Splunk Search

Discussions

Thread Info

Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command?

I log in to my Indexer as root, cd to /etc/init.d and then ran the "splunk enable boot-start -user splunk" command. A...

by Path Finder in

What this query will do?

streamstats current=f latest(up) as oldUP by lowername I am bit confused what will streamstats calculate here?

by Engager in

three search in same page with alert and time span=3 month

i want to do three different search in same page for time span is 3 month i need a alert to be configured

by Motivator in

xpath not giving result

I want to extract NewValue when Network Settings is International Roaming Bar. Tried with | xpath outfield=NewValu...

by Path Finder in

Case insensitive search in rex

I am having a field such as Exception: NullReferenceException. And sometimes, EXCEPTION:NullReferenceExcpetion. I ...

by Path Finder in

Splunk - Join two queries from same index and eventtype

I have the following two events from the same index (VPN). I've been unable to try and join two searches to get a tab...

by New Member in

Splunk license usage per sourcetype

Hello, Is there a way to find out which sourcetype is sending too much of data to an index. i know an index but i ...

by Explorer in

How do I remove rows with null values on single/multivalue fields?

Hello Everyone I have a below search query that results me 4 column table. Process, RunID, StartTime and EndTime. ...

by Path Finder in

extract name from multivalue

Within MSAD, the manager field looks like this: manager=CN=The Boss,OU=HLGIT,OU=CO,OU=mytownUsers,OU=ourFIRE,DC=ou...

by Engager in

How to find the oldest timestamp of an event available for search

I would like to find the oldest timestamp of events available for search (with respect to sourcetype) in an index. Me...

by Explorer in

How to sort using formatted time

Hi, I have a result table with two columns "formattedTime" and "Unsuccessful logins". I am displaying time in the ...

by Explorer in

Why is the background search failed with an error "search was canceled"?

We are running Splunk v 7.0.1. One of our splunk users sent a search to the background and received the following ema...

by Builder in

How to use an index for a lookup

Noob question. I had about a dozen CSVs that had the same information on them but the columns were out of order. I...

by New Member in

Why it changes the sourcetype for all sourcetype

I am trying to change the sourcetype of all events that are not from sourcetype starting with xyz. I am using followi...

by Communicator in

Search all the login events from a location

Need to run a report where the user is supposed to work remotely for 110 days in any given 365 days. The 365 days is ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why do I get "-bash: splunk: command not found" when I try to run the "splunk enable boot-start -user splunk" command?

What this query will do?

three search in same page with alert and time span=3 month

xpath not giving result

Case insensitive search in rex

Splunk - Join two queries from same index and eventtype

Splunk license usage per sourcetype

How do I remove rows with null values on single/multivalue fields?

extract name from multivalue

How to find the oldest timestamp of an event available for search

How to sort using formatted time

Why is the background search failed with an error "search was canceled"?

How to use an index for a lookup

Why it changes the sourcetype for all sourcetype

Search all the login events from a location

Infographic provides the TL;DR for the 2023 Splunk Career Impact Report

Splunk Lantern | Getting Started with Edge Processor, Machine Learning Toolkit ...

Enterprise Security Content Update (ESCU) | New Releases

Outputlookup to a kvstore does not write results

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...

BotS member needed !

To set up alert using saved search and map command