Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to index Azure Table storage data without a valid DateTime column?

Hi, Do someone have experience using the Splunk Add-on for Azure app, and retrieving Azure Table storage data? ...

by Path Finder in

How to edit my regex to extract all user field values from my sample logs?

Here is the regex that I have: ^$\d+$\s+\d+/\d+/\d+\s+\d+:\d+:\d+\s+\w+\s+\-\s+$\w+\s+\w+\s+\w+$\s+\(\d+\.\d+\...

by New Member in

Splunk Memory error with YARN

When running a search in splunk such as 'index=syslog date_hour=12' we get the below error to do with memory configur...

by Engager in

In the "New Search" window, why does typing * result in "No results in current time range"?

I have tried multiple time ranges. no luck. Cisco app shows data coming in. License section of Splunk Utilization Mon...

by Explorer in

Splunk bug with lookups matching on fields that include spaces

OK one of our devs discovered a weird bug where if a lookup is being performed on a CSV where the field to match cont...

by Builder in

Any use cases on time commands in splunk SPL....?

Can anyone explain the time commands in Splunk with a use case? I see few of these searches in Splunk Answers, but I ...

by Builder in

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

I am getting the below error while running Splunk integration spring adapter. org.xml.sax.SAXParseException; lineN...

by Path Finder in

Correlation of events

Hi! Is it possible to create a correlation of fields over several different events? For example, I have to find a...

by New Member in

How to search the delta between the Unix Time of each sequential web log grouped by ID?

To put it as simply as possible: Imagine 8 log entries with only two fields per log, t = time & ID = Identifier ...

by Explorer in

streamfwd is shutting down

Has anyone faced this problem - root@ip-172-31-19-68:/home/ubuntu# tail /opt/splunkforwarder/var/log/splunk/stream...

by Builder in

How do I extract this field from my sample data using rex?

Scenario: I need to extract the User out of the following field msg using rex. So, I need abcdefg Group <XGroupPol...

by Contributor in

How do I optimize my search?

I have the following search and takes a lot of time to output data. Is there a way to optimize the search? eventty...

by Explorer in

How to remove only a single value when there are more multiple same values are present in a field?

Hi , I am trying to update a multivalued field in a KV store. So let's say there are 3 values in the field: A,B...

by Explorer in

How do I edit my search to display two time charts in one graph?

I am using appendcols to put two timecharts in one graph to show the correlation, however, the values are off in diff...

by Engager in

Splunk unable to start and emits "Conf is currently being modified by process ####."

This morning after rebooting my computer with splunk on it, Splunk refuses to start. Trying to investigate the pro...

by Explorer in

How to display 3 separate search results on one dashboard?

For Example: Suppose you have 3 numbers from search results: 1,000 2,000 and 3,000. I want to be able to display...

by Explorer in

Combine and dedup results to only show one row per user

I have the following search index=iis | eval WebShellActive=if(match($Webshell$,"true"),"Yes",WebShellActive) | e...

by Contributor in

Why result of upperperc95 are smaller than avg some times.

I am running a querie to calculate the upperperc95 and avg for the number of conections in my firewalls, but some tim...

by New Member in

How to increase the immediate availability of searchable data in an indexer clustering environment?

The event had indexed at 10:00 AM, but when I search for the same data at 10:15, I just got "No results found". Howev...

by Path Finder in

How to define a X axis and submit different datasets

Hello I want to Display the CPU used from a Server depending on the users are working on that Server for several Serv...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to index Azure Table storage data without a valid DateTime column?

How to edit my regex to extract all user field values from my sample logs?

Splunk Memory error with YARN

In the "New Search" window, why does typing * result in "No results in current time range"?

Splunk bug with lookups matching on fields that include spaces

Any use cases on time commands in splunk SPL....?

Splunk integration Spring: Failed to read schema document 'http://www.springframework.org/schema/integration/splunk/spring-integration-splunk.xsd'

Correlation of events

How to search the delta between the Unix Time of each sequential web log grouped by ID?

streamfwd is shutting down

How do I extract this field from my sample data using rex?

How do I optimize my search?

How to remove only a single value when there are more multiple same values are present in a field?

How do I edit my search to display two time charts in one graph?

Splunk unable to start and emits "Conf is currently being modified by process ####."

How to display 3 separate search results on one dashboard?

Combine and dedup results to only show one row per user

Why result of upperperc95 are smaller than avg some times.

How to increase the immediate availability of searchable data in an indexer clustering environment?

How to define a X axis and submit different datasets

Admin Your Splunk Cloud, Your Way

Cloud Platform | Discontinuing support for TLS version 1.0 and 1.1

New Customer Testimonials

Join all objects with specific object within the s...

How to troubleshoot “Error in 'inputlookup' comman...

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...