Splunk Search

Ask a Question

Discussions

Thread Info

data input - path name is the same

I have two type of files i am inputted into splunk. Both reside at /var/data/proxy/isolde.2015060812.log or mimi....

by Path Finder in

BREAK_ONLY_BEFORE_DATE variable

Hi everyone, I have several oracle audit logs received via syslog-ng + splunk file inputs: Jul 8 14:44:04 192....

by Path Finder in

Why am I unable to return the correct count of all events with FieldA that contain ValueA?

Hi All, I am facing some problem with my below search: sourcetype="clientevents" event_error_code=RB_VOD_BUFFE...

by Path Finder in

calculating values in new rows/columns and appending based on values in existing rows/columns

I have something like this in the stats view in splunk. field NE1 NE1-L NE2 NE2-1 field-alt KPI1 30251 ...

by Motivator in

How do I filter through my auth logs via search to only return "Accepted" or "Failed" login attempts?

Hi splunkers, I need to gather the success and failed attempts from my linux servers, but when I forward all my au...

by Communicator in

ウォーム、コールドのデータバックアップについて

インデックス作成されたwarm・coldデータのバックアップを採取したいのですが、一時的にhotdbからwarmdbへのロールを止めることは可能でしょうか？ splunk自体を停止することができない環境の為、 indexes....

by Engager in

How to return exact percentile values in a Splunk search?

Hi, I have an issue with percentile functions provided by SPLUNK. Example: I am getting count by last 7 days a...

by Communicator in

How to only keep _time and _raw fields in the search results?

I wish to keep only _time and _raw fields in the export output file. I read in the documentation that | fields - _* r...

by Path Finder in

any way to combine the results from two sourcetypes without a common field to use for a join and then table the output?

I need to produce an extract to use as a data source for a third party application. The application needs the data in...

by Communicator in

Creating a Matrix/Grid

Hi Splunkers, I've been asked to create a command centre for our business. The main requirement is to have a singl...

by Communicator in

Searches Using field extractions Issue

The following searches' results contain events with the field, FUNCTIONAL_AREA_NAME="Minute Maid" index=ko_autosys...

by Communicator in

How to search for specific log messages from hosts in a certain IP range

We often do a search for device configuration changes on Cisco devices in a specific IP range in a certain time frame...

by Explorer in

Difference between renaming a field within STATS vs using RENAME command

What is the difference (performance? limitations in later pipes?) between these two searches where one renames a fiel...

by Splunk Employee in

multikv on raw data (row timestamp)

Hello- I'll jump into the main part. Here is a snippet: Tue 2015 15:00:23 ZGD-OCU-QQQ POS-BKD-AKD COK-ZPP-AKF ...

by Explorer in

How to search the counts of each distinct field that has a value?

We have a fairly complex search page in our web app which has many search field options. We're trying to determine wh...

by Explorer in

Extracting extracted, selected fields to share

Given I have some input with a bunch of fields that are not automatically extracted and I used the Field Extractor in...

by New Member in

_time, calculations in transactions and mvlist

When I run a transaction command to group events together, I lose the _time information originally associated with th...

by Communicator in

Why does my subsearch maxtime setting in limits.conf have no effect?

I have /my-app/local/limits.conf with the following content: [subsearch] maxtime = 600 [join] subsearch_maxtime =...

by Communicator in

Is there a way to run a joined query with different date parameters. (Not Using Historical Data)

I am trying to run a query that takes the average runtime of log files and compares them to the current run time of l...

by Engager in

Visualization not appearing?

I'm trying to make visualizations appear. A simple column or bar chart. My search works exactly as intended (a series...

by Explorer in

Is it possible to narrow searches by grouping devices in "nesting" groups?

Hello. I am investigating SPLUNK, and am trying to accomplish a task I was hoping would be simple: I have a "grou...

by Communicator in

Search by keywords - Fetch events occurred 30 min before and after that particular event

Is there any built-in command to fetch events before and after (for a specific time-duration) a particular keyword/ev...

by Motivator in

Load of index Data statistics on starting page?

Just wondering when looking into performance improvements... After logging in to Splunk (...app/launcher/home), you s...

by Communicator in

How to get top 10 values in splunk search ?

Hi, I want to get top 10 src_ip . I have selected descending order for recv_bytes column . Please help me. Query as f...

by Explorer in

Data Model and Macro Search: Code, Fields and Data Structure Exploration

I am looking at how to see the details of the events which drive dashboard panels when the results are brought in thr...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

data input - path name is the same

BREAK_ONLY_BEFORE_DATE variable

Why am I unable to return the correct count of all events with FieldA that contain ValueA?

calculating values in new rows/columns and appending based on values in existing rows/columns

How do I filter through my auth logs via search to only return "Accepted" or "Failed" login attempts?

ウォーム、コールドのデータバックアップについて

How to return exact percentile values in a Splunk search?

How to only keep _time and _raw fields in the search results?

any way to combine the results from two sourcetypes without a common field to use for a join and then table the output?

Creating a Matrix/Grid

Searches Using field extractions Issue

How to search for specific log messages from hosts in a certain IP range

Difference between renaming a field within STATS vs using RENAME command

multikv on raw data (row timestamp)

How to search the counts of each distinct field that has a value?

Extracting extracted, selected fields to share

_time, calculations in transactions and mvlist

Why does my subsearch maxtime setting in limits.conf have no effect?

Is there a way to run a joined query with different date parameters. (Not Using Historical Data)

Visualization not appearing?

Is it possible to narrow searches by grouping devices in "nesting" groups?

Search by keywords - Fetch events occurred 30 min before and after that particular event

Load of index Data statistics on starting page?

How to get top 10 values in splunk search ?

Data Model and Macro Search: Code, Fields and Data Structure Exploration

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

New Release | Splunk Cloud Platform 10.1.2507

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions