Splunk Search

Discussions

Thread Info

inputlookup not returning all rows

I have a csv file as a lookup, named "resources.csv." Looking at the actual file, it has about 30,000 lines. In the S...

by Path Finder in

How do I edit my timechart search to show all requested data?

I am running the following search: index=_internal source=*metrics.log earliest=07/01/2015:00:00:0 latest=08/10/...

by Builder in

Why am I getting "Regex: missing terminating ] for character class" with my line breaking configuration?

Hi, I am testing a feed, and it appears to be working properly, but I'm getting a "Regex: missing terminating ] fo...

by Champion in

How do I extract the date from the file name itself

I need to extract date from the log file name as my logs only have a timestamp and no date available. The date for...

by Explorer in

How do I delete events in one index that exist in another?

I've read up on delete and am familiar with the implications, but I'm having trouble figuring out how to mark events ...

by Path Finder in

Obtaining statistics for messages with different ID's

I have logs from two apps to analyze. General a session of app interaction (as it is represented in logs) looks like ...

by Engager in

How to add a row into table?

How can I add a row into a table either manually or through a look-up table? I would like to insert the row right bel...

by Explorer in

How do I edit this regex for proper field extraction dealing with both single and double spaces?

Having issues getting field extraction on Cisco ASA lines to work consistently without getting invalid information. F...

by Path Finder in

How to export dashboard charts with a statistics table of the values below?

I have a dashboard with pie chart, line charts etc., I can see the values by hovering the mouse on the charts. If I e...

by New Member in

Will Lookaheads/Lookbehinds Hurt Search Performance?

I have an index which processes around 10 million events per day. I did a few field extractions which had lookaheads ...

by SplunkTrust in

How to join two searches by closest time fields in my two indexes, not using the _time field?

Hi all, I am going to simplify my problem. I have two indexes with the following variables: index 1: time_in us...

by Engager in

After upgrading from Splunk 5 to 6.2.4, why are some searches that use a macro with a lot of eval case branches running 10 to 20 times slower?

Hello, Since we upgraded from Splunk 5 to Splunk 6.2.4, some of our searches run 10 to 20 times slower than before...

by Contributor in

How do I write a search to display a table with the count of each value for a field?

Hello, My data looks like: I currently have this search: source=myapp test123 | stats count by type T...

by Communicator in

How to configure props.conf and transforms.conf to filter out a Windows eventcode?

Hi guys, I am ingesting Windows event logs including event code 5156 which is chewing up a lot of license. I have ...

by Communicator in

How to edit my search to get a count of FieldA per FieldB and per FieldC where the number of FieldB is greater than 3?

Good afternoon and happy monday! I'm working on trying to figure out a way to do the following : Count of vulnera...

by Path Finder in

Change destination search clicking on a pie report

Hi all, i need to change the destination of a report when clicking on the pie slice of a pie report. the query tha...

by Path Finder in

How to display logs that have the same _time value from two different fields?

Hello everyone, I have been looking for an answer all over the forum and documentation, but it still won't work.. ...

by Engager in

How to edit my current rex search to extract path names?

Hi everyone, I have a problem building an SPL query with the regular expression: This is an example of my data...

by Communicator in

How to combine two searches into one and display a table with the results of search1, search2, and the difference between both results?

Hi, I've got two distinct searches producing tables for each, and I'd like to know if I can combine the two in one...

by Communicator in

How to order the bars within each time segment of a timechart (bar style) by the sum of the field from largest to smallest?

I am trying to order the bars within each time segment from largest to smallest? is there a way of doing it?

by Path Finder in

Custom calculated Field-Extraction

Hi, I have a data of the form: Source,Date,Time Source1,20120904,000000 Source3,20120904,000000 Source1,20120904,0...

by Communicator in

Calculating the time difference between fields, how do I properly convert the resulting value to a human readable format?

Hi all. I have two fields, in with values like 2015-08-04 05:52:42 and out with values like "2015-08-04 06:18:30" ...

by Builder in

Using the transaction command, why are events from the same directory not collated when they took place at the same time?

I am using the transaction command, but the events are not collated when they took place at the same time and directo...

by Path Finder in

How to plot durations in a stacked area chart?

Hey, I'm a first time user and I'd like to use splunk for observing performance issues in an application. We want...

by New Member in

How can I chart the numbers from these two strings in my data into one graph?

Hello community, I have a string .net clearing cache request for user took this many miliseconds: and .net clearin...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

inputlookup not returning all rows

How do I edit my timechart search to show all requested data?

Why am I getting "Regex: missing terminating ] for character class" with my line breaking configuration?

How do I extract the date from the file name itself

How do I delete events in one index that exist in another?

Obtaining statistics for messages with different ID's

How to add a row into table?

How do I edit this regex for proper field extraction dealing with both single and double spaces?

How to export dashboard charts with a statistics table of the values below?

Will Lookaheads/Lookbehinds Hurt Search Performance?

How to join two searches by closest time fields in my two indexes, not using the _time field?

After upgrading from Splunk 5 to 6.2.4, why are some searches that use a macro with a lot of eval case branches running 10 to 20 times slower?

How do I write a search to display a table with the count of each value for a field?

How to configure props.conf and transforms.conf to filter out a Windows eventcode?

How to edit my search to get a count of FieldA per FieldB and per FieldC where the number of FieldB is greater than 3?

Change destination search clicking on a pie report

How to display logs that have the same _time value from two different fields?

How to edit my current rex search to extract path names?

How to combine two searches into one and display a table with the results of search1, search2, and the difference between both results?

How to order the bars within each time segment of a timechart (bar style) by the sum of the field from largest to smallest?

Custom calculated Field-Extraction

Calculating the time difference between fields, how do I properly convert the resulting value to a human readable format?

Using the transaction command, why are events from the same directory not collated when they took place at the same time?

How to plot durations in a stacked area chart?

How can I chart the numbers from these two strings in my data into one graph?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Help generating table

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...