Splunk Search

Discussions

Thread Info

What are these db_* files in the index directory? Can these be safely moved somewhere else without restarting Splunk?

Hi, In one of my index directories: CreationTime db_1428308275_1420532289_1 db_1432097800_1428308291_0 db...

by Path Finder in

Splunk is translating IP addresses incorrectly using the iplocation command. How do I report this bug?

When performing IPLocation on a set of login IPs and trying to find outlying data, I notice that Splunk is translatin...

by Explorer in

How to multiply all numbers in a multivalue field

I am trying to find the rate at which parts fail. Parts send me a message every x amount of time. If I do not get a m...

by Communicator in

How can I manually change badly formatted data using a search with regex to replace all \" with just a single quote " ?

I have messed up log data for a specific type of event, and I wanted to fix it manually. Basically, when the data was...

by Path Finder in

How to extract fields with a trailing space after the delimiter character "=" (ex: Code= 999)?

Hi All, I have a snippet as below : requestId="8b749da4-2996-437f-954d-2b679cd3239b" Transaction Id= 1234, A...

by New Member in

how can we add a condition of selection in sql query using db_connect and field input

hi every one, how can we add a condition of selection in sql query using db_connect . what I want to do is to cre...

by Communicator in

How to write the regex to extract the error code from my sample log?

How can I find all the error codes from the logs and show it as interesting field? e.g. Message : Information with I...

by New Member in

DBConnect Acceleration

I am currently going through an exercise where we are trying to leverage Splunk for Reporting against our Remedy (Hel...

by Communicator in

How to write the regex for multivalue field extraction (a list of IP addresses) for a very large event?

Hi to everyone: I have a single event with 15,394 lines, and i can't write a regular expression for a field extrac...

by Communicator in

How to search the percentage of times an event happened within a certain time period each day over a specified time range?

I am trying to construct a search that will display the percentage of times an event happened before 8 am and percent...

by New Member in

Checking if the _meta data is actually indexed and used during searches

Hi all, Our forwarders are adding meta data using inputs.conf [default] host = some.host.name _meta = environme...

by Path Finder in

How to sort Dynamic Columns with names as dates

Hi all I am trying to sort dynamic columns in a table where the column names are in datetime format e.g something lik...

by Path Finder in

Where is Splunk creating my summary index?

Hi, I have a customer who is scheduling a search that uses db query. He then wants to send the output of that search ...

by Champion in

How can I extract all fields and values from a json result?

Here's an example of the result that I have and I want to extract all fields. I know spath, but I don't want to name ...

by Path Finder in

Why does the fields command in my search only display the field names, but no values?

Hello, Need help with this search. I would like to use timechart to aggregate the results hourly. My search is: ...

by New Member in

Ranking rows in a Table based on count using Transpose & Timechart

I want something like below in the table. Channel Name 25-Mar-15 26-Mar-15 27-Mar-15 28-Mar-15 29-Mar-15 30-Mar-1...

by Path Finder in

Can one scheduled saved search trigger another saved search?

Is is possible to setup an alerting condition on a scheduled saved search what would turn around and launch another s...

by Super Champion in

Report hourly max count events per day over a month

Hello, I m trying to get the hour per day which gets the most hits on my application over a month but having some ...

by Explorer in

How do I maintain multivalue fields in a steaming custom command?

I'm working on a streaming custom command that converts a field containing binary to a multivalue field of the binary...

by Path Finder in

I have a table created for a report, but how do I delete the first two rows of the chart since they contain no data?

Hello, I have a table I created for a report. However, I'm trying to find a way to get rid of the first two rows o...

by Explorer in

How to do search for medium-sized events in splunk?

I would like some help from you to do a search for medium-sized events in splunk? Please help me. Tks.

by Path Finder in

Why am I getting "no results found" trying to display a pie chart with my current code?

Hi I am trying to display a pie chart in a Splunk app using the below code, but I received the message: no results...

by Builder in

How do I search specified fields with the same keyword list without searching the entire index?

Assume Splunk is indexing a bunch of structured JSON data and a keyword search such as "foo" OR "bar". Now I want ...

by Explorer in

eval case like only populates first row of evaluated field

I have the following query: city=* store=* | stats values(store) by city | eval Role=case(store LIKE "%frt%", "FT...

by Communicator in

Alter query based on value of a field within the query itself

So I have a query that needs to change based on the value of a field witihin that query. This is the "original" qu...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What are these db_* files in the index directory? Can these be safely moved somewhere else without restarting Splunk?

Splunk is translating IP addresses incorrectly using the iplocation command. How do I report this bug?

How to multiply all numbers in a multivalue field

How can I manually change badly formatted data using a search with regex to replace all \" with just a single quote " ?

How to extract fields with a trailing space after the delimiter character "=" (ex: Code= 999)?

how can we add a condition of selection in sql query using db_connect and field input

How to write the regex to extract the error code from my sample log?

DBConnect Acceleration

How to write the regex for multivalue field extraction (a list of IP addresses) for a very large event?

How to search the percentage of times an event happened within a certain time period each day over a specified time range?

Checking if the _meta data is actually indexed and used during searches

How to sort Dynamic Columns with names as dates

Where is Splunk creating my summary index?

How can I extract all fields and values from a json result?

Why does the fields command in my search only display the field names, but no values?

Ranking rows in a Table based on count using Transpose & Timechart

Can one scheduled saved search trigger another saved search?

Report hourly max count events per day over a month

How do I maintain multivalue fields in a steaming custom command?

I have a table created for a report, but how do I delete the first two rows of the chart since they contain no data?

How to do search for medium-sized events in splunk?

Why am I getting "no results found" trying to display a pie chart with my current code?

How do I search specified fields with the same keyword list without searching the entire index?

eval case like only populates first row of evaluated field

Alter query based on value of a field within the query itself

SOCin’ it to you at Splunk University

Credit Card Data Protection & PCI Compliance with Splunk Edge Processor

Stay Connected: Your Guide to July Tech Talks, Office Hours, and Webinars!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions