Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why am I getting error "The events associated with this job have no sourcetype information" trying to extract a field in Hunk?

I am trying to extract a field in Hunk, and I get the following error: The events associated with this job have n...

by Influencer in

How to extract each key=value as a new field from a multikv field at search-time?

At search-time, I've been able to massage my data into a multikv field like so: Is it possible to extract eac...

by New Member in

Is there any thing similar to active list or reference set in Splunk

Hi, I want to push the internal IP address (or host name) in a reference set, whenever I see any communication wi...

by Explorer in

Splunk last 7 days within current month?

Hello, I'm using dd/mm/yyyy date format and results are not correctly sorted if we are dealing with data across mo...

by Motivator in

Trying to create a search that will use the results to feed another search and output the results in a table.

So I have a search that tells me is someones account is locked. I have been asked to create an alert or search that w...

by Communicator in

Json Multi array extraction with changing/missing field name

Hi, I am trying to extract the json fields where one of the fields name can change between "stringValue" or "doubleVa...

by Explorer in

multisite replication factor

I have another site I want to add with 2 indexers and 1 search, same setup as site1. I want to have copies across bot...

by Engager in

fields not showing up from csv source with header in first line.

Hi, I have a csv file which grows every five min. it's proper header fields. But I'm not getting the headers as fi...

by New Member in

Help grouping eval results by City

Hi, My current query is | stats earliest(_time) as first_login latest(_time) as last_login by IP_address User ...

by Path Finder in

How do I only show certain values in a field?

I'm trying to group ldap log values. I have already listed them out from a comma separated value but, I'm having a ha...

by Explorer in

find all events of type X that do not have an event of type Y within 1 minute on either side

I'm new to Splunk and trying to figure out how to find all events of type X that do NOT have an event of type Y withi...

by Explorer in

Search to Provide Days in Hot/WarmDB

In our environment, we have a CIFS share that is used to store all colddb. Warm is rolled to cold when the hot/warm v...

by Builder in

What is the easiest way to format column headers for raw data that is in a list format?

What is the easiest way to get headers on columns for raw data that is in list format? Here is what the raw data look...

by New Member in

How I can create a search with more than one field from specific logs format?

Hello, I have logs in this format: 2016-06-27 21:35:50 (123456789467056149): string11 creating to String12: a1 ...

by New Member in

I have 2 fields i.e. Currency and Amount. I want to convert amount with its associated currency into INR format so that I can sum it up and calculate revenue.

Currency Amount USD 2 INR 3 AED 5 6 8 20 AND SO ON. suppose 2 has currency USD . 3 has currency INR. 5 has currency U...

by Super Champion in

date modifier

Hey guys. I want to find hosts for all time which haven't any messages last 7 days, trying this: index=main sou...

by Communicator in

How to find the timechart of difference value .

I have one field abc which contain values of different parameter and it goes on increasing gradually. I have to add t...

by Explorer in

How to search for users who haven't signed in to an app over the last 30 days.

Hello, I'm trying to figure out the search that would be needed to find any users who haven't logged in to an app...

by Explorer in

Exclude search events for a field containing a specific useragent.

I am attempting to create a sorted count list of useragents that customers are using to browse my website. I want ...

by New Member in

How do I create a stacked bar graph with 2 fields?

Hi, I am trying to create a stacked bar graph, using 2 fields. First field is Level, second field is Urgency. ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting error "The events associated with this job have no sourcetype information" trying to extract a field in Hunk?

How to extract each key=value as a new field from a multikv field at search-time?

Is there any thing similar to active list or reference set in Splunk

Splunk last 7 days within current month?

Trying to create a search that will use the results to feed another search and output the results in a table.

Json Multi array extraction with changing/missing field name

multisite replication factor

fields not showing up from csv source with header in first line.

Help grouping eval results by City

How do I only show certain values in a field?

find all events of type X that do not have an event of type Y within 1 minute on either side

Search to Provide Days in Hot/WarmDB

What is the easiest way to format column headers for raw data that is in a list format?

How I can create a search with more than one field from specific logs format?

I have 2 fields i.e. Currency and Amount. I want to convert amount with its associated currency into INR format so that I can sum it up and calculate revenue.

date modifier

How to find the timechart of difference value .

How to search for users who haven't signed in to an app over the last 30 days.

Exclude search events for a field containing a specific useragent.

How do I create a stacked bar graph with 2 fields?

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Splunk Life | Happy Pride Month!

SplunkTrust | Where Are They Now - Michael Uschmann

How to search multiple strings from lookup and pro...

Help on tstats search?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

Regex field extraction repeating string