Splunk Search

Discussions

Thread Info

How would I know what "Applicatoin Context" to choose when creating a new correlation search?

Hi Splunk Answers, How would I know what 'Application Context' to choose when creating a new correlation search? ...

by Path Finder in

How to write a regex to group based on a particular field?

I am looking to see how many times a particular uri was hit on a daily basis and group it based on a field. say the u...

by Path Finder in

Timechart based on date and time string NOT the timestamp

I have data and time information in a log stored as a string. It is an additional field not the timestamp or _time. ...

by Communicator in

Splunk DB Connect 1: How to edit my search to compare a column from two databases and output anything that is different?

Hi, I am working on a search string to extract a specific column named Applications from 2 databases I would th...

by Path Finder in

Trying chart of multiple data series wtih tutoriel but error with eval

I am tring to run a chart report followting the exemple from Search manual p.71, I get a field named "Serveur" index...

by Engager in

How to retrieve the fieldNames, based on the pattern present in the values?

I have a list of Incoming indexed Events. The value of some fields will come with Datatype prefixed, followed by a Co...

by Path Finder in

Why am I getting error "Invalid earliest_time" trying to set a specific default setting for the date time picker?

HI there, I have been trying to set a specific date time in the default setting for the date time picker: <f...

by Path Finder in

Excessive Firewall Denies query

I am trying to write a rule that fires if a single source IP creates 40 denied connections to at least 40 destination...

by Explorer in

How to apply a custom TIME_FORMAT specific to source with a wildcard in Props.conf?

I am trying to apply a custom TIME_FORMAT to a wildcarded source in props.conf, but Splunk doesn't seem to be applyin...

by Influencer in

Which API Access?

We are loading up the Qualsys forwarder and have been specifically asked about the api access and whether we need sca...

by Splunk Employee in

After migrating CSV lookups to kvstore, why does the lookup command no longer output results in a search?

i am currently migrating all the csv to kvstore. when i do an inputlookup or outputlookup, it works perfectly fine an...

by Path Finder in

Chart overlay graphs not in sync

Hey guys, does anyone of you know why this happens when on dashboard with chart overlay elements? I only experience i...

by Path Finder in

How to use SEDCMD to skip whole lines matching a regex pattern from being indexed?

We have a system where at times the engineers running it need to enable debug output. This naturally kills the splunk...

by SplunkTrust in

Splunk search logs

Am having log entries as per below. In essence, we have to detect a line with “Task started. Task id - 'number' a...

by New Member in

If I have a table with daily averages, how do I display the standard deviation of these averages at the bottom of the table as a consolidated result?

Hi there, I was wondering if someone could assist with the following. I have a table built up as daily averages...

by Path Finder in

Internal Mapreduce in Splunk

Hi, I need to know how map functions and reduce functions are constructed using search string? In one of the white...

by Communicator in

Entering comments into a notable event - possible?

Hi Splunk Answers, I understand that notable events can be assigned severity as well as being assigned to differen...

by Path Finder in

Splunk DB Connect 1: How to join SQL queries from different servers?

| dbquery Server1 "SELECT value1, value2 FROM db1.table" | join type=left value2 [| dbquery Server2 "SELECT value...

by New Member in

How to read data from a CSV file and put into DB Connect’s query?

Hi, I want to pull data from a CSV file and put that all data in a SQL query. For e.g.- In CSV: 'ABC','DEF','GHI',...

by Engager in

How to display Linux and Windows CPU perf in one timechart other than appendcols method?

Currently I am using appendcols method, it seems work, but once the first search returns no result, the timechart wil...

by New Member in

Comparison of logs?

Pretty new to this - Is there a way to compare log results between two timeframes ? Consider the following scenario ...

by New Member in

Indexer performance hit, for searches with no results

I have a search like the following: "index=index_A | " If i distribute this to an indexer which do...

by Splunk Employee in

Regex Conditional Group Capture with Name

I'm trying to build 1 regex to capture multiple sets of data. Below is a sample: 1. 20110221124637|21410|SENT:0.64...

by Explorer in

Searching a single line at a time

My Search query: source="test source" "AggCd" AND "test2# " AND "TransTypeCd " AND (NOT ("test2# null")) | rex "t...

by Explorer in

extract multiple fields(number unknown) and sum it up

i have several events which look like this one (this is one event, repeating with varios values after Txxxx,) DIS...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How would I know what "Applicatoin Context" to choose when creating a new correlation search?

How to write a regex to group based on a particular field?

Timechart based on date and time string NOT the timestamp

Splunk DB Connect 1: How to edit my search to compare a column from two databases and output anything that is different?

Trying chart of multiple data series wtih tutoriel but error with eval

How to retrieve the fieldNames, based on the pattern present in the values?

Why am I getting error "Invalid earliest_time" trying to set a specific default setting for the date time picker?

Excessive Firewall Denies query

How to apply a custom TIME_FORMAT specific to source with a wildcard in Props.conf?

Which API Access?

After migrating CSV lookups to kvstore, why does the lookup command no longer output results in a search?

Chart overlay graphs not in sync

How to use SEDCMD to skip whole lines matching a regex pattern from being indexed?

Splunk search logs

If I have a table with daily averages, how do I display the standard deviation of these averages at the bottom of the table as a consolidated result?

Internal Mapreduce in Splunk

Entering comments into a notable event - possible?

Splunk DB Connect 1: How to join SQL queries from different servers?

How to read data from a CSV file and put into DB Connect’s query?

How to display Linux and Windows CPU perf in one timechart other than appendcols method?

Comparison of logs?

Indexer performance hit, for searches with no results

Regex Conditional Group Capture with Name

Searching a single line at a time

extract multiple fields(number unknown) and sum it up

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions