Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
dmccabe2

How to edit my regex to filter out images in Apache logs from being indexed?

Hi, We have a large amount of data in the Apache log files, and we do not want images to be indexed. How do I match...
by dmccabe2 New Member in Splunk Search 10-30-2015
0 3
0
3
pmcfadden91

How to edit my eval statement to extract values for the current day to find the percentage difference between dates?

Hi, I posted this question before, but was unable to attach the picture later in the thread. I am looking to add a c...
by pmcfadden91 Path Finder in Splunk Search 10-29-2015
0 5
0
5
DDerck

Is search performance affected by number of warm buckets?

I would like to know if search performance could be increased by moving buckets from warm to cold? My main index cont...
by DDerck New Member in Splunk Search 10-29-2015
0 1
0
1
reswob4

How do I edit my search to create a table of all currently logged on VPN users?

So after reviewing a number of Q&As on this site, I created the following search to track currently logged on VPN use...
by reswob4 Builder in Splunk Search 10-29-2015
0 2
0
2
HattrickNZ

How do i assign a value to a variable in a splunk search and then use that variable in the search?

How do i assign a value to a variable in a splunk search and then use that variable in the search? something like v...
by HattrickNZ Motivator in Splunk Search 10-29-2015
0 5
0
5
bharathkumarnec

How to show the count on top of each bar in a bar graph?

Hello All, I have created a bar graph in Splunk, Is there a possibility to show count(numeric value) on top of each ...
by bharathkumarnec Contributor in Splunk Search 10-29-2015
0 1
0
1
omuelle1

I have a search using a field I created and it produces results, but why is an email not sent when I make it an alert?

Hi Splunk Users, I created an alert using a field that I created and I only want to receive alerts where that field ...
by omuelle1 Communicator in Splunk Search 10-29-2015
0 4
0
4
ProudDevil

How to write a Splunk search to group a few lines before and after a matching event?

Hello, I need your help in making a search where I can group lines before and after a matching event in Splunk, same...
by ProudDevil New Member in Splunk Search 10-29-2015
0 4
0
4
raby1996

How do I run these two searches at the same time and compare fields extracted with rex for similarities?

Hello all, I have two searches (shown below) where in the first, I extract two fields Code and Serial, and in the se...
by raby1996 Path Finder in Splunk Search 10-29-2015
0 5
0
5
smudge797

We currently have this search to calculate the percentage of time for a status using transaction, but can it be improved or use stats instead?

We have a way of calculating the percentage of time the status is in the “OK” state by using transaction to find the ...
by smudge797 Path Finder in Splunk Search 10-29-2015
0 2
0
2
rncjq0

Searching failed login data, how do I pull the timestamps into my search results?

My search displays this, but I when I change my search to this to get a clearer picture, I miss the time stamps - thi...
by rncjq0 New Member in Splunk Search 10-29-2015
0 6
0
6
daniel333

Search for logs which are NOT key value

Does anyone have a data curation search that I snag? Looking for logs and values which are not currently done in key ...
by daniel333 Builder in Splunk Search 10-29-2015
0 2
0
2
hqw

how to rename column name based on condition

Hi all, I want to name the column name based on condition as below snapshot, for example, if Q1=A, then rename row 1...
by hqw Path Finder in Splunk Search 10-29-2015
0 2
0
2
smudge797

How to extract fields delimited by semicolons and the last field with variable values from my sample data?

Using Splunk Enterpise 6.2, I'm trying to get the fields extracted using search-time props.conf / transforms.conf and...
by smudge797 Path Finder in Splunk Search 10-28-2015
0 4
0
4
stwong

fields in subsearch not showing all results?

Hi all, I tried to find log entries of same mail using queue id from sendmail log. However, for the same time span...
by stwong Communicator in Splunk Search 10-28-2015
1 14
1
14
digital_alchemy

How do I use regex to search a field for content?

I'm searching for specific GET requests for example: GET /wddyr.php?id=41576619113845C1EE http/1.1 User-Agent: Mozil...
by digital_alchemy Path Finder in Splunk Search 10-28-2015
0 1
0
1
leonheart78

How can I selectively append 0 on an attribute with a value less than 10 digits

Hi there, I'm handling a set of data which in one of the attributes, CustNo is inconsistent. I need to append "0" fo...
by leonheart78 Explorer in Splunk Search 10-28-2015
0 3
0
3
_dave_b

Extract data from an entry that is dependant on data from a different entry

Hello. I'm trying to extract a value from one log entry so I can use it to extract data from another entry, like Ent...
by _dave_b Communicator in Splunk Search 10-28-2015
0 6
0
6
hmdoan

How to run a search only if the format of the passed in ticket number is valid?

I've been struggling with how to use 'if' via eval to determine whether or not to run a search. We only want to run ...
by hmdoan Explorer in Splunk Search 10-28-2015
0 1
0
1
SrinivasaC

Using outputlookup and inputlookup in the same search, why am I getting "The lookup table 'Results.csv' is invalid"?

Hi , Below is my search: < base-search > | outputlookup Results.csv | search inputlookup Results.csv | xyseries col...
by SrinivasaC Path Finder in Splunk Search 10-28-2015
2 9
2
9
preetham2677

After joining 2 tables with just the fields I need, how do I store this new table with the "table" command to use in a different search?

I tried to create a search by joining 2 tables and created a new table with just the fields I need. When I tried to v...
by preetham2677 Engager in Splunk Search 10-28-2015
0 4
0
4
knielsen

How to optimize the performance of my search reporting on how much data was indexed for arbitrary fields?

Hello, I know it's easy and straightforward to get ingestion metrics (how much data was ingested) based on sourcetyp...
by knielsen Contributor in Splunk Search 10-28-2015
0 2
0
2
pdurrer

How to search accounting transactions based on the local date where the event was created, not the reporting user's timezone?

I have accounting transactions from different timezones coming into Splunk via a message queue. These transactions a...
by pdurrer Loves-to-Learn in Splunk Search 10-27-2015
0 1
0
1
keshav1980

I am trying to search for a data that gives a report only from 6 am to 6.30 am everyday. How do I schedule the search?

I am trying to search for a data that gives a report only from 6 am to 6.30 am everyday. How do I set the search?
by keshav1980 New Member in Splunk Search 10-27-2015
0 19
0
19
santorof

Only return single event that has reoccurring field in 1 minute span.

I am trying to create a search that would return results through stats. I have a field called src_ip and I only want ...
by santorof Communicator in Splunk Search 10-27-2015
0 10
0
10
Top Labels
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...