Splunk Search

Discussions

Thread Info

count rex output within one line?

if I'm want to use a rex to pull out values at want to use the ?<xcount> psuedo-field to use in a chart, is this poss...

by Path Finder in

Search query for multiple login done by more than one pc

Hi all, someone can tell me how to do this query on the search app? multiple login done by more than one pc ...

by Path Finder in

Complex transaction searches with varying fields

What's the recommended approach when trying to correlate events together whenever the the events themselves don't all...

by Super Champion in

Iplocation Command

I tried using the iplocation command on the searchHeadUI. I was using this search: index=na1 logRecordTypeL=1 | he...

by Splunk Employee in

How to disable typeahead

How do you disable typeahead? We want this turned off for all users by default.

by Path Finder in

Generic Host search only uses "all time"

When I choose a host from the Host list it automatically starts to search......but for "all time". I don't want to se...

by Communicator in

Separate combined log entries at search time

I have an ongoing problem that I hope just goes away when I upgrade completely to v4. My current setup is v3 Forwarde...

by Path Finder in

Is it possible to reuse the same raw search results multiple times, using different postprocessing?

I'm trying to make a view/dashboard that contains a lot of panels showing different views of basically the same searc...

by Builder in

Sub Search Help please

Hi All Can anyone explain where my search is wrong? sourcetype="access_log" [search sourcetype="GAMESAPI*" SID ...

by New Member in

Please help - passing search results to OO/best way to get to Splunk search results from OO

Hi, Long story short I'd like to know if it's possible to pass search results through a script to another system ...

by Path Finder in

After upgrading to 4.1, Field extraction is broken in the manager page, what gives?

When clicking on Field Extractions from Manager, users are greeted with an error message: In handler 'extractions': A...

by Splunk Employee in

Concurrent Event Count (without transactions)

I have a collection of individual log lines where each event contains a start time and a duration for an individual r...

by Explorer in

Field extraction windows sources

Hello All, I am attempting to use props and tranforms to extract field values from the source field. the source is...

by Path Finder in

Display average with field values for each eventid.

For each eventID I have a, b, c fields on multiple hosts. I need to build report to present daily values of a, b, c f...

by New Member in

Rex and sed usage

I want to convert below output to more meaningful L2cache0 size 0 cd0 audio_supported yes cd0 cdda_supported yes c...

by Explorer in

Subsearch Performance Optimization

Hi Splunk experts, I have a search that joins the results from two source types based on a common field: sourcetyp...

by Path Finder in

how to sort by multiple fields based on min and max and total?

I have a router with multiple FPCs and each FPC has multiple ICHIPs. An ICHIP can produce pktwr drops and that number...

by Path Finder in

Verify Integrity of Signed IT Data Blocks

I have configured IT Data Block Signing as per http://www.splunk.com/base/Documentation/latest/Admin/ITDataSigning . ...

by Motivator in

how to show a moving average in the recent 30days about the top concurrency count per second in each day

Hello, We are using Splunk to monitor the traffic of our system, and i was asked to give a report for showing the ...

by Explorer in

group by different fields based on some other field

We have different log lines of different types. Each type holds different field names. Because of this when I use sta...

by Explorer in

Splunk Search

Discussions

count rex output within one line?

Search query for multiple login done by more than one pc

Complex transaction searches with varying fields

Iplocation Command

How to disable typeahead

Generic Host search only uses "all time"

Separate combined log entries at search time

Is it possible to reuse the same raw search results multiple times, using different postprocessing?

Sub Search Help please

Please help - passing search results to OO/best way to get to Splunk search results from OO

After upgrading to 4.1, Field extraction is broken in the manager page, what gives?

Concurrent Event Count (without transactions)

Field extraction windows sources

Display average with field values for each eventid.

Rex and sed usage

Subsearch Performance Optimization

how to sort by multiple fields based on min and max and total?

Verify Integrity of Signed IT Data Blocks

how to show a moving average in the recent 30days about the top concurrency count per second in each day

group by different fields based on some other field

Create a Timechart to compare values from computa...

Search statistics format not shared

Add field to an Automatic Lookup

trouble with set diff

Tstats with Sparkline limiting values