Splunk Search

Community Activity

Is it possible to add a textbox as a cell in a Splunk table? Hi Everyone, I want to create a custom table which contains 2 columns: one is the field parameter and other is the v... by nik298 New Member in Splunk Search 11-16-2015 0 1	0	1
How can I use regex with wildcard patterns in a search to capture a host field? Can simple regular expressions be used in searches? I'm trying to capture a fairly simple pattern for the host fiel... by martin_smith Engager in Splunk Search 11-16-2015 1 1	1	1
Why is timechart returning null results if eval returns a value less than 1? I'm finding that timechart is returning null results if my number is less than 1. earliest=-3d latest=-1d sourcetype... by pkeller Contributor in Splunk Search 11-16-2015 0 3	0	3
How to add two REGEXes to transforms.conf? Hi, I need to add two RegEx to transforms.conf and props.conf. If I add one block of code, testing each REGEX indep... by dmccabe2 New Member in Splunk Search 11-16-2015 0 3	0	3
How do I write the same search that populates the "Data Summary"? I need the event data from the "Data Summary" because I need to create a search to find when hosts stop sending logs ... by samir_silva New Member in Splunk Search 11-16-2015 0 2	0	2
How to create an event every second Hello, I have a set of data occurring randomly and I would like to have an event every second. I am able to get that... by clorne Communicator in Splunk Search 11-16-2015 0 10	0	10
How do I filter out a certain field value in a search? Hi Experts, I have a field in a search i.e. Plugin 21156 189 17.68% 74427 60 5.613% 81262 41 3.835% 77572 ... by sumansah SplunkTrust in Splunk Search 11-16-2015 0 2	0	2
Unable to Get Transaction Command to Work Past Three Days Ok so just upgraded my F5 APM (VPN server) in order to support Windows 10. Asked IT people to test on their Windows 1... by davespatz Explorer in Splunk Search 11-15-2015 0 1	0	1
Why am I getting error "The lookup table 'XXX' is invalid" trying to initially populate a kvstore table via outputlookup? First attempt at creating a kvstore lookup to be used by the Search app - initially, at least; I've followed the docu... by malat_UoM Explorer in Splunk Search 11-15-2015 0 4	0	4
After running a search, why am I unable to see an option "Save As" -> Alert? hi, After doing a search, I am unable to see an option "Save As" -> Alert. I have logged in with my User Id. Could ... by rkdasari New Member in Splunk Search 11-15-2015 0 2	0	2
Splunk DB Connect 1: How to edit my dbquery to add Total, Average, and Percentage columns to my results? Hi, I have a DB query as below which displays the results as shown in the attached picture: \| dbquery "PB CSL" lim... by pmcfadden91 Path Finder in Splunk Search 11-15-2015 0 8	0	8
How to map similar extracted fields from Palo Alto logs with similar fields from Check Point OPSEC logs? More than Splunk, this question is related to firewall logs - any help is very much appreciated. Desc: Mapping Key-v... by splunker12er Motivator in Splunk Search 11-15-2015 0 1	0	1
I disabled a transforms.conf stanza in Splunk Web, but why is the regex field extraction still effective? I have disabled the transform stanza in the GUI, but the regex field extractions are still effective. What's wrong? ... by hylam Contributor in Splunk Search 11-15-2015 0 10	0	10
Does the multisearch command have a limit like subsearch? I'm curious about the limit of the multisearch command. subsearch has limits in limits.conf. Is there any limit fo... by Masa Splunk Employee in Splunk Search 11-14-2015 4 2	4	2
How do I convert "3 days 5 hrs 40 min 11 sec" to seconds? 386400+53600+40*60+11=279611 The seconds part is always there. The minutes part exists when duration is at least ... by hylam Contributor in Splunk Search 11-14-2015 1 10	1	10
(makecontinuous 2D x=0-9 y=0-9) Are there any built-in commands to support this? One way is to loop thru 0-99 and mod. Are there any built-in command to support this? EDIT1 use case: I want to fill... by hylam Contributor in Splunk Search 11-14-2015 0 2	0	2
Can I do named capture in transforms.conf FORMAT = ipaddress::$1.$2.$3.$4? In addition to $1 $2 $3..., does it support (?<namedField>...)? http://docs.splunk.com/Documentation/Splunk/6.3.1/Adm... by hylam Contributor in Splunk Search 11-13-2015 0 3	0	3
Can I make a calculated field by regex replace on an existing field? Can I make this happen automatically? I know I can do it with the rex search command. eval newField=sed(oldField, "s... by hylam Contributor in Splunk Search 11-13-2015 1 4	1	4
Difficulty sorting a field by another field I previously had a query on grouping results from a search and I received a great deal of help in shaping this query.... by aputz Path Finder in Splunk Search 11-13-2015 2 1	2	1
Why am I getting inconsistent event counts when using wildcard characters to match event field values? For example, I have indexed the following six events and splunk has successfully extracted the fields quite nicely: ... by splunkIT Splunk Employee in Splunk Search 11-13-2015 3 4	3	4
Why does increasing the time range for a search on 2 indexes give incorrect results in a timechart? Maybe I'm not understanding the way this works, but I have other searches that use it just fine. The only difference... by jawebb Explorer in Splunk Search 11-13-2015 0 5	0	5
Can I add a field to an event based on data in a separate event? I have one sourcetype that contains an event for each request to my site. One of the fields (we'll call it 'api') in ... by aneaston New Member in Splunk Search 11-13-2015 0 4	0	4
How can I get top x results and then do stats on top x I have web page logs that have several fields. The important ones for this are CDN locations x_edge_location and the ... by ashabc Contributor in Splunk Search 11-13-2015 0 3	0	3
How do I sum the counts of all the similar values in a field to show as a single item? Below search command is giving the results as below source="report1447097285313.csv" host="ca2indslogprd02" index="p... by praneethkodali Explorer in Splunk Search 11-13-2015 0 6	0	6
How to set the maximum number of displayed values in a chart in Splunk 6.3? Hi, The following dashboard contains a search that returns more than 1000 values (3600). I want to visualize all of ... by gschr Path Finder in Splunk Search 11-13-2015 3 9	3	9

