Splunk Search

Community Activity

How to search for an event that happened within 5 minutes of its previous occurrence and display both events in the results? I'm using this search to find an event that happened within 5 minutes of its previous occurrence: ... \| reverse \| s... by NimrodSky Explorer in Splunk Search 09-17-2015 0 2	0	2
Why does my outputlookup search to truncate a lookup file work from the search bar, but not as a scheduled search?? Greetings I record hourly traffic information of a web app in a lookup file (say myTraffic.csv) from which I update ... by aseid New Member in Splunk Search 09-17-2015 0 6	0	6
How can I get a result of saved search with loadjob How can I get a result of saved search with loadjob I'm confused with loadjob. I have a saved search called "Splun... by Masa Splunk Employee in Splunk Search 09-17-2015 0 3	0	3
Creating checkboxes to check multiple severity values to update a report, how do I get the value ">5" to produce results? Hi Team, I am trying to create a checkbox for severity with values 1,2,3,4 and >4. I need to check multiple checkbox... by jyothishtj New Member in Splunk Search 09-17-2015 0 2	0	2
How can I search for an event that occurred within five minutes from the last time it happened? Hi, I need to run a search on an event that will return the occasions where this event happened within 5 minutes of ... by NimrodSky Explorer in Splunk Search 09-17-2015 0 4	0	4
Cont=f not sticking in Saved Searches After adding cont=f to my search I'm able to get the results I want but when I save the search and run it from the Sa... by wbordeau Explorer in Splunk Search 09-16-2015 0 5	0	5
How to edit my search to combine 2 rows to 1 row My search string: sourcetype="AAA"\|table _time event_iduser Results: 9/10/2015 23:24 303 user1 9/10/2015 21:50 302... by AllenZhang Explorer in Splunk Search 09-16-2015 0 4	0	4
How to only return results where values for a field in one search (subsearch) are NOT found in another search? Hello all, I'm somewhat new to Splunk as a consistent user and am trying to master the magic of subsearches. I co... by jclemons7 Path Finder in Splunk Search 09-16-2015 0 3	0	3
iostat data into splunk and searching Hello. I have my indexers indexing the results of iostat every few minutes. rrqm/s wrqm/s r/s w/... by Bryan_Rye New Member in Splunk Search 09-16-2015 0 2	0	2
Extract fields from single event(s) consisting of mutiple lines I have a csv file that has only one column without any header. The data set includes values for userid, property1, pr... by ashabc Contributor in Splunk Search 09-16-2015 0 6	0	6
Getting error "Error in 'chart' command: The argument ' ' is invalid." when using "chart-count-over-by" clause in chart with post-process search Hi, In my dashboard I have a base search and three charts as below: <dashboard> <search id="baseSearch"> <que... by ishangajera Explorer in Splunk Search 09-16-2015 0 13	0	13
How do I add an eventtype to my search How do I add an eventtype to a search? index=rgs_windows sourcetype=process_details instance != "Idle" instance !="... by vrmandadi Builder in Splunk Search 09-16-2015 0 5	0	5
Is it possible to create an Automatic Lookup with partial match using a wildcard? HI all, Is it possible to create an automatic lookup with a partial match? This means in the lookup table is "user*... by DrFedtke Explorer in Splunk Search 09-16-2015 0 1	0	1
How to extract fields from an index that do not match with values in a lookup table? Hi All, I am trying to write a search for extracting fields which are not matching with the lookup file or table. Fo... by avis1119 New Member in Splunk Search 09-16-2015 0 3	0	3
Passing required fields from a subsearch to main search as well non-matched values I have two different sources source 1 and source 2. Source2 has the field called uri and source1 has the field calle... by amendon New Member in Splunk Search 09-16-2015 0 9	0	9
How to change the color of columns on a bar chart based on a value? I have the following search: index="commercial_performance" $month_token$ Cat1="Efficiency Variance *" Value!="withi... by deanamite91 Explorer in Splunk Search 09-16-2015 0 2	0	2
How to find failed Logons by IP Address and by Username? Hi all, I have some dashboard requirements to be created in "search & reporting app": failed logons by IPAddressfai... by Maheshparsi Explorer in Splunk Search 09-16-2015 0 1	0	1
Regex to extract fields from CSV file based on number of delimiters? Hi, I have two types of logs: Log1: Jun 18 14:10:57 lec05674568 ABC[455135]: 2015-06-18 14:10:57;indexserver;lec0... by nancylawrence00 Explorer in Splunk Search 09-15-2015 1 16	1	16
If the main search source _time uses DateFieldA and the subsearch source _time uses DateFieldB, how will using the time range picker affect my search results? Hi Experts, The case is: I have 2 join clauses where the source of _time on the first search uses date_created, whil... by imanpoeiri Communicator in Splunk Search 09-15-2015 0 10	0	10
How to track the state of an object in Splunk for use in grouping events? I am trying to figure out how we can track the state of some object in Splunk and use that state to group the objects... by motobeats Path Finder in Splunk Search 09-15-2015 0 2	0	2
How to increase the maximum number of real-time searches I am trying to do a stress test on a new server in a fresh Splunk environment. I would like to increase the number o... by Bliide Path Finder in Splunk Search 09-15-2015 0 2	0	2
How to create a new column in my table showing the sum of FieldA by FieldB? HI My data Quarter Type Amount 2014q1 a 100 2014q1 b 200 2015q2 a 100 2015q2 b ... by akawacz Path Finder in Splunk Search 09-15-2015 0 7	0	7
How to rename an index or move everything we have in the main index into another index? Splunk 6.2.3 on RHEL6. We are growing and I would like to have some consistency in our index naming convention. So, I... by ralphw_SAIC Path Finder in Splunk Search 09-15-2015 1 7	1	7
How to create a drilldown from my dashboard table to an external URL that has to pick the hostname of the URL from the table? Hi Experts, I want to drilldown from my table in the dashboard to an external URL for which has to pick the hostname... by krishnarajapant Path Finder in Splunk Search 09-15-2015 0 4	0	4
How to skip events in a search? Hi splunkers, Problem: We have quite big database with events ( ~3 millions events / month), so search works not t... by fsbmain Engager in Splunk Search 09-15-2015 0 3	0	3

