Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
IRHM73

Why I am unable to accelerate this report?

Hi, I wonder whether someone may be able to help me please. I'm trying to get to grips with 'Report Acceleration' a...
by IRHM73 Motivator in Splunk Search 08-27-2015
1 4
1
4
Murali2888

Use named backreference in the subsequent rex command

Hi All, Can you let me know how we can use a named backreference in the subsequent rex command? That is pass the val...
by Murali2888 Communicator in Splunk Search 08-27-2015
0 2
0
2
twinspop

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

More and more I'm getting reports of bad queries, or queries that don't match results from a separate run. In most ca...
by twinspop Influencer in Splunk Search 08-27-2015
1 4
1
4
alanxu

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Hello, I am trying to create a chart where each row has a different search. I am trying to obtain the completion tim...
by alanxu Communicator in Splunk Search 08-27-2015
0 7
0
7
omuelle1

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

Hi guys, I am fairly new to splunk, and I am trying to get it to monitor a couple of log files on some app servers. ...
by omuelle1 Communicator in Splunk Search 08-27-2015
0 4
0
4
theouhuios

How to chart values over time

Hello What I am trying to do is to literally chart the values over time. Now the value can be anything. It can be a ...
by theouhuios Motivator in Splunk Search 08-27-2015
1 11
1
11
Runals

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

This is designed to be a self answering question based on our experience. We've configured indexer clustering with a...
by Runals Motivator in Splunk Search 08-27-2015
1 1
1
1
kirkbates

How to extract fields of variable length?

I am new to Splunk and am working with DTS Compliant formatted logs generated from Microsoft Network Policy Server an...
by kirkbates New Member in Splunk Search 08-27-2015
0 2
0
2
alanxu

How to create a line graph where for each day, it displays the latest time?

Hello, I extracted the time with the variable TIME. I am trying to create a line graph where it shows the latest tim...
by alanxu Communicator in Splunk Search 08-27-2015
0 27
0
27
szabados

How to search for field values in a subsearch?

Little strange issue I got... I ingest files into an index. I want to add a yes/no field to my events, based on if th...
by szabados Communicator in Splunk Search 08-27-2015
0 3
0
3
hartfoml

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

I segregate my data using indexes for each group. I have a csv with a list of hosts that cross several indexes. I c...
by hartfoml Motivator in Splunk Search 08-27-2015
0 4
0
4
reswob4

Different results same search

So we have both Snort and Sourcefire in our environment. I'm using a simple search to create a table of the top hits...
by reswob4 Builder in Splunk Search 08-27-2015
0 8
0
8
msalaverry

Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table?

Hi, I have this search: host="myhost.com" NOT source=*access_log* AND "SearchA" | timechart span=1d dc(App) as Not...
by msalaverry New Member in Splunk Search 08-27-2015
0 4
0
4
thomas_forbes

How to return more than 10 columns in a table search result?

I have a search that searches for Windows Security Event IDs and displays the results in a table format. The maximum...
by thomas_forbes Communicator in Splunk Search 08-27-2015
0 3
0
3
matt

How can I assign the day of the week to my events?

I'd like to be able to assign the day of the week to my events so I can show my users whatever happens on a Monday. ...
by matt Splunk Employee Splunk Employee in Splunk Search 08-27-2015
1 2
1
2
sam_jacob

How to return a timestamp to an eval?

I'm trying to search by a specific date, so I wanted to return the date to an eval, but when I run it, I get the mess...
by sam_jacob Path Finder in Splunk Search 08-27-2015
0 4
0
4
bgourlie

Normalizing (feature scaling) a datapoint

I have a search and I would like to normalize a data point so that I can use it effectively in conjunction with other...
by bgourlie New Member in Splunk Search 08-27-2015
0 2
0
2
mm977g

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summatio...
by mm977g Explorer in Splunk Search 08-27-2015
0 2
0
2
ewanbrown

How to edit my search to group by multiple values?

I have a search in which I want to return the distinct number of users doing an number of actions b1 - b5 split by pl...
by ewanbrown Path Finder in Splunk Search 08-27-2015
0 1
0
1
rupesh_patil20

How I can use the rename command in my search on JSON data?

Hi.. I have json data such as {"result": [ {"EventData.mlsnumber": "1039455", "result": 1}, {"EventDat...
by rupesh_patil20 Path Finder in Splunk Search 08-27-2015
0 1
0
1
gtg

Search problem - not finding results that should be returned from search criteria

We have been running a search that returns results for user and computer account creation. For the past week or so, ...
by gtg New Member in Splunk Search 08-27-2015
0 4
0
4
Ganees

Help with writing Regex?

Can someone please help me to write a regex to get the value "78" value from the below sample data? Destination to ...
by Ganees New Member in Splunk Search 08-27-2015
0 6
0
6
Onuorahc

How can I create a search to run a report on Administrator Accounts that are used to access the internet?

How can I create a search to run a report on Administrator Accounts that are used to access the internet
by Onuorahc New Member in Splunk Search 08-27-2015
0 5
0
5
IRHM73

Why did my results change when I replaced dedup with stats dc in my search?

I wonder whether someone could help me please. I initially used the search below with my results for a given day sho...
by IRHM73 Motivator in Splunk Search 08-27-2015
0 4
0
4
sergiupopescu

How to use inputlookup count of results as a filter for the main search?

So I have a search which pulls the number of servers in a farm that have the "X" application installed on them. Now I...
by sergiupopescu New Member in Splunk Search 08-27-2015
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...
Top Solution Authors
View All