Splunk Search

Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
rkdasari

After running a search, why am I unable to see an option "Save As" -> Alert?

hi, After doing a search, I am unable to see an option "Save As" -> Alert. I have logged in with my User Id. Could ...
by rkdasari New Member in Splunk Search 11-15-2015
0 2
0
2
pmcfadden91

Splunk DB Connect 1: How to edit my dbquery to add Total, Average, and Percentage columns to my results?

Hi, I have a DB query as below which displays the results as shown in the attached picture: | dbquery "PB CSL" lim...
by pmcfadden91 Path Finder in Splunk Search 11-15-2015
0 8
0
8
splunker12er

How to map similar extracted fields from Palo Alto logs with similar fields from Check Point OPSEC logs?

More than Splunk, this question is related to firewall logs - any help is very much appreciated. Desc: Mapping Key-v...
by splunker12er Motivator in Splunk Search 11-15-2015
0 1
0
1
hylam

I disabled a transforms.conf stanza in Splunk Web, but why is the regex field extraction still effective?

I have disabled the transform stanza in the GUI, but the regex field extractions are still effective. What's wrong? ...
by hylam Contributor in Splunk Search 11-15-2015
0 10
0
10
Masa

Does the multisearch command have a limit like subsearch?

I'm curious about the limit of the multisearch command. subsearch has limits in limits.conf. Is there any limit fo...
by Masa Splunk Employee Splunk Employee in Splunk Search 11-14-2015
4 2
4
2
hylam

How do I convert "3 days 5 hrs 40 min 11 sec" to seconds?

3*86400+5*3600+40*60+11=279611 The seconds part is always there. The minutes part exists when duration is at least ...
by hylam Contributor in Splunk Search 11-14-2015
1 10
1
10
hylam

(makecontinuous 2D x=0-9 y=0-9) Are there any built-in commands to support this?

One way is to loop thru 0-99 and mod. Are there any built-in command to support this? EDIT1 use case: I want to fill...
by hylam Contributor in Splunk Search 11-14-2015
0 2
0
2
hylam

Can I do named capture in transforms.conf FORMAT = ipaddress::$1.$2.$3.$4?

In addition to $1 $2 $3..., does it support (?<namedField>...)? http://docs.splunk.com/Documentation/Splunk/6.3.1/Adm...
by hylam Contributor in Splunk Search 11-13-2015
0 3
0
3
hylam

Can I make a calculated field by regex replace on an existing field?

Can I make this happen automatically? I know I can do it with the rex search command. eval newField=sed(oldField, "s...
by hylam Contributor in Splunk Search 11-13-2015
1 4
1
4
aputz

Difficulty sorting a field by another field

I previously had a query on grouping results from a search and I received a great deal of help in shaping this query....
by aputz Path Finder in Splunk Search 11-13-2015
2 1
2
1
splunkIT

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

For example, I have indexed the following six events and splunk has successfully extracted the fields quite nicely: ...
by splunkIT Splunk Employee Splunk Employee in Splunk Search 11-13-2015
3 4
3
4
jawebb

Why does increasing the time range for a search on 2 indexes give incorrect results in a timechart?

Maybe I'm not understanding the way this works, but I have other searches that use it just fine. The only difference...
by jawebb Explorer in Splunk Search 11-13-2015
0 5
0
5
aneaston

Can I add a field to an event based on data in a separate event?

I have one sourcetype that contains an event for each request to my site. One of the fields (we'll call it 'api') in ...
by aneaston New Member in Splunk Search 11-13-2015
0 4
0
4
ashabc

How can I get top x results and then do stats on top x

I have web page logs that have several fields. The important ones for this are CDN locations x_edge_location and the ...
by ashabc Contributor in Splunk Search 11-13-2015
0 3
0
3
praneethkodali

How do I sum the counts of all the similar values in a field to show as a single item?

Below search command is giving the results as below source="report1447097285313.csv" host="ca2indslogprd02" index="p...
by praneethkodali Explorer in Splunk Search 11-13-2015
0 6
0
6
gschr

How to set the maximum number of displayed values in a chart in Splunk 6.3?

Hi, The following dashboard contains a search that returns more than 1000 values (3600). I want to visualize all of ...
by gschr Path Finder in Splunk Search 11-13-2015
3 9
3
9
prategup1

How to extract this value from pipe delimited fields in Splunk?

Hi All My search results from Splunk look like below 2015-11-13 06:32:33,949|a.abcd|DAS|callabcd():getTime|0.296|SU...
by prategup1 New Member in Splunk Search 11-13-2015
0 1
0
1
ciir

How to use eval function in search in CLI

Hi all, I'm currently trying to run a search within the CLI (which works perfectly on Splunk Web). The search is th...
by ciir Explorer in Splunk Search 11-13-2015
0 1
0
1
ErikaE

How to create bins for _time that start and end on specific hours of the day?

I am attempting to summarize data by a 12 hour reporting period. The reporting periods start/end at 8. My search l...
by ErikaE Communicator in Splunk Search 11-13-2015
0 1
0
1
jlim2003

How to write the regex to extract a field for offset columns?

Hello, I am trying to extract a field that is offset by one column: Event 1: [DT_2.0_REAL][0x80c00002] Event 2: [0x...
by jlim2003 New Member in Splunk Search 11-13-2015
0 2
0
2
edrivera3

How to extract a field name and add it to a fixed string?

Hi How can I extract these fieldnames and values from this event? Step: 0345 Result: Valid Step: 3345 Result: Valid...
by edrivera3 Builder in Splunk Search 11-13-2015
0 10
0
10
IRHM73

Coalesce Function

Hi, I wonder whether someone may be able to help me please. I've been reading the Splunk documentation on the 'coale...
by IRHM73 Motivator in Splunk Search 11-13-2015
1 4
1
4
tonifrommknecht

Is it possible to resolve an IP Address from a URL in the Search & Reporting app?

How do I get the IP from a URL?
by tonifrommknecht Engager in Splunk Search 11-13-2015
0 3
0
3
ronaldsc

How do I edit my stats search with the proper conditions to return the expected result?

Hello All, Quite new to Splunk and hoping someone can help point me in the right direction. I've being trying to fig...
by ronaldsc New Member in Splunk Search 11-13-2015
0 2
0
2
cschmit1

Timechart over one Month 01.-31.

I want to design a new timechart dashboard panel based on a specific search over exact 1 Month (or 30 days) My search...
by cschmit1 Explorer in Splunk Search 11-13-2015
0 7
0
7
Claim a $25 Cisco Store Gift Card
Help us improve the Splunk Community and complete our survey today!
Top Labels
Get Updates on the Splunk Community!

Splunk Enterprise Security(ES) 7.3 is approaching the end of support. Get ready for ...

Hi friends!    At Splunk, your product success is our top priority. With Enterprise Security (ES), we're here ...

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Watch On Demand the Tech Talk, and empower your SOC to reach new heights! Duration: 1 hour  Prepare to ...

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...