Splunk Search

Discussions

Thread Info

IndexScopedSearch Error

Hello Splunkers! During search I get an error: "Error in 'IndexScopedSearch': The search failed. More than 1000000...

by Communicator in

How to use the per_second function with streamstats?

I'm trying to use streamstats on Splunk 6.2.2.255606 and the per_second stats-function is killing me. I'm trying to f...

by Explorer in

If I have a search that returns a list of IP addresses, what would be the syntax to check if IPs in a second list do not appear in this result set?

hi, Say I have a search that returns a list of IP addresses. What is the syntax to check if IPs in a second list ...

by Path Finder in

Would it be possible to include time into this chart?

Hi guys! So I have a pretty detailed splunk search to get the five most active OOID's in my data. I was wondering ...

by Communicator in

How to edit my rex search to extract field values with a hyphen?

Hi I am extracting a field named revision from raw data and the only possible field values are 1 or 2 consecutive ...

by Builder in

How to combine my 3 searches into one to create an alert?

I'm trying to set up an alert for the time taken for a process, which I was previously calculating using 3 separate s...

by New Member in

How to get hits/sec in splunk over a time period

Hi GUys, We have splunk for all the API servers that we use. Now if I want to understand how many hits/sec we are...

by New Member in

How to search for a "deleted/moved" in Regex?

Hi guys! Sorry for the misleading question, but does is anyone really good with regex? I am trying to search for "...

by Communicator in

Is there a tool that automatically generates raw data I can use for a Splunk demonstration?

Hi, I'm searching for a tool that automatically generates raw data for a Splunk demonstration, for example, Snort...

by Communicator in

Why is my CIDR lookup search returning no results for any field from the lookup table?

Hi folks... I realize every conceivable permutation of this question has already been asked and answered - I've sure ...

by Explorer in

Right Align Table Cells

When creating a dashboard, I'd like to align the cells with numbers in them to the right (default is left). Any ideas...

by Explorer in

what is the limit to the number of categories that can be in a legend in splunk timechart

I have a timechart search