Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to monitor Splunk 6.4 performance?

Should be possible to determine the resource in use by each search or dashboard (mem, cpu...)

by Path Finder in

How to search all transactions existing in one payload and not present in another?

Hi, Task: 2 different log files (source types). I want to find all transactions from first payload and check which...

by Engager in

How to group by count with a stacked chart?

I have the following search... index="server_inventory" NOT "OS Name"=enclosure NOT "OS Name"=na NOT "OS Name"=u...

by Explorer in

Is there any tool to automatically format a Splunk search to make it readable?

Hi, Do you know of any tool to beautify/format a Splunk search to make it readable? Thanks.

by Path Finder in

Top values of each span on a timechart

Hi, We want the following search, but for each span of time: index=test_index | chart sum(REQTIME) as reqtime b...

by Path Finder in

How do I add additional fields to my table?

I have a simple table showing the dropped links on my switches: this is generated by the following search: De...

by Path Finder in

A search that makes searches and executes them

So I have this search that I believe makes other searches from a list of regexs that I have stored in a csv. [ | i...

by Explorer in

How to correlate DNS values between 2 indexes?

Dear Splunkers, I have an index with Windows DNS Logs, where I extract the requested record in to a field --> dns ...

by New Member in

How to edit my search to convert epoch _time headers and display all columns instead of combining some results as "Other"?

Hi This is my current search: chart count(TYPE) over TYPE by _time I only get 10-12 columns, the rest is pu...

by Path Finder in

Trying to search by CIDR but getting no results

So I did a search by one IP in this range, and I get matches. My thought was to try searching for any IP in the whole...

by Communicator in

How to use earliest twice in one search (subsearch)?

I want to do something like this: index=* sourcetype=files (earliest="1459455814.788302" filename=hello.exe) OR (e...

by Builder in

Can Splunk be used to search and index web pages

Would like to index web page contents in Splunk. Is this possible?

by New Member in

How to select only specific events from the search to do stats on?

Need a way to select only specific events from the list of events, so here the example I have a query on iis logs whi...

by New Member in

Why is my search not populating the visualization tab with data?

When I run this search, everything runs fine, but I don't understand why my visualization tab does not populate. Does...

by Engager in

How to create a chart with static values from log file?

Hi I have extracted 2 fields from log file & now I have to show a chart based on these 2 values. How can I do that...

by New Member in

Why am I getting this error in the search.log when extracting Hive data in Splunk?

I am getting the below error in the search.log when I am extracting hive data in Splunk. I am using thrift metastore ...

by Path Finder in

How to write a search to only list servers that are sending logs to Splunk with two types of error messages?

Hi, I have server message logs sending to Splunk. Eg 1000 servers sending logs at a time. Wanted to find a way to ...

by New Member in

How do I extract this value from my sample data?

How to extract fdd1895d-63e9-4be2-b78b-ec784b00754f from below: 2016-04-28 15:12:56,939 GMT [transaction_id=201604...

by New Member in

How to extract a value of a field, when the field contains quotes(") Inside?

I have an index with multiple fields, however one of my field could contain multiple quotes. Id="0001", Message="...

by New Member in

need to extract two values from two lines and display as table

I am trying to get two files milli seconds from one line and merchant id from another line from the same tomcat tread...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to monitor Splunk 6.4 performance?

How to search all transactions existing in one payload and not present in another?

How to group by count with a stacked chart?

Is there any tool to automatically format a Splunk search to make it readable?

Top values of each span on a timechart

How do I add additional fields to my table?

A search that makes searches and executes them

How to correlate DNS values between 2 indexes?

How to edit my search to convert epoch _time headers and display all columns instead of combining some results as "Other"?

Trying to search by CIDR but getting no results

How to use earliest twice in one search (subsearch)?

Can Splunk be used to search and index web pages

How to select only specific events from the search to do stats on?

Why is my search not populating the visualization tab with data?

How to create a chart with static values from log file?

Why am I getting this error in the search.log when extracting Hive data in Splunk?

How to write a search to only list servers that are sending logs to Splunk with two types of error messages?

How do I extract this value from my sample data?

How to extract a value of a field, when the field contains quotes(") Inside?

need to extract two values from two lines and display as table

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

On understanding array versus multivalue fields

Combine fields and get average value by other fiel...

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions