Splunk Search

Ask a Question

Discussions

Thread Info

how to use a macro in a form

I want to display output differently according to the value of radio button selected how do i do it..... this is t...

by New Member in

Problem with reception of data

Please, could someone help me !! I'm trying to receive data, via splunk, from another machine but nothing is worki...

by New Member in

How to Use fields to remove all auto generated fields

Hello, Basically, we want to get the rid of the system fields except _time , but leave the ones it picks up from our ...

by Builder in

Help with Rex field-extraction

I'm having a difficult time extracting the value for reportId. I'm not sure how to find the digits to the right of "r...

by Explorer in

Network interface Naming problem

I am trying to graph BytesTotalPersec for the four interfaces on a particular server. The name of each interface is: ...

by Explorer in

How to write search query with two commands

Hello, I have 3 guest and each guest has 10 hosts in it. i want to display data in pie chart. my query conditio...

by Path Finder in

How do I search a five day running total for values that exceed an amount?

I have 12 months of financial data where I am trying to extract the payees whose transaction totals for a sliding 5 d...

by Engager in

date_* fields are being duplicated when only one timestamp exists in record

Hi All, I have a situation where the date_* fields are being duplicated. This is affecting all events that come...

by Path Finder in

Timechart not passing span value to drilldown

Hi Guys, I'm using a token in my search to drill down on a click.name2, which tells me success/failure tallies bro...

by Communicator in

Use search results to populate a lookup table

I am following the directions on http://docs.splunk.com/Documentation/Splunk/6.2.3/Knowledge/Addfieldsfromexternaldat...

by Path Finder in

Can users download each event in file format from search results?

hi~there,can splunk provide a hyperlink for each search event then it can be downloaded in file format? Though it can...

by Contributor in

Transaction duration exceeding the specified maxpause value

We are using a transaction to group web access events the Client IP and another field we extract (essentially filenam...

by Communicator in

Expand subsearch timeline by an hour to find additional errors

I am trying to determine if there is a way to search for the following scenario. Bonded interface goes down and S...

by Communicator in

Tabulate frequency of all events within X events of found event

Hi all, This is slightly tricky - well for me anyways.. I have an index where a key event is occuring. I need t...

by Explorer in

How do I use rex to extract a field that may contain an ampersand

I have a non standardized field in one of the logs that we pull. I am building an inline rex string to extract the fi...

by Path Finder in

There is a way to save the selected fields for all users ?

Hi folks, There is a way to save the selected fields for all users ? I mean that each user will see the fields that...

by Path Finder in

In Hunk, app-specific field extraction is not picked up by map-reduce jobs

I'm noticing some weird behavior in a search that is requiring me to inline some regexs in order to get the MR job to...

by Explorer in

Grouping values in ranges and creating multiple frequency bands

I want to group usage into ranges like 0-1, 1-10, 10-50 , 50-100, 100 + and display a bar chart with count agai...

by Communicator in

How to edit my regex in transforms.conf to filter out Windows event logs with EventCode=4624 for a given user?

Hello everybody, I am new to Splunk. What is my problem: Universal forwarder sends Windows Event Logs to Index...

by New Member in

Which commands scale/distribute well

If I have a Splunk environment/installation that consists of at least one search head and multiple indexer installati...

by Motivator in

How to search for IP addresses from a .txt file to see if any of them have appeared in Splunk before?

Hi, I have a .txt-file with line separated IP addresses, and I want to know if any of those have appeared in Splun...

by New Member in

How can I use a field value as a field name and make that a drop-down value?

Hi, I have a requirement where I want to make a common error dashboard for a set of apps with a textbox. There is ...

by Path Finder in

How to match the regex for LINE_BREAKER with the end of my event? Yet another one!

My event ends like this, , "estimatedDuration": 2505189} The no of digits in the estimated time can be a varia...

by Path Finder in

How to map the field values in a table column to a different string?

A search gives me the following output in the form of a table. For every field value in the Field column, there is a ...

by Explorer in

In Hunk, verbose mode vs smart mode for VIX (virtual indexes) documentation, please?

In Hunk, where is the documentation for verbose mode vs smart mode for virtual indexes (VIX)s?? Afaict, verbose mo...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to use a macro in a form

Problem with reception of data

How to Use fields to remove all auto generated fields

Help with Rex field-extraction

Network interface Naming problem

How to write search query with two commands

How do I search a five day running total for values that exceed an amount?

date_* fields are being duplicated when only one timestamp exists in record

Timechart not passing span value to drilldown

Use search results to populate a lookup table

Can users download each event in file format from search results?

Transaction duration exceeding the specified maxpause value

Expand subsearch timeline by an hour to find additional errors

Tabulate frequency of all events within X events of found event

How do I use rex to extract a field that may contain an ampersand

There is a way to save the selected fields for all users ?

In Hunk, app-specific field extraction is not picked up by map-reduce jobs

Grouping values in ranges and creating multiple frequency bands

How to edit my regex in transforms.conf to filter out Windows event logs with EventCode=4624 for a given user?

Which commands scale/distribute well

How to search for IP addresses from a .txt file to see if any of them have appeared in Splunk before?

How can I use a field value as a field name and make that a drop-down value?

How to match the regex for LINE_BREAKER with the end of my event? Yet another one!

How to map the field values in a table column to a different string?

In Hunk, verbose mode vs smart mode for VIX (virtual indexes) documentation, please?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Help generating table

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...