Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
omuelle1

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

Hi guys, I am fairly new to splunk, and I am trying to get it to monitor a couple of log files on some app servers. ...
by omuelle1 Communicator in Splunk Search 08-27-2015
0 4
0
4
theouhuios

How to chart values over time

Hello What I am trying to do is to literally chart the values over time. Now the value can be anything. It can be a ...
by theouhuios Motivator in Splunk Search 08-27-2015
1 11
1
11
Runals

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

This is designed to be a self answering question based on our experience. We've configured indexer clustering with a...
by Runals Motivator in Splunk Search 08-27-2015
1 1
1
1
kirkbates

How to extract fields of variable length?

I am new to Splunk and am working with DTS Compliant formatted logs generated from Microsoft Network Policy Server an...
by kirkbates New Member in Splunk Search 08-27-2015
0 2
0
2
alanxu

How to create a line graph where for each day, it displays the latest time?

Hello, I extracted the time with the variable TIME. I am trying to create a line graph where it shows the latest tim...
by alanxu Communicator in Splunk Search 08-27-2015
0 27
0
27
szabados

How to search for field values in a subsearch?

Little strange issue I got... I ingest files into an index. I want to add a yes/no field to my events, based on if th...
by szabados Communicator in Splunk Search 08-27-2015
0 3
0
3
hartfoml

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

I segregate my data using indexes for each group. I have a csv with a list of hosts that cross several indexes. I c...
by hartfoml Motivator in Splunk Search 08-27-2015
0 4
0
4
reswob4

Different results same search

So we have both Snort and Sourcefire in our environment. I'm using a simple search to create a table of the top hits...
by reswob4 Builder in Splunk Search 08-27-2015
0 8
0
8
msalaverry

Why is my timechart search producing some events with no _time values and other field values are displaced in the resulting table?

Hi, I have this search: host="myhost.com" NOT source=*access_log* AND "SearchA" | timechart span=1d dc(App) as Not...
by msalaverry New Member in Splunk Search 08-27-2015
0 4
0
4
thomas_forbes

How to return more than 10 columns in a table search result?

I have a search that searches for Windows Security Event IDs and displays the results in a table format. The maximum...
by thomas_forbes Communicator in Splunk Search 08-27-2015
0 3
0
3
matt

How can I assign the day of the week to my events?

I'd like to be able to assign the day of the week to my events so I can show my users whatever happens on a Monday. ...
by matt Splunk Employee Splunk Employee in Splunk Search 08-27-2015
1 2
1
2
sam_jacob

How to return a timestamp to an eval?

I'm trying to search by a specific date, so I wanted to return the date to an eval, but when I run it, I get the mess...
by sam_jacob Path Finder in Splunk Search 08-27-2015
0 4
0
4
bgourlie

Normalizing (feature scaling) a datapoint

I have a search and I would like to normalize a data point so that I can use it effectively in conjunction with other...
by bgourlie New Member in Splunk Search 08-27-2015
0 2
0
2
mm977g

How to create a chart that calculates the time taken by date/time for a distinct step within a process?

Given the below log file, I need to create a chart that shows the time taken for a given step. The time is a summatio...
by mm977g Explorer in Splunk Search 08-27-2015
0 2
0
2
ewanbrown

How to edit my search to group by multiple values?

I have a search in which I want to return the distinct number of users doing an number of actions b1 - b5 split by pl...
by ewanbrown Path Finder in Splunk Search 08-27-2015
0 1
0
1
rupesh_patil20

How I can use the rename command in my search on JSON data?

Hi.. I have json data such as {"result": [ {"EventData.mlsnumber": "1039455", "result": 1}, {"EventDat...
by rupesh_patil20 Path Finder in Splunk Search 08-27-2015
0 1
0
1
gtg

Search problem - not finding results that should be returned from search criteria

We have been running a search that returns results for user and computer account creation. For the past week or so, ...
by gtg New Member in Splunk Search 08-27-2015
0 4
0
4
Ganees

Help with writing Regex?

Can someone please help me to write a regex to get the value "78" value from the below sample data? Destination to ...
by Ganees New Member in Splunk Search 08-27-2015
0 6
0
6
Onuorahc

How can I create a search to run a report on Administrator Accounts that are used to access the internet?

How can I create a search to run a report on Administrator Accounts that are used to access the internet
by Onuorahc New Member in Splunk Search 08-27-2015
0 5
0
5
IRHM73

Why did my results change when I replaced dedup with stats dc in my search?

I wonder whether someone could help me please. I initially used the search below with my results for a given day sho...
by IRHM73 Motivator in Splunk Search 08-27-2015
0 4
0
4
sergiupopescu

How to use inputlookup count of results as a filter for the main search?

So I have a search which pulls the number of servers in a farm that have the "X" application installed on them. Now I...
by sergiupopescu New Member in Splunk Search 08-27-2015
0 2
0
2
avivn

Splunk DB Connect 1: How to use the transaction command with dbquery?

Hi, I am trying to run the transaction command on a SQL query with DB Connect 1. My problem is when I am using the f...
by avivn Explorer in Splunk Search 08-27-2015
0 5
0
5
IRHM73

Unable to Put Together Join Search

Hi, I wonder whether someone may be able to help me please. After reading the Splunk documentation I'm trying to put...
by IRHM73 Motivator in Splunk Search 08-27-2015
0 2
0
2
IRHM73

Sort 0 -_time

Hi, I wonder whether someone could help me please. I've inherited a search with the line sort 0 detail.ref,-_time. ...
by IRHM73 Motivator in Splunk Search 08-27-2015
1 2
1
2
htkwan

Besides latitude, longitude, and the search result values, how do I include the location name in a Splunk 6.2.5 map popup?

Hello, I would like to provide the name of the location, besides the latitude, longitude & values. My search is: ...
by htkwan Path Finder in Splunk Search 08-26-2015
0 3
0
3
Top Labels
Get Updates on the Splunk Community!

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

What Is the Name of the USB Key Inserted by Bob Smith? (BOTS Hint, Not the Answer)

Hello Splunkers,   So you searched, “what is the name of the usb key inserted by bob smith?”  Not gonna lie… ...

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...