Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
strive

Error during Search

Hi, In the home page of our application, a combo box is populated with results from a splunk search. At times, the c...
by strive Influencer in Splunk Search 09-21-2015
0 2
0
2
sk8asd123

How does Splunk decide which rows to display in top if there's a tie?

for example here's the full data: widgets total item1 10 item2 8 item3 8 item4 8 item5 8 item6 4 and you...
by sk8asd123 Engager in Splunk Search 09-20-2015
0 1
0
1
TheRayTracer

Why is the xpath search command not extracting the expected result from my sample XML data?

Hi! I would like to use the xpath search command to extract my test results from daily XML files. I have created the...
by TheRayTracer Explorer in Splunk Search 09-20-2015
0 3
0
3
robertlabrie

timechart count by what values are chosen

If a log is generated every time a user comments on a blog index=bloglog sourcetype=comments | timechart count by us...
by robertlabrie Path Finder in Splunk Search 09-20-2015
0 2
0
2
davespatz

See Gigabytes Added to Each Index in Last 24 hours

Issue: Various internal groups pay for space in Splunk based on their needs. For example, dev teams paid for 40GB's ...
by davespatz Explorer in Splunk Search 09-19-2015
0 2
0
2
sunnyparmar

How to search two different events by two different eventtypes?

Hi, I have two different eventtypes in which I have defined two different events given below: event_attachment cont...
by sunnyparmar Communicator in Splunk Search 09-19-2015
0 6
0
6
samlaw

Splunk apply cluster-bundle not working

Trying to update my cluster bundle and keep getting this? yet splunkd seems to be running? This command [POST /servi...
by samlaw Explorer in Splunk Search 09-19-2015
1 4
1
4
ajdyer2000

deduping one field by another field

Hi I'm very new to Splunk so hopefully this is an easy one. I have 2 Fields server_name and userid. I would like t...
by ajdyer2000 Path Finder in Splunk Search 09-19-2015
0 2
0
2
badrinath_itrs

mvzip multivalue pairs with different cardinality

Hi, I am struggling with xml data in splunk and need help in mvzip command to store multi value pairs with differen...
by badrinath_itrs Communicator in Splunk Search 09-18-2015
1 5
1
5
CoryASE

How do I break apart a field with numeric ranges?

I have a field that I want to break out, something like value [0760-0780] so I can run calculations on those fields. ...
by CoryASE Engager in Splunk Search 09-18-2015
0 1
0
1
SridharS

script for comparing cells

Hi, I have a search query which fetches the result host server1 server1 ...
by SridharS Path Finder in Splunk Search 09-18-2015
0 1
0
1
pj

Do KV store lookups only currently work with numeric and lowercase fields?

It seems that my KV Store lookup only works when the field selected to be looked up is lowercase or numeric. If I hav...
by pj Contributor in Splunk Search 09-18-2015
0 2
0
2
cdo_splunk

How to crossreference the search ID to the search owner and search name ?

How to crossreference the search ID to the search owner and search name? Example if another person created a search a...
by cdo_splunk Splunk Employee Splunk Employee in Splunk Search 09-18-2015
1 4
1
4
jxjackso

Searching for multiple strings

I'm trying to collect all the log info for one website into one query. The site uses two starting url's /dmanager and...
by jxjackso Explorer in Splunk Search 09-18-2015
0 4
0
4
idab

Is there a way I can hard-code a drop-down search to display all virtual machines on my network?

Hello people, Is there a way I can hard-code a drop-down search to display all virtual machines in my network on the...
by idab Path Finder in Splunk Search 09-18-2015
0 4
0
4
Navanitha

Why is my search using curl returning "No results found"?

This is my query and it looks fine to me, but I do not see any output. It just tells me "No results found". Can som...
by Navanitha Path Finder in Splunk Search 09-18-2015
0 2
0
2
akawacz

Are field names always case sensitive and field values not case sensitive?

Hello, Could you tell me what in Splunk is case sensitive? My understanding is: Field values are not case sensitiv...
by akawacz Path Finder in Splunk Search 09-18-2015
1 2
1
2
Amohlmann

Is it possible to autoregress by unique site

I get a series of unique sites sending through the size of Database. I would like to show the growth of their DB to s...
by Amohlmann Communicator in Splunk Search 09-17-2015
0 2
0
2
athorat

Timechart Overlay

I have a dashboard with two different panels showing time chart for the number of events and avg size of those events...
by athorat Communicator in Splunk Search 09-17-2015
0 1
0
1
neiljpeterson

How to use a large search result set to do quick, ad hoc transforming searches from the Search App?

I am not sure if I am even wording this question correctly (which is probably why I didn't find any good results) Wh...
by neiljpeterson Communicator in Splunk Search 09-17-2015
0 7
0
7
sityuages

How to merge events and average based upon specific fields?

First, the background - I have a number of events that are parsed and indexed. The format of the log file is: [times...
by sityuages New Member in Splunk Search 09-17-2015
0 3
0
3
akawacz

Why am I getting different results if I add a where condition in my join subsearch?

Hi, Could you help me understand why, if I do not add the WHERE condition in join section, I will get a different re...
by akawacz Path Finder in Splunk Search 09-17-2015
0 5
0
5
lennys26

How to separate a timestamp into individual fields at index-time (year, month, day, hour, minute)?

Hello. I am having issues with breaking a timestamp field into its components. Currently the field is in the form...
by lennys26 Communicator in Splunk Search 09-17-2015
0 3
0
3
Splunkster45

Sideview Utils: Is there a way to prevent a module from displaying on the dashboard?

I have a search that I (temporarily) no longer want to run on one of my dashboards. Because the search includes a Tim...
by Splunkster45 Communicator in Splunk Search 09-17-2015
0 1
0
1
SridharS

How to change how my table results are displayed by interchanging the rows and columns?

Hi, I have a search based on date. ...search ... earliest=-d@d latest=now | table _time, host, app_version, RAM...
by SridharS Path Finder in Splunk Search 09-17-2015
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...