Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
HattrickNZ

Is there a performance advantage of using rex in a search versus saving it as an extracted field?

What is the advantage of using rex in a search V saving it as an extracted field? Example of using rex in a search: ...
by HattrickNZ Motivator in Splunk Search 08-28-2015
0 3
0
3
roshannon

How to extract XML data from mixed content into one field for later use with spath?

I have a mixed output log that contains XML and non-XML data. I am looking to extract the XML data into a field that...
by roshannon New Member in Splunk Search 08-28-2015
0 1
0
1
ctwbear

Is there a way to disable the use of the splunk clean command?

We would like to have the splunk clean command unavailable to our Splunk administrators. The other idea would be to t...
by ctwbear New Member in Splunk Search 08-28-2015
0 2
0
2
ghannemann

How to create a table and align rows for related fields using stats?

Sorry for the lengthy question...... Here is what I am trying to achieve: For a event, containing the following data...
by ghannemann Engager in Splunk Search 08-28-2015
0 4
0
4
mcvr

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

Hi All, source="/export/home/logs/access_log" | rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by status_...
by mcvr New Member in Splunk Search 08-28-2015
0 2
0
2
tkadale

How to pass Time span in Drill Down Graph

I have a parent graph showing maximum swap memory for all hosts. I have a drill down graph showing maximum swap memo...
by tkadale Path Finder in Splunk Search 08-27-2015
3 2
3
2
IRHM73

Why I am unable to accelerate this report?

Hi, I wonder whether someone may be able to help me please. I'm trying to get to grips with 'Report Acceleration' a...
by IRHM73 Motivator in Splunk Search 08-27-2015
1 4
1
4
Murali2888

Use named backreference in the subsequent rex command

Hi All, Can you let me know how we can use a named backreference in the subsequent rex command? That is pass the val...
by Murali2888 Communicator in Splunk Search 08-27-2015
0 2
0
2
twinspop

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

More and more I'm getting reports of bad queries, or queries that don't match results from a separate run. In most ca...
by twinspop Influencer in Splunk Search 08-27-2015
1 4
1
4
alanxu

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Hello, I am trying to create a chart where each row has a different search. I am trying to obtain the completion tim...
by alanxu Communicator in Splunk Search 08-27-2015
0 7
0
7
omuelle1

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

Hi guys, I am fairly new to splunk, and I am trying to get it to monitor a couple of log files on some app servers. ...
by omuelle1 Communicator in Splunk Search 08-27-2015
0 4
0
4
theouhuios

How to chart values over time

Hello What I am trying to do is to literally chart the values over time. Now the value can be anything. It can be a ...
by theouhuios Motivator in Splunk Search 08-27-2015
1 11
1
11
Runals

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

This is designed to be a self answering question based on our experience. We've configured indexer clustering with a...
by Runals Motivator in Splunk Search 08-27-2015
1 1
1
1
kirkbates

How to extract fields of variable length?

I am new to Splunk and am working with DTS Compliant formatted logs generated from Microsoft Network Policy Server an...
by kirkbates New Member in Splunk Search 08-27-2015
0 2
0
2
alanxu

How to create a line graph where for each day, it displays the latest time?

Hello, I extracted the time with the variable TIME. I am trying to create a line graph where it shows the latest tim...
by alanxu Communicator in Splunk Search 08-27-2015
0 27
0
27
szabados

How to search for field values in a subsearch?

Little strange issue I got... I ingest files into an index. I want to add a yes/no field to my events, based on if th...
by szabados Communicator in Splunk Search 08-27-2015
0 3
0
3
hartfoml

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

I segregate my data using indexes for each group. I have a csv with a list of hosts that cross several indexes. I c...
by hartfoml Motivator in Splunk Search 08-27-2015
0 4
0
4
reswob4

Different results same search

So we have both Snort and Sourcefire in our environment. I'm using a simple search to create a table of the top hits...
by reswob4 Builder in Splunk Search 08-27-2015
0 8
0
8
msalaverry

Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table?

Hi, I have this search: host="myhost.com" NOT source=*access_log* AND "SearchA" | timechart span=1d dc(App) as Not...
by msalaverry New Member in Splunk Search 08-27-2015
0 4
0
4
thomas_forbes

How to return more than 10 columns in a table search result?

I have a search that searches for Windows Security Event IDs and displays the results in a table format. The maximum...
by thomas_forbes Communicator in Splunk Search 08-27-2015
0 3
0
3
matt

How can I assign the day of the week to my events?

I'd like to be able to assign the day of the week to my events so I can show my users whatever happens on a Monday. ...
by matt Splunk Employee Splunk Employee in Splunk Search 08-27-2015
1 2
1
2
sam_jacob

How to return a timestamp to an eval?

I'm trying to search by a specific date, so I wanted to return the date to an eval, but when I run it, I get the mess...
by sam_jacob Path Finder in Splunk Search 08-27-2015
0 4
0
4
bgourlie

Normalizing (feature scaling) a datapoint

I have a search and I would like to normalize a data point so that I can use it effectively in conjunction with other...
by bgourlie New Member in Splunk Search 08-27-2015
0 2
0
2
mm977g

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summatio...
by mm977g Explorer in Splunk Search 08-27-2015
0 2
0
2
ewanbrown

How to edit my search to group by multiple values?

I have a search in which I want to return the distinct number of users doing an number of actions b1 - b5 split by pl...
by ewanbrown Path Finder in Splunk Search 08-27-2015
0 1
0
1
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...