Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
pmccomb

Comparing two string values

I have email address' that are used as user names in two different source types in two different indices. I am tryi...
by pmccomb Explorer in Splunk Search 11-18-2015
0 8
0
8
akawacz

How to write a search to find the difference between values in multiple fields?

Hello, I would like to find the difference between values in a couple of fields for two months. I figured out how t...
by akawacz Path Finder in Splunk Search 11-18-2015
0 3
0
3
howyagoin

LDAP queries (not authentication) via Splunk (lookup? something else?)

Hi, Obviously Splunk has some native understanding of LDAP for authentication, but my desire is to use it to look up...
by howyagoin Contributor in Splunk Search 11-18-2015
2 2
2
2
lassel

How to swap out the underlying search in a dashboard for a table drilldown using Simple XML?

Hi, I want to do this, but I'd prefer to do it in Simple XML. Is it possible? http://docs.splunk.com/Documentation/S...
by lassel Communicator in Splunk Search 11-18-2015
0 2
0
2
steenbergend

How do I calculate the square root of a summed field?

Hello, I'm trying to solve for a standard error formula in the number of observations I have for all hbss dlp events...
by steenbergend New Member in Splunk Search 11-17-2015
0 2
0
2
splunker1981

How do I write the regex to extract these values from my sample data?

Evening Splunk experts, I am stuck trying to perform an extraction. I am using the built-in tool, but it keeps gene...
by splunker1981 Path Finder in Splunk Search 11-17-2015
0 7
0
7
rlaan

Why is my keyword search unable to find all matches in events?

I am experiencing a problem with finding logs using keyword searching for anomalies in log files. The search string b...
by rlaan Path Finder in Splunk Search 11-17-2015
0 3
0
3
bruceclarke

How to issue a search from a dashboard panel with inputs to populate an index?

I have an HTML panel and custom javascript on my dashboard. The panel has a few inputs that I want the user to popula...
by bruceclarke Contributor in Splunk Search 11-17-2015
0 1
0
1
br0dy

How to find which hosts a particular user has logged in to?

I'm trying to find which hosts a particular user has logged in to. I have the user's name, but I cannot figure out th...
by br0dy New Member in Splunk Search 11-17-2015
0 2
0
2
ciir

How to define the table column order in CLI searches

Hi @ all, I'm using this search: sourcetype=wineventlog:system (EventCode=20001) | table _time, EventCode, Computer...
by ciir Explorer in Splunk Search 11-17-2015
0 7
0
7
k2skaterii

Why are fields not being extracted from my iis logs

I am running version 6.3.0 on my indexer and all my universal forwarders. I'm currently trying to get things configu...
by k2skaterii Path Finder in Splunk Search 11-17-2015
0 3
0
3
edlam

Splunk search over 11 million records is very slow. How can I improve its performance?

I ran below search over 11 millions record to plot a graph:- sourcetype="syslog" | search query: | timechart count b...
by edlam New Member in Splunk Search 11-17-2015
0 3
0
3
pinalshah341

Why is my search with multiple rex commands resulting in repetitive values instead of distinct results?

I have a search: index="production" [search source="port-120" "Decision Received: REJECT"| fields x_reqid] | rex fi...
by pinalshah341 Loves-to-Learn in Splunk Search 11-16-2015
0 4
0
4
jcrombie

Why can't I get geostats in Splunk 6.3 to create a map from latitude and longitude values extracted in a search?

Using Splunk 6.3 I have a search that extracts from JSON from a log entry (packed as log4j), then rex out a Lat Long...
by jcrombie New Member in Splunk Search 11-16-2015
0 3
0
3
BrandSentiment

How do I divide multiple values in a field into new separate fields at search-time?

I have created a delim operator as follows: | makemv delim="," TONE which returns the following values in the TO...
by BrandSentiment Explorer in Splunk Search 11-16-2015
0 3
0
3
aniketb

How do I edit my search to find what version of a product users are on?

My logs have the following info: userid, version, timestamp What is the best way to get a report of what product ve...
by aniketb Path Finder in Splunk Search 11-16-2015
0 2
0
2
slatta

How do I join on a specific field?

I have many events, but only want to select those that have the same docId in order to compare the Durations of 2 dif...
by slatta Explorer in Splunk Search 11-16-2015
0 1
0
1
pc1234

how can i determine which events contain values that are > the avg value for all the events?

how can i determine which events contain values that are > the avg value for all the events? I'd also like to count ...
by pc1234 Explorer in Splunk Search 11-16-2015
0 1
0
1
vad34

How do I configure user role permissions to restrict a user to only search a certain index?

Hello All, I have restricted search for each index for each user. When I try to search with user1, I can see events ...
by vad34 Path Finder in Splunk Search 11-16-2015
0 2
0
2
nik298

Is it possible to add a textbox as a cell in a Splunk table?

Hi Everyone, I want to create a custom table which contains 2 columns: one is the field parameter and other is the v...
by nik298 New Member in Splunk Search 11-16-2015
0 1
0
1
martin_smith

How can I use regex with wildcard patterns in a search to capture a host field?

Can simple regular expressions be used in searches? I'm trying to capture a fairly simple pattern for the host fiel...
by martin_smith Engager in Splunk Search 11-16-2015
1 1
1
1
pkeller

Why is timechart returning null results if eval returns a value less than 1?

I'm finding that timechart is returning null results if my number is less than 1. earliest=-3d latest=-1d sourcetype...
by pkeller Contributor in Splunk Search 11-16-2015
0 3
0
3
dmccabe2

How to add two REGEXes to transforms.conf?

Hi, I need to add two RegEx to transforms.conf and props.conf. If I add one block of code, testing each REGEX indep...
by dmccabe2 New Member in Splunk Search 11-16-2015
0 3
0
3
samir_silva

How do I write the same search that populates the "Data Summary"?

I need the event data from the "Data Summary" because I need to create a search to find when hosts stop sending logs ...
by samir_silva New Member in Splunk Search 11-16-2015
0 2
0
2
clorne

How to create an event every second

Hello, I have a set of data occurring randomly and I would like to have an event every second. I am able to get that...
by clorne Communicator in Splunk Search 11-16-2015
0 10
0
10
Top Labels
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

    Thursday, July 9, 2026  |  11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Upgrade Prep for 10.4, Network Observability Deep Dives, and More from Splunk Lantern

Splunk Lantern is Splunk’s customer success center that provides practical guidance from Splunk experts on key ...