Get Updates on the Splunk Community!

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

AI is one of the biggest topics in the market today, and for security teams, its value goes far beyond the ...

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

[REGISTER HERE] This thread is for the Community Office Hours session on Detection Engineering Office Hours: ...

Splunk Search

Is it possible to add a textbox as a cell in a Splunk table?

How can I use regex with wildcard patterns in a search to capture a host field?

Why is timechart returning null results if eval returns a value less than 1?

How to add two REGEXes to transforms.conf?

How do I write the same search that populates the "Data Summary"?

How to create an event every second

How do I filter out a certain field value in a search?

Unable to Get Transaction Command to Work Past Three Days

Why am I getting error "The lookup table 'XXX' is invalid" trying to initially populate a kvstore table via outputlookup?

After running a search, why am I unable to see an option "Save As" -> Alert?

Splunk DB Connect 1: How to edit my dbquery to add Total, Average, and Percentage columns to my results?

How to map similar extracted fields from Palo Alto logs with similar fields from Check Point OPSEC logs?

I disabled a transforms.conf stanza in Splunk Web, but why is the regex field extraction still effective?

Does the multisearch command have a limit like subsearch?

How do I convert "3 days 5 hrs 40 min 11 sec" to seconds?

(makecontinuous 2D x=0-9 y=0-9) Are there any built-in commands to support this?

Can I do named capture in transforms.conf FORMAT = ipaddress::$1.$2.$3.$4?

Can I make a calculated field by regex replace on an existing field?

Difficulty sorting a field by another field

Why am I getting inconsistent event counts when using wildcard characters to match event field values?

Why does increasing the time range for a search on 2 indexes give incorrect results in a timechart?

Can I add a field to an event based on data in a separate event?

How can I get top x results and then do stats on top x

How do I sum the counts of all the similar values in a field to show as a single item?

How to set the maximum number of displayed values in a chart in Splunk 6.3?

Deep Dive: Accelerate threat investigation with Splunk’s AI Assistant in Security

Announcing Modern Navigation: A New Era of Splunk User Experience

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation