Splunk Search

Discussions

Thread Info

Why is my automatic lookup not populating a field?

Hi, Usually lookups aren't an issue, but today seems it is. I'm hoping this is just a pebcak  This is the first ...

by Contributor in

Should a search head cluster rolling restart kill searches in Splunk 6.3.0?

I changed alert_actions.conf [email] in an app that is pushed to the Search Head Cluster by the deployer which initia...

by Communicator in

Should we add metadata...?

Hi, I read this blog, which was great. I noticed that the app being mentioned - https://splunkbase.splunk.com/app/...

by Champion in

How to do a lookup on multiple values in a text file on an HTTP URL?

I have a requirement to be implemented in Splunk. Facts: I am a newbie to Splunk. Problem Statement: a. There ...

by Explorer in

How to change the value of a field with information from another field?

Suppose that there is a log with two fields, userName and phoneNumber, the structure is like: userName | phoneNumb...

by New Member in

How do I interpret these Bonnie++ results?

Hi All, I have read a few threads in the Answers forum and in a number of them, it states that Random Seeks == IOP...

by Path Finder in

How to incrementally subtract values to calculate duration

Hi all, I'm running a search which outputs something like this, ( where time_diff is the date the code was loaded,...

by Path Finder in

How to change values in a column based on a value in a different column in the same row?

Hi, I have a requirement: My table data shows like this: ACCNO STATUS TYPE CODE 123 A ...

by Explorer in

How to group by host, then severity, and include a count for each severity?

I know this is probably very trivial to most, but I am a pretty new user. I am struggling quite a bit with a simple t...

by Builder in

What's the difference between host=abc and host::abc

Hi, Was reading some doc (http://docs.splunk.com/Documentation/Splunk/6.4.1/Search/Writebettersearches) and it men...

by Champion in

Why am I unable to convert my addcoltotals value of MB to TB using eval?

Hello Splunk Ninjas I'm trying to convert my addcoltotals of MB to TB using the eval statement which does not work...

by New Member in

How do I get my search to return all associated sessionIDs based on user input with values that can be in 3 different formats?

Hi, I have something like the following which gets logged: sessionId=A,phone=4155550123 sessionId=B,phone=14155...

by Engager in

Transaction with different values of the same field

Hello, I have the log like below : Jun 13 10:18:59 Debug: IID 917966106 done Jun 13 10:18:59 Debug: IID 9179670...

by Contributor in

Help with case statement affected by a transaction

Each of the events in my log files has a data value for example, Data = a I am using a transaction to group my events...

by Engager in

How to count how many times users came?

Data sample : Date;User "2016-04-01 09:31:05";"john.doe@gmail.com "2016-04-01 09:31:06";"jessica.doe@hotmail.com "...

by Motivator in

Help with Rex or RegEx: How do I extract all lines after a string?

So my email using the iMail Mailbox comes in with headers like this. I need everything after the "___________________...

by Communicator in

How to refer to a post-process base search from append subsearch queries in a dashboard?

I have a base search in my dashboard that refers to a scheduled search: <search id="Base_Search" ref="Scheduled_Re...

by Communicator in

How to expand 500 limits event for Transaction command?

When I run transaction command, some transaction may be more than 500 events but splunk split it to a set of 500 even...

by Path Finder in

Why am I unable to make a dashboard from the "Search" App global with error "Could not find writer for : /nobody/search/views/ [0] [E:\Splunk\etc]"?

New to Splunk. Created a custom dashboard using Search App, but it is private. When I am trying to make it Global, I ...

by New Member in

Count the movement (add remove) of hosts

If I add 1 host and remove another host in a month, the stats will be the same and the delta zero but we had movement...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my automatic lookup not populating a field?

Should a search head cluster rolling restart kill searches in Splunk 6.3.0?

Should we add metadata...?

How to do a lookup on multiple values in a text file on an HTTP URL?

How to change the value of a field with information from another field?

How do I interpret these Bonnie++ results?

How to incrementally subtract values to calculate duration

How to change values in a column based on a value in a different column in the same row?

How to group by host, then severity, and include a count for each severity?

What's the difference between host=abc and host::abc

Why am I unable to convert my addcoltotals value of MB to TB using eval?

How do I get my search to return all associated sessionIDs based on user input with values that can be in 3 different formats?

Transaction with different values of the same field

Help with case statement affected by a transaction

How to count how many times users came?

Help with Rex or RegEx: How do I extract all lines after a string?

How to refer to a post-process base search from append subsearch queries in a dashboard?

How to expand 500 limits event for Transaction command?

Why am I unable to make a dashboard from the "Search" App global with error "Could not find writer for : /nobody/search/views/ [0] [E:\Splunk\etc]"?

Count the movement (add remove) of hosts

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...