Splunk Search

Discussions

Thread Info

Is there a search that a user can execute to view search history

We have a users that would like to see their search history, however this user does not have admin rights and does no...

by Communicator in

Strange search results

Hi, I am currently indexing bash history files. The user and other information are encapsulated in the file name w...

by Path Finder in

Invalid display for custom time search?

Hi, I've tried to do a search based on custom time. For example,I've chosen from the drop down box > Custom tim...

by Contributor in

How to perform a division between subresults

Hi all, I would like to perform the following each result returned by source="wmi:cputime" daysago=30 | wher...

by Explorer in

How can I limt my search results to the first event returned?

How can I limit my search results to the first event returned? I am trying to define a transaction that starts wit...

by Path Finder in

Create semaphore with splunk

Hi all i need to create a graph like a semaphore green between 2 values yellow between other 2 values red over a valu...

by Path Finder in

Combining Multiple Fields in Charting

Given a data set with events that fall into X categories and Y subcategories, can I display a chart that shows a colu...

by Communicator in

Scripted Input failing, runs fine when run manually

Hello, I have a scriped input that is throwing an error: ERROR ExecProcessor - message from ""MyScript.bat"" py...

by Communicator in

datetime.xml filename timestamp !?!

Hello, I am trying to extract the timestamp from the filepath of my log files. I've read and followed variations o...

by Engager in

Is it possible to hide _raw from a search result?

The data I'm sending to my Splunk Index is made of a number of KV records. A subset of a record data looks like: t...

by Splunk Employee in

transaction search: how to determine unresolved "start of problem" events

Hi, In my application, i use a file to store problems: when happen and when resolve. When a problem happen, more t...

by Path Finder in

Wildcarding help in inputs.conf -- controlling directory depth

Inputs.conf: The stanza [monitor:///app/fao/dittradeflow/servers/.../logs] will look at all folders and subfolders wi...

by Path Finder in

Can I make field values case-sensitive?

Is there a way to enforce case-sensitivity on a field by field basis? Example: myid="0ZP0YFS5Rl7pACDD1K002" ...

by Splunk Employee in

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

I have asked almost the same question here. I will try to explain my question better here My command looks like th...

by Path Finder in

Create a field out of matched search strings

So trying to figure out if using rex is the best way to do this. When you search for say "blah one", in the result...

by Communicator in

Timestamp Problem props.conf

Hey, I'm having difficulty getting my Splunk instance to extract the part of the timestamp that I want Splunk to s...

by Motivator in

Group Events Based Solely on Temporal Proximity

Hi all, We have a need to correlate IPS, application, and firewall logs based solely on their timestamps. The r...

by Path Finder in

Replace parts of a string

Hi! I'm trying to replace parts of a string, in order to make it more human-readable. Our logs contains strings like ...

by Path Finder in

Auto-run form Question

Hey, I am trying to produce a form that does not require the use of a search button in order to execute a search a...

by Motivator in

Quotes in CSV-formatted events

I am attempting to add CSV-formatted events to my index through the REST API. I've got it working mostly correctly, b...

by Path Finder in

Splunk Search

Discussions

Is there a search that a user can execute to view search history

Strange search results

Invalid display for custom time search?

How to perform a division between subresults

How can I limt my search results to the first event returned?

Create semaphore with splunk

Combining Multiple Fields in Charting

Scripted Input failing, runs fine when run manually

datetime.xml filename timestamp !?!

Is it possible to hide _raw from a search result?

transaction search: how to determine unresolved "start of problem" events

Wildcarding help in inputs.conf -- controlling directory depth

Can I make field values case-sensitive?

Need to calculate weighted average across columns like addtotals does sum across columns (from chart command)

Create a field out of matched search strings

Timestamp Problem props.conf

Group Events Based Solely on Temporal Proximity

Replace parts of a string

Auto-run form Question

Quotes in CSV-formatted events

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Why does stats via python SDK export returns mult...

Problem at Encoding - Jirra Issues Collector

Insert a heading for 4 rows and give name using HT...

splitting and sending the value from drill down to...

Chart With time as the data points

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >