Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Sub Search Help please

Hi All Can anyone explain where my search is wrong? sourcetype="access_log" [search sourcetype="GAMESAPI*" SID ...

by New Member in

Please help - passing search results to OO/best way to get to Splunk search results from OO

Hi, Long story short I'd like to know if it's possible to pass search results through a script to another system ...

by Path Finder in

After upgrading to 4.1, Field extraction is broken in the manager page, what gives?

When clicking on Field Extractions from Manager, users are greeted with an error message: In handler 'extractions': A...

by Splunk Employee in

Concurrent Event Count (without transactions)

I have a collection of individual log lines where each event contains a start time and a duration for an individual r...

by Explorer in

Field extraction windows sources

Hello All, I am attempting to use props and tranforms to extract field values from the source field. the source is...

by Path Finder in

Display average with field values for each eventid.

For each eventID I have a, b, c fields on multiple hosts. I need to build report to present daily values of a, b, c f...

by New Member in

Rex and sed usage

I want to convert below output to more meaningful L2cache0 size 0 cd0 audio_supported yes cd0 cdda_supported yes c...

by Explorer in

Subsearch Performance Optimization

Hi Splunk experts, I have a search that joins the results from two source types based on a common field: sourcetyp...

by Path Finder in

how to sort by multiple fields based on min and max and total?

I have a router with multiple FPCs and each FPC has multiple ICHIPs. An ICHIP can produce pktwr drops and that number...

by Path Finder in

Verify Integrity of Signed IT Data Blocks

I have configured IT Data Block Signing as per http://www.splunk.com/base/Documentation/latest/Admin/ITDataSigning . ...

by Motivator in

how to show a moving average in the recent 30days about the top concurrency count per second in each day

Hello, We are using Splunk to monitor the traffic of our system, and i was asked to give a report for showing the ...

by Explorer in

group by different fields based on some other field

We have different log lines of different types. Each type holds different field names. Because of this when I use sta...

by Explorer in

mvcombine removes timestamp

Hello, I am doing a query, where I get a multi valued field and I need to append something to each value depending...

by Communicator in

Eval on Multi Valued Fields

Hello, I currently have a query that returns a set of results, with a port number and then multiple values of a ur...

by Communicator in

Complex searches based on events before or after

I am solution architect for an operator and I am evaluating splunk for the organization, currently i trying to do the...

by New Member in

Xml Parsing with xpath

Hello, I am trying to use xpath to retrieve certain fields from my xml file. The file looks something like this ...

by Communicator in

Field Extraction do not work when using the UPLOAD method

Customer's issue was actually that for csv files, when setting the CHECK_FOR_HEADER=TRUE in props.conf and when uploa...

by Splunk Employee in

Search times out from UI or CLI.

My installation of Splunk (ver 3.4.6) is stalling out during any type of search; including just loading a default das...

by New Member in

dealing with repeated fields in one event

Here is my case. I have some events which are simply like below. event1. epochtime=1282182111 type=type1 value=val...

by Explorer in

field extraction stopped working after upgrade from 4.1.3 to 4.1.4

Hi, After upgrading from 4.1.3 to 4.1.4, the field extraction stoppted working. The field extraction configuration in...

by Path Finder in

Splunk Search

Discussions

Sub Search Help please

Please help - passing search results to OO/best way to get to Splunk search results from OO

After upgrading to 4.1, Field extraction is broken in the manager page, what gives?

Concurrent Event Count (without transactions)

Field extraction windows sources

Display average with field values for each eventid.

Rex and sed usage

Subsearch Performance Optimization

how to sort by multiple fields based on min and max and total?

Verify Integrity of Signed IT Data Blocks

how to show a moving average in the recent 30days about the top concurrency count per second in each day

group by different fields based on some other field

mvcombine removes timestamp

Eval on Multi Valued Fields

Complex searches based on events before or after

Xml Parsing with xpath

Field Extraction do not work when using the UPLOAD method

Search times out from UI or CLI.

dealing with repeated fields in one event

field extraction stopped working after upgrade from 4.1.3 to 4.1.4

Map, Join or ... ??

Add a link to another dashboard in the NEW dashboa...

Trends with average response duration

Create a Timechart to compare values from computa...

Add field to an Automatic Lookup