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Observability Simplified: Combining User Experience, Application Performance & ...

Tech Talk Observability Simplified: Combining User Experience, Application Performance & Network ...

Event Series May & June: From Network Visibility to Service Intelligence

Unifying the Network: Moving from Alert Noise to Service Intelligence with Splunk ITSI In today’s hybrid ...

Splunk Search

How to search for an event that happened within 5 minutes of its previous occurrence and display both events in the results?

Why does my outputlookup search to truncate a lookup file work from the search bar, but not as a scheduled search??

How can I get a result of saved search with loadjob

Creating checkboxes to check multiple severity values to update a report, how do I get the value ">5" to produce results?

How can I search for an event that occurred within five minutes from the last time it happened?

Cont=f not sticking in Saved Searches

How to edit my search to combine 2 rows to 1 row

How to only return results where values for a field in one search (subsearch) are NOT found in another search?

iostat data into splunk and searching

Extract fields from single event(s) consisting of mutiple lines

Getting error "Error in 'chart' command: The argument ' ' is invalid." when using "chart-count-over-by" clause in chart with post-process search

How do I add an eventtype to my search

Is it possible to create an Automatic Lookup with partial match using a wildcard?

How to extract fields from an index that do not match with values in a lookup table?

Passing required fields from a subsearch to main search as well non-matched values

How to change the color of columns on a bar chart based on a value?

How to find failed Logons by IP Address and by Username?

Regex to extract fields from CSV file based on number of delimiters?

If the main search source _time uses DateFieldA and the subsearch source _time uses DateFieldB, how will using the time range picker affect my search results?

How to track the state of an object in Splunk for use in grouping events?

How to increase the maximum number of real-time searches

How to create a new column in my table showing the sum of FieldA by FieldB?

How to rename an index or move everything we have in the main index into another index?

How to create a drilldown from my dashboard table to an external URL that has to pick the hostname of the URL from the table?

How to skip events in a search?

Announcing Modern Navigation: A New Era of Splunk User Experience

Observability Simplified: Combining User Experience, Application Performance & ...

Event Series May & June: From Network Visibility to Service Intelligence

Datamodel summaries not visible

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

Splunk Search

Join the Conversation