Splunk Search

Discussions

Thread Info

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

I'm getting the above error message ( 'searchmanager' received some positional argument(s) after some keyword argumen...

by Builder in

How to find the daily average of the time difference between the concurrence of one line and a previous line?

Hi, I have a very simple line of trace which indicates the end of a timer that runs at the completion of an import...

by New Member in

How to prevent a space character from delimiting and truncating my filename field?

Hi folks, I have some new logs coming in, and I took a look at the fieldname that has a Windows filename in it, an...

by Communicator in

Mapping OOID number to OOID name

Hi guys, I currently have a search set up that searches for the most active OOIDs( Organization ID Folder) with th...

by Communicator in

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

We were using an old version of Splunk (ver 5) and have since updated to the ver 6.2.4 and now our failed login attem...

by New Member in

Splunk manage Arduino sensors output messages ?

Is it possible for Splunk to manage "live" Arduinos sensors datas like : Rain Data 1.00mm; 0s; Temp reading = 23.7...

by New Member in

How to create a custom field with values based on the monitors in inputs.conf

Hi, In my inputs.conf I have a number of monitors. I would like to create a custom field called logtypevalue with ...

by Path Finder in

Why does this join not correctly match the data?

Hi, I'm experiencing some strangeness with the following query: index=main_index | dedup _raw | sort _raw | ren...

by Path Finder in

How Can I View IPs That Have NOT Generated Events?

For example, I want to run the following search and have splunk output IPs that do NOT show up in the results. ind...

by Explorer in

Is it possible to get both rare and top results in the same search result table?

Hi, I want to know if it's possible to get rare and top value on the same table search. index=_internal |top l...

by Contributor in

Is there a way to filter out events from search results based on the logged-in Splunk user running the search and specified field values?

I have a requirement to filter out events based on: the USER running the search and FIELD VALUES contained in the ...

by Engager in

How to create a timechart with overlay lines for Mean, Upper Control Limit, Lower Control Limit, and Targets?

Hi, I have a number of timecharts displaying KPIs over the last 30 days. What would be the most efficient way t...

by Contributor in

Error in 'eval' command: The operator at '{}.Instrument' is invalid.

Do you know why I get the following error message? vols{}.Instrument is a valid field but it doesn't like the {}. ...

by New Member in

How can I create a table of results from my XML data?

Given the following event log XML (sample) data: <?xml version="1.0" encoding="utf-8" standalone="no"?> <!--This f...

by Path Finder in

Multiple sums in one graph

This is a followup question to This. http://answers.splunk.com/answers/301144/sum-of-new-events-over-time.html Now...

by Engager in

How to edit my search to group by each month and then group by "Classification"?

Hi Everyone, My apologies for the long message, but I hope this will give enough information about my requirement....

by Explorer in

How to extract data from a multiline field?

Hello, I am trying to extract data from a field ("Files:") that holds multiple lines of data. The lines that I am ...

by Communicator in

After upgrading from Splunk 6.1.1 to 6.19, why am I getting "appear to be running outdated version of search app..." on our search head?

Hi, I just upgraded from 6.1.1 to 6.1.9, and now, in the search head, a message is appearing, telling me that the ...

by Champion in

Initiating Splunk on AWS AMI, why am I getting "Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch. user=admin"

I've initiated an AMI of Splunk on a t2.medium instance, and even before I've actively used it, I get Search not ...

by Explorer in

How do I combine my two searches, using the result from the first search to run the second search?

My 1st search will be like this to get Peak Day and Peak Hour according to hits: earliest="06/08/2015:00:00" lates...

by Communicator in

How to "stats avg(field1) by field2" and display that average in a top limit=20 field2 stats page

I'm working with Alert logs, which spit out log events only if certain SQL queries take longer than a threshold time....

by Explorer in

Search for when "Event X" happens within x hours of "Event Y"

I have this search: ("WARNING: ERROR Message" host=SERVER1) OR (EventCode=1074 Shutdown_Type="*") This shows b...

by Communicator in

Why are field extractions only working for 24 hours or less if the log format hasn't changed?

I have some logs from a media server that are all formatted in a consistent way, making field extraction creation ver...

by Splunk Employee in

Why did my index search cease and I receive a "Maximum Threshold Met" error message?

There is a small group of people in my office using Splunk on their local machine. Two of us have received this messa...

by New Member in

How does one create inline Python scripts for use in Splunk searches?

I am creating a simple script to take a hex(base 16) encoded field and convert it to readable text. For this endeavor...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk Web framework: 'searchmanager' received some positional argument(s) after some keyword argument(s)

How to find the daily average of the time difference between the concurrence of one line and a previous line?

How to prevent a space character from delimiting and truncating my filename field?

Mapping OOID number to OOID name

After upgrading from Splunk 5 to 6.2.4, why is our search on failed login attempts from Windows Event Logs no longer working?

Splunk manage Arduino sensors output messages ?

How to create a custom field with values based on the monitors in inputs.conf

Why does this join not correctly match the data?

How Can I View IPs That Have NOT Generated Events?

Is it possible to get both rare and top results in the same search result table?

Is there a way to filter out events from search results based on the logged-in Splunk user running the search and specified field values?

How to create a timechart with overlay lines for Mean, Upper Control Limit, Lower Control Limit, and Targets?

Error in 'eval' command: The operator at '{}.Instrument' is invalid.

How can I create a table of results from my XML data?

Multiple sums in one graph

How to edit my search to group by each month and then group by "Classification"?

How to extract data from a multiline field?

After upgrading from Splunk 6.1.1 to 6.19, why am I getting "appear to be running outdated version of search app..." on our search head?

Initiating Splunk on AWS AMI, why am I getting "Search not executed: The minimum free disk space (5000MB) reached for /opt/splunk/var/run/splunk/dispatch. user=admin"

How do I combine my two searches, using the result from the first search to run the second search?

How to "stats avg(field1) by field2" and display that average in a top limit=20 field2 stats page

Search for when "Event X" happens within x hours of "Event Y"

Why are field extractions only working for 24 hours or less if the log format hasn't changed?

Why did my index search cease and I receive a "Maximum Threshold Met" error message?

How does one create inline Python scripts for use in Splunk searches?

Can’t make it to .conf25? Join us online!

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Calling All Security Pros: Ready to Race Through Boston?

Beyond Detection: How Splunk and Cisco Integrated Security Platforms Transform ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!