Splunk Search

Discussions

Thread Info

Is it possible to use typeahead with HiddenSearch/ExtendedFieldSearch?

build an application limiting end-user searches to a single field (by using HiddenSearch/ExtendedFieldSearch modules)...

by Splunk Employee in

Export a csv of all hosts and their sources?

I need to generate a splunk coverage report that shows all of the hosts and all of the sources they are sending from....

by Path Finder in

Defining custom sourcetypes.

I'm trying to define a custom set of fields for a sourcetype and am finding that the "train" command is a) tedious b)...

by New Member in

Sort rows in tables

The results of a report show the following in a table: -variable value -Allowed 1 -Allowed_Tagged 1 -Bloc...

by Explorer in

Extracted fields are not visible in the UI i.e. from pickfields

--input.conf [monitor:///etl/issrdr/scripts/tst/splunk/input/updates.csv] index=iss-rdr --props.conf [sourc...

by New Member in

What is the purpose of var/run/splunk/dispatch/.../metadata.csv?

I have been having repeated warnings that the system is unable to read metadata.csv, which looks like it should be lo...

by SplunkTrust in

Why do I get different Search Behavior depending on fields.conf?

I'm running a search based on a field extracted at search time using props.conf. I've noticed that if I don't have...

by Splunk Employee in

Evaluate an event's repetition (logfail) over a time unit, if repetition is greater than X

Good morning all! Today my goal is : evaluate suspicious logfail by a criteria (as follow). If "logfail" on the sa...

by Path Finder in

How to search for a field value that has appeared as the value of some other field?

I have a simple case where I want to see if the value of one field has shown up as the value of another field. rec...

by Champion in

Calculate the percentage for top X values of a field per day over time

Hi I was wondering if it is possible to generate a chart based on the following criteria: “Display the top X perc...

by Path Finder in

Calculate the percentage of logs with a certain criteria among all requests

Hi Say I have the following log statements (generated throughout the day): id=111,type=2,field1=y id=141,typ...

by Path Finder in

simulating a SQL JOIN in Splunk

I have indexed the contents of a relational database along with a log file. My log contains these fields: cos...

by Contributor in

Is there a way to list enabled apps from the CLI?

I thought there was a way to enumerate the enabled and disabled apps from the CLI. Is this so, and if so, what is it?

by Splunk Employee in

Display both unique and total columns in a chart table

Hi, am looking to pull together a table chart of our threat data that contains 3 columns: threat, totalhosts and uniq...

by Contributor in

How can I use Splunk to determine Phishing attempts?

What are some methods of determining anomalous login behavior with Splunk?

by Path Finder in

How do I automatically tag new results?

I need to create a custom chart in splunk and be able to tag the results of that search with a ticket number for trac...

by Communicator in

Field extraction with kv/extract

Hi, I am trying to extract fields of the form [key1=value with spaces] [key2=value with spaces] using the kv searc...

by New Member in

Field extraction on post multikv field?

Is it possible to create a field extraction on a field that only exists after piping through multikv? In other wor...

by Splunk Employee in

Multiple Pie Charts from one search

Hello, We have an app that pings urls to get the status codes. Each application has a separate url and so i use a ...

by Communicator in

Is it possible to present search results in the RSS feed?

Currently, Splunk will provide a link to search results in the RSS feed. I guess I want an option like inline=True fo...

by Splunk Employee in

Splunk Search

Discussions

Is it possible to use typeahead with HiddenSearch/ExtendedFieldSearch?

Export a csv of all hosts and their sources?

Defining custom sourcetypes.

Sort rows in tables

Extracted fields are not visible in the UI i.e. from pickfields

What is the purpose of var/run/splunk/dispatch/.../metadata.csv?

Why do I get different Search Behavior depending on fields.conf?

Evaluate an event's repetition (logfail) over a time unit, if repetition is greater than X

How to search for a field value that has appeared as the value of some other field?

Calculate the percentage for top X values of a field per day over time

Calculate the percentage of logs with a certain criteria among all requests

simulating a SQL JOIN in Splunk

Is there a way to list enabled apps from the CLI?

Display both unique and total columns in a chart table

How can I use Splunk to determine Phishing attempts?

How do I automatically tag new results?

Field extraction with kv/extract

Field extraction on post multikv field?

Multiple Pie Charts from one search

Is it possible to present search results in the RSS feed?

Search to show me events that have timestamps out ...

How to reassign orphaned search in splunk light

Free Trial Fundamentals 1

Splunk dashboard single value trendinterval time a...

How do I monitor & troubleshoot if all data source...