Splunk Search

Ask a Question

Discussions

Thread Info

The lookup table 'msdhcp_signature_lookup' does not exist. It is referenced by configuration 'DhcpSrvLog'.

Getting this error when searching. The lookup table 'msdhcp_signature_lookup' does not exist. It is referenced by ...

by Engager in

ip address in non usual format

Hi all. I have a mcafee logging in a SQL database with a field: sourceip=739840322 How i can traslate this Ip t...

by Builder in

How to plot each events "OpValue" field against time by "process"?

I have about six (6) seconds worth of data in a CSV file. Each CSV record has among other fields "process", "operatio...

by Path Finder in

How to join two tables with default row if tables do not match?

Hi, i have a table whose result is as below: parameter value result P1 V1 R1 P2 V2 R2 P...

by Builder in

How would I display a percentage of devices in an HA pair where neither has reported in a specific period?

We have a dashboard set up where we display a percentage of appliances which are not sending logs to Splunk. We take ...

by Path Finder in

How could I append the subsearch result with different fields

Hi, I am trying to combine two searches into one table with different fields name. for example, I have error sourc...

by New Member in

How to create a graph using distinct values?

I want to create a graph that shows values over time, but I cannot figure out how to graph distinct values. Right now...

by Engager in

Ghost results - why can't I pipe my results?

I have a search that yields over 6000 events. However, when I try to do anything with those events, namely use them i...

by Path Finder in

Why two searches work separately, but subsearch leads to no results?

Beginner here, I've been trying to practice subsearching, but I've come across a problem I couldn't figure out how...

by Path Finder in

How to list values for a multivalue field by both date and percentage?

Okay, so I'm trying to create a funnel in Splunk. I have a multivalue field, I need to recalculate the values into pe...

by Explorer in

How to group calculated unique values by another field without using a subsearch?

Hi folks, I have a problem. I've done a search displayed below and I'm filtering some types of products (produto)....

by Explorer in

How to limit the character length of the date field?

How do I limit the characters of a date field to be a certain length? I.e my date field looks as follows: 2012-01-...

by Path Finder in

Use variable from views.py on a Django search manager

Hi all, Using Splunk 6.2.2. I want to use a single Django template for several different sources that follow th...

by Path Finder in

Field categorization

Hi All, A quick question reagrding the symbols "#" and "a" (alpha I believe), on the left hand side of a filed nam...

by Contributor in

enumerating field names as a new field

Dear all, I have in splunk events of this simple structure fileldX=value, like field1=..., field2=..., ... fiel...

by Path Finder in

How to make the Search and Reporting app the default landing page for a user?

I have an App landing page which is not working fine. I want to make the Search and Reporting app as the default page...

by Explorer in

Averages skewed by empty time buckets

When creating a report of the max count/minute and average count/minute by host for a specific error there seems to b...

by Path Finder in

how do I clac time out using eval

in,out,name 05-06-2015 11:37:04,05-06-2015 11:37:04 ,uid2 05-06-2015 11:36:06,,uid2 how do I do this, If out time ...

by Engager in

Why does dedup not return any results?

Below is an example of a log file I'm trying to analyse (thousands of entries). I wish to remove duplicate entries ba...

by Explorer in

Spunkd normal process count?

Hi, What is the normal process count for splunkd? Am having two processes for splunkd both for my forwarder & s...

by Explorer in

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

I'm trying to filter out events from a search based on a list of strings retrieved from the results of another search...

by Path Finder in

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

This is related to http://answers.splunk.com/answers/136754/splunk-sdk-fields.html. I've tried searching via the ...

by Splunk Employee in

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Hi, I have a chart like this from a search: source="*.log" "Found TaskId" | | dedup source | eval FileFoundDa...

by Path Finder in

Where to enable the "dbx_capable" capability in Splunk DB Connect?

I have a Prod and Non-Prod instances of Splunk running. A former admin installed DBX in both. In trying to setup the ...

by Engager in

What is Parameters must be in the form '-parameter value'

I'm new to Splunk and I'm trying to add monitor to my logs as: ./splunk add monitor -auth admin:changeme /var/lib/mys...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

The lookup table 'msdhcp_signature_lookup' does not exist. It is referenced by configuration 'DhcpSrvLog'.

ip address in non usual format

How to plot each events "OpValue" field against time by "process"?

How to join two tables with default row if tables do not match?

How would I display a percentage of devices in an HA pair where neither has reported in a specific period?

How could I append the subsearch result with different fields

How to create a graph using distinct values?

Ghost results - why can't I pipe my results?

Why two searches work separately, but subsearch leads to no results?

How to list values for a multivalue field by both date and percentage?

How to group calculated unique values by another field without using a subsearch?

How to limit the character length of the date field?

Use variable from views.py on a Django search manager

Field categorization

enumerating field names as a new field

How to make the Search and Reporting app the default landing page for a user?

Averages skewed by empty time buckets

how do I clac time out using eval

Why does dedup not return any results?

Spunkd normal process count?

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Where to enable the "dbx_capable" capability in Splunk DB Connect?

What is Parameters must be in the form '-parameter value'

Tech Talk Recap | Mastering Threat Hunting

Observability for AI Applications: Troubleshooting Latency

Splunk AI Assistant for SPL vs. ChatGPT: Which One is Better?

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions