Splunk Search

Discussions

Thread Info

Creating a parameterized transaction search

Our office has a specific TRANSACTION search we do frequently to track all events related to a particular user. The s...

by Contributor in

How to use 2 timeranges in a single search?

I'd like to provide a table where the event count for today and yesterday are displayed. For example, count by status...

by Splunk Employee in

Does SEDCMD use PCRE regular expressions?

I know that in general, regular expressions in Splunk use PCRE (or a modified PCRE for matching in props.conf source ...

by Splunk Employee in

How to optimize performance for scripted lookups?

I would like to use a lookup into an external database to add fields to my events, but need some advice about perform...

by Contributor in

What are the defaults for the dbinspect command?

On the Search App > Status > Index activity dashboard, there is an Index health report showing the bucket spread over...

by Splunk Employee in

Trying to combine two regexes into one

I'm trying to throw out search results from a couple of different ip ranges. Currently I'm working with 2, but I migh...

by Path Finder in

Is it possible to include metadata in keyword searches?

It is a subtlety of the search language that keyword searches run against the raw event data only. To search metadata...

by Splunk Employee in

How can I limit the number of results that can be returned in a search (in UI)?

I'd like to limit certain users from running expensive searches by limiting the number of results that can be returne...

by Champion in

How do I change the default granularity on a chart?

How do I change the default granularity on a chart? It appears I'm hitting a limit somewhere and I'm not getting as m...

by Splunk Employee in

How to open a log file with Splunk from Windows Explorer?

While I browse my local drive in Explorer I would like to add and search some log files with Splunk without opening a...

by Splunk Employee in

Incorporate something like this into a Splunk search builder (module)?

There are some who are really good at regular expression, some okay, and the rest who downright are lost beyond a spl...

by Path Finder in

maxresults and stats command

Does maxresults in limits.conf have an effect when piping results to the stats command? For example, if I run a searc...

by Communicator in

How do I search across a specific or custom time range within each hour of the day?

I have millions of events being indexed by Splunk now and I suspect something is happening within my IT environment a...

by Splunk Employee in

How to assign a value to a key when working with fields?

Hi Splunkers, I have a sample Perforce log file and I'm trying to extract the code contributors. Here is an exampl...

by Splunk Employee in

How do i perform a UI search via the CLI

How do i use the same search strings in splunks UI on the command line?

by Splunk Employee in

How to I specify a minimum time between events?

There are plenty of ways to specify the exact time range or maximum range between two events in a search. But I need ...

by Engager in

what does connected mean in transaction

explain the significance of the connected flag in transaction

by Splunk Employee in

annotated raw field in transactions

Dan Goldburt asks: I'm consistently getting the following request from customers: "can I see where each event came fr...

by Splunk Employee in

View dashboard subsearches using HiddenSearch

Hi, I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value...

by Explorer in

what will it take for MULTIKV to format a table (1 header row, 1+ data rows) properly?

Such a helpful command, and yet doesn't work for me...

by Splunk Employee in

Splunk Search

Discussions

Creating a parameterized transaction search

How to use 2 timeranges in a single search?

Does SEDCMD use PCRE regular expressions?

How to optimize performance for scripted lookups?

What are the defaults for the dbinspect command?

Trying to combine two regexes into one

Is it possible to include metadata in keyword searches?

How can I limit the number of results that can be returned in a search (in UI)?

How do I change the default granularity on a chart?

How to open a log file with Splunk from Windows Explorer?

Incorporate something like this into a Splunk search builder (module)?

maxresults and stats command

How do I search across a specific or custom time range within each hour of the day?

How to assign a value to a key when working with fields?

How do i perform a UI search via the CLI

How to I specify a minimum time between events?

what does connected mean in transaction

annotated raw field in transactions

View dashboard subsearches using HiddenSearch

what will it take for MULTIKV to format a table (1 header row, 1+ data rows) properly?

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

MLTK - StateSpace Forecast algorithm

SPLUNK_HEC_URL is not working

Writing records to KVStore - Strange Behavior

Chart # of instances for a process, w/ sum of RAM ...

Strategy to search entire estate for unique server...

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >