... by darlas Communicator in Splunk Search 12-15-2015 0 2	0	2
How to create a timechart using eval to create the fields and control the values by date? I think this can be done, but I am having some troubles... This is what i am starting with, but not sure how to get ... by HattrickNZ Motivator in Splunk Search 12-15-2015 0 2	0	2
Can i have a download option for the graphs created in splunk ? Hi , I have created a form search which gives me a bar graph output. can i have a download option for downloading th... by rakesh_498115 Motivator in Splunk Search 12-15-2015 2 3	2	3
How do I edit my search to get the average response time without using the transaction command? I am trying to get average response time without the transaction command. Events are running into millions, so the se... by nidhiagrawal Explorer in Splunk Search 12-15-2015 0 2	0	2
How to create a report on error codes and how many times each occurred over a period of time using regex and timechart? In my application, it will print some error codes like OPT-00A001, OPT-00A002, OPT-00A003, upto OPT-00A010. I need to... by parameshjava Explorer in Splunk Search 12-15-2015 0 2	0	2
How to display filler gauge displays horizontally in Simple XML? How to display filler gauge displays horizontally in simple xml by nravichandran Communicator in Splunk Search 12-15-2015 0 2	0	2
How to create a search to show a trending single value for the last 60 minutes of data with a trending arrow comparing the previous 60 minutes? Hi, Sorry if this has been answered before, however, I am struggling with a search that I am trying to build. The ... by mattusr Explorer in Splunk Search 12-15-2015 1 2	1	2
How to break events on Particular field using Regex or any other process? Hi All, Below is my event data: Issue 1: 11/11/15 1:26:01.000 PM Job Id, Class Id,"Id","Success","Created","Err... by mprreddy51 Explorer in Splunk Search 12-15-2015 0 1	0	1
How to write a search to return values from source1 that do not appear in source2 and source3? Hi Splunkers, I have three sources in my Splunk deployment: (all_cardnumbers.csv, fraud_detect1_card.csv and fraud_... by dfigurello Communicator in Splunk Search 12-15-2015 0 2	0	2
How to transform this date format from 20151412 to 2015-14-12 using rex? Hi, I am getting the input source file date from the name of the file itself (sourcefilename20151412.csv), like this... by bruno_eduardo Path Finder in Splunk Search 12-14-2015 0 4	0	4

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest! As your trusted partner in data innovation, the ...

Splunk Search

How do I use rex to extract fields from my sample data and get the count?

How to search for IP addresses that have been hit on more than one port within a short period of time?

Why does placing "table _time" after timechart make x-axis labels disappear on JSChart?

Why am I getting error "Invalid time bounds in search" using inputlookup on a CSV file containing date ranges?

How to increase subsearch maxout limit?

How to get accurate transaction results for VPN Sessions which start or end at either side of the search time boundaries?

How do I edit my search to display users with more than 2 login failures on a server?

How to search a list of IPs between specific time ranges from a lookup CSV file?

pass a subsearch result to the head command

How do I edit my search to only display results based on these conditions?

Why is the cluster search command not returning any data?

Inconsistent results when searching using dedup sortby -_time

Why am I getting different results for "stats count" and "tstats count"?

How do I filter out DEBUG entries from a linux / Unix logfile with the heavy forwarder?

Does Splunk support any Identity Providers other than PingFederate's Ping Identity?

how can you search a lookup table for a value entered in a text box?

How to create a timechart using eval to create the fields and control the values by date?

Can i have a download option for the graphs created in splunk ?

How do I edit my search to get the average response time without using the transaction command?

How to create a report on error codes and how many times each occurred over a period of time using regex and timechart?

How to display filler gauge displays horizontally in Simple XML?

How to create a search to show a trending single value for the last 60 minutes of data with a trending arrow comparing the previous 60 minutes?

How to break events on Particular field using Regex or any other process?

How to write a search to return values from source1 that do not appear in source2 and source3?

How to transform this date format from 20151412 to 2015-14-12 using rex?

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Data Management Digest – May 2026

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation