Splunk Search

Thread Info

Did folderize stop working?

I had an old Splunk saved search from several versions ago which successfully used folderize. However, when I ran ...

by Path Finder in

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

Hi Team, I would like to know if it is possible in Splunk to trigger a search (with regular expressions), generate...

by Builder in

Trying to find the index of a value within a multivalued field, why is is mvfind on the multivalue field not working?

Hi, I am trying to find the index of a value within a multivalued field. I assume mvfind is the correct eval funct...

by Engager in

I need to track the progress of students over time

Our event lists the answer to one question on a test. Our test numbers are unique to one set of test questions by one...

by New Member in

Can automated lookups be defined on a search head but not pushed to search peers?

I have a 60MB lookup file on my ES search head that is only used for automated lookups against data indexed locally o...

by Explorer in

Is there a way to use regex on a standalone string to pull out each value, then append "field!=" to the front to exclude these values from a search?

I have a large list of values for a field that I would like to exclude from my search. Rather than having a huge sear...

by Path Finder in

How to search two indexes to find if an event in index B does not occur within certain time range of an event in index A?

I hope the following makes sense...I have two indexes for separate application logs, index A and index B. I need help...

by Explorer in

How do I use the "AND" operator or any other way to list all values of a field that have both statuses FAIL and SUCCESS?

I have a search where the transaction status of a policy was set to FAIL. It was processed manually and now it has ch...

by Communicator in

How to search the sum of transactions where the times do not overlap?

I want to be able to show the sum of time that users have had licenses checked out (historically). But if a user has ...

by New Member in

How to combine my two searches for Windows WMI Data (Host, OS, Version, SP and Number of Installed updates) into one report?

Hello, I have two different searches that return the data that I would like to see in one report. However, I am ha...

by Builder in

How to search two events that occurred right before a specific event showing a certain error to analyze what happened?

Hello, When I search for some events (i.e index=main *password fail), I want to get the events with two lines befo...

by Explorer in

Multiple instances of Splunk w/ Boot-start

How can I have multiple splunk instances on linux and use boot-start? The command "./splunk enable boot-start" will o...

by Engager in

How to write a regular expression to filter out any data after a second semi-colon per line?

Hi, I have a file that contains the following format and I wish to only index information before the 1st two semi-...

by Path Finder in

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

Hi guys, I am trying to edit a chart I have to have certain colors corresponding to the data inside. I have 5 serv...

by Communicator in

How do I edit my search to remove duplicates of a field that appear in a table column?

Say I have a table ... host, IP, destinationHostname, Port, count host1 10.10.10.1 desthost1 9999, 33 host1 10.10...

by Contributor in

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

My question is similar to others around extracting new fields, but the answers I've tried to date haven't worked. ...

by Explorer in

can't extract field in json

Hi, I try to extract fields fron this json. I've tried with jsonkv and spath and it looks like that ' does genera...

by Path Finder in

How do index TAB delimited files?

I am looking to read into SPLUNK a tab delimited file. But most of what I see is key based Field Extractions (, space...

by Path Finder in

How to filter out events by regex in transforms.conf?

Hi guys, I'm new to Splunk and I need ur help! I was trying to discard some specific events by regex and failed. ...

by Communicator in

Missing logs on sos index

Hi, we are using the SoS app, basically most of the searches are working. However we have noticed that the index s...

by Communicator in

Count unique values of a field in one result

I have the following result from a simple search: I, [2015-07-23T15:30:39+02:00 (1437658239.654) #38640] INFO -- ...

by Explorer in

How do I run my search to find missing events on 80 Windows Domain Controllers running Splunk 6.1.4?

We have Splunk running on all of our Windows Domain Controller servers (80 of them), but we seem to be missing events...

by New Member in

Why is Search Head "search" performance in a distributed search setup slower than the same search on a single instance?

Hi Everyone, I'm testing a simple setup of a search head on a single 24 core host. The setup basically consists of...

by Path Finder in

Drilldown from Flashchart object

Hey, I have a column flashchart on a dashboard called dash_usage.xml. When I click on a bar(e.g. called User where...

by Motivator in

How to extract these fields from my sample data?

I wanted to extract the below values. Time TakenResponse code in the string - HTTP/1.1" 200 example, I need to kno...

by New Member in

Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.

Splunk Search

Discussions

Did folderize stop working?

Is it possible in Splunk to trigger a search, generate a report, and email it or save the report in some location?

Trying to find the index of a value within a multivalued field, why is is mvfind on the multivalue field not working?

I need to track the progress of students over time

Can automated lookups be defined on a search head but not pushed to search peers?

Is there a way to use regex on a standalone string to pull out each value, then append "field!=" to the front to exclude these values from a search?

How to search two indexes to find if an event in index B does not occur within certain time range of an event in index A?

How do I use the "AND" operator or any other way to list all values of a field that have both statuses FAIL and SUCCESS?

How to search the sum of transactions where the times do not overlap?

How to combine my two searches for Windows WMI Data (Host, OS, Version, SP and Number of Installed updates) into one report?

How to search two events that occurred right before a specific event showing a certain error to analyze what happened?

Multiple instances of Splunk w/ Boot-start

How to write a regular expression to filter out any data after a second semi-colon per line?

How to edit XML to set certain colors for bars in a chart based on percentage values from my data?

How do I edit my search to remove duplicates of a field that appear in a table column?

Trouble reading log lines with large JSON or multiline Java exceptions from slf4j

can't extract field in json

How do index TAB delimited files?

How to filter out events by regex in transforms.conf?

Missing logs on sos index

Count unique values of a field in one result

How do I run my search to find missing events on 80 Windows Domain Controllers running Splunk 6.1.4?

Why is Search Head "search" performance in a distributed search setup slower than the same search on a single instance?

Drilldown from Flashchart object

How to extract these fields from my sample data?

Detecting Brute Force Account Takeover Fraud with Splunk

Buttercup Games: Further Dashboarding Techniques (Part 9)

Buttercup Games: Further Dashboarding Techniques (Part 8)

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...

Splunk Search

Are you a member of the Splunk Community?

Discussions