Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is it possible to hide _raw from a search result?

The data I'm sending to my Splunk Index is made of a number of KV records. A subset of a record data looks like: t...

by Splunk Employee in

transaction search: how to determine unresolved "start of problem" events

Hi, In my application, i use a file to store problems: when happen and when resolve. When a problem happen, more t...

by Path Finder in

Wildcarding help in inputs.conf -- controlling directory depth

Inputs.conf: The stanza [monitor:///app/fao/dittradeflow/servers/.../logs] will look at all folders and subfolders wi...

by Path Finder in

Can I make field values case-sensitive?

Is there a way to enforce case-sensitivity on a field by field basis? Example: myid="0ZP0YFS5Rl7pACDD1K002" ...

by Splunk Employee in

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

I have asked almost the same question here. I will try to explain my question better here My command looks like th...

by Path Finder in

Create a field out of matched search strings

So trying to figure out if using rex is the best way to do this. When you search for say "blah one", in the result...

by Communicator in

Timestamp Problem props.conf

Hey, I'm having difficulty getting my Splunk instance to extract the part of the timestamp that I want Splunk to s...

by Motivator in

Group Events Based Solely on Temporal Proximity

Hi all, We have a need to correlate IPS, application, and firewall logs based solely on their timestamps. The r...

by Path Finder in

Replace parts of a string

Hi! I'm trying to replace parts of a string, in order to make it more human-readable. Our logs contains strings like ...

by Path Finder in

Auto-run form Question

Hey, I am trying to produce a form that does not require the use of a search button in order to execute a search a...

by Motivator in

Quotes in CSV-formatted events

I am attempting to add CSV-formatted events to my index through the REST API. I've got it working mostly correctly, b...

by Path Finder in

"NOT IN" between two search query

Hi all, i need to select IP address from a search query that "are not" in another search query. How can i do this? th...

by Path Finder in

fschange on auto-rotated config files

So I have an application that auto-rotates its config files every time it is changed, and uses the following structur...

by Communicator in

Limitations with searchmatch() eval function?

Is there any weird issues with using multiple searchmatch() expressions within a single eval command? I have a tra...

by Super Champion in

How can you emulate a sub-subsearch?

Is there anyway of emulating a nested subsearch? I know its sometimes possible to rewrite a search to factor-out a su...

by Super Champion in

Matching both sides of two kv pairs over time

I have a small DTrace app that monitors ARP requests and replies, producing output like this: 2010 Sep 1 03:10:0...

by Path Finder in

Use date_hour date_minute for charting

Hi everyone. I'm trying to use the date_hour and date_minute fields (which reads perfectly the hours and minutes o...

by Explorer in

Search using outer join fails to return all matching events

Search fails to correctly return all matching events when performing outer joins. The search below illustrates the pr...

by Splunk Employee in

How do I configure multi-value fields for RFC 5424-compliant syslog events?

Splunk understands old school BSD-style syslog events effortlessly. For RFC 5424-style events, multiple data structur...

by Splunk Employee in

How do I set the major unit duration to 1 week

In a chart, I need to set major unit to be one week (i.e adjacant tick marks need to be one week apart). How do I do ...

by New Member in

Splunk Search

Discussions

Is it possible to hide _raw from a search result?

transaction search: how to determine unresolved "start of problem" events

Wildcarding help in inputs.conf -- controlling directory depth

Can I make field values case-sensitive?

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

Create a field out of matched search strings

Timestamp Problem props.conf

Group Events Based Solely on Temporal Proximity

Replace parts of a string

Auto-run form Question

Quotes in CSV-formatted events

"NOT IN" between two search query

fschange on auto-rotated config files

Limitations with searchmatch() eval function?

How can you emulate a sub-subsearch?

Matching both sides of two kv pairs over time

Use date_hour date_minute for charting

Search using outer join fails to return all matching events

How do I configure multi-value fields for RFC 5424-compliant syslog events?

How do I set the major unit duration to 1 week

Best of Community @.conf20
Humans That Splunk: Meet Abhishek...
Humans That Splunk: Meet Guiseppe...

Visit our Community Blog >

How to make a new list of values that are in one l...

Strategy to search entire estate for unique server...

Python SDK - mTLS support

help fixing cli search with sourcetype specified

Oracle 12c UNIFIED_AUDIT_TRAIL to syslog server