Splunk Search

Discussions

Thread Info

"Failed to properly initialize the key-value parser for transform_name 'REPORT-wf'. You must define least one delimiter."

I extract various fields using the other delimiter " , Only the admin user can see the fields, but all users are supp...

by Communicator in

Yet another regex question

Hi, I have data that looks like this 127.0.0.1 - dancase@icontrol.com [16/Sep/2016:15:34:57.025 +0000] "GET /en...

by Motivator in

how to fill the missing values to nearest previous non-zero value in streamstat result

Hello, I am using streamstats to produce hourly category accumulate total to date by : ... | bucket _time ...

by Explorer in

How to edit my search to match fields from indexed data with a field in a CSV file to output another corresponding field?

I am trying to match the fields countrycode (An eval field extracted from indexed data) with a field "Code" in a CSV ...

by Communicator in

Why am I getting no results found when creating and searching my field lookups?

I used this document to create my lookup table and define fields http://docs.splunk.com/Documentation/Splunk/6.4.3/Se...

by Communicator in

How do I extract top values by a specific field and have them display along with corresponding fields in a table command?

index=* sourcetype=* host=* | search Event=176 | top limit=20 User| table Location, Event, User, Address, Time I...

by New Member in

Why am I getting no results returned using the Splunk Python SDK to search our Splunk instance?

I'm using the Splunk Python SDK search our Splunk instance. However, I'm not getting any results. Below is the co...

by New Member in

What is the best way to extract URL information from logs?

What would be the fastest way to grab the URLs out of logs in Splunk? I am thinking a regex expression would work, bu...

by New Member in

How to get count of events for each field?

In the following query, I'm trying to display the count of events for each field (bar) from a single field (foo). ...

by Communicator in

How to edit my search to add commas to the numbers and rename the row names?

Hello, I have two questions. 1) In my search below, I am trying to add Commas to the numbers, but the Totals fi...

by New Member in

How to check a value of a field in a subsequent event?

I was wondering if it is possible to check what's the value of a field in the next event. Say I have an index with a ...

by Explorer in

How to use the C# SDK to return a large search result set (5,000,000 rows)?

Hi I have a "Saved Report" (Named- GetIP), which finds unique IP passed through firewall for th Last 30 days. It r...

by Explorer in

Remove duplicate values from a multivalue field

I have an mvfield like contract="C53124 C53124 C67943" and I want to end up with unique values like contract="C53124 ...

by Explorer in

What command should I use to get the average of my entries by hour?

Hi I am new to Splunk so this little operation that would be simple in SQL seems to be real puzzling to me. I g...

by Engager in

Lookups to files larger than max_memtable_bytes report file only contains a header row

With Splunk v5 and v6, I have not been able to get lookups to work with CSV files that are larger than max_memtable_b...

by Path Finder in

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

The following were some events :- [30706/3663031152][Mon Sep 05 2016 03:55:01][CServer.efpp:4719][INFO][sm-Server-...

by Builder in

Why am I unable to find a summary index in search when using index=summary?

I have a saved search in the default summary index and when I use the index=summary in my search box, I cannot find t...

by Explorer in

Why am I getting strange results with the fillnull command when I input a lookup table?

I have a search that looks like: multisearch [search a] [search b] | table field1, field2, field3 | fillnull value...

by Builder in

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

I got a project where I have a csv file with one particular field. Each bar ranges from 200-700 in value. I need to b...

by New Member in

Not able to use Fields, Rename, Table command after Fieldformat command

Hi, I am trying to convert some values with combination of Alphabets, Special Characters and numbers but still wan...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"Failed to properly initialize the key-value parser for transform_name 'REPORT-wf'. You must define least one delimiter."

Yet another regex question

how to fill the missing values to nearest previous non-zero value in streamstat result

How to edit my search to match fields from indexed data with a field in a CSV file to output another corresponding field?

Why am I getting no results found when creating and searching my field lookups?

How do I extract top values by a specific field and have them display along with corresponding fields in a table command?

Why am I getting no results returned using the Splunk Python SDK to search our Splunk instance?

What is the best way to extract URL information from logs?

How to get count of events for each field?

How to edit my search to add commas to the numbers and rename the row names?

How to check a value of a field in a subsequent event?

How to use the C# SDK to return a large search result set (5,000,000 rows)?

Remove duplicate values from a multivalue field

What command should I use to get the average of my entries by hour?

Lookups to files larger than max_memtable_bytes report file only contains a header row

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

Why am I unable to find a summary index in search when using index=summary?

Why am I getting strange results with the fillnull command when I input a lookup table?

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

Not able to use Fields, Rename, Table command after Fieldformat command

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

There's No Place Like Chrome and the Splunk Platform

Customer Experience | Join the Customer Advisory Board!

Using comparison function within mstats

Search to match high temp events, but ignore speci...

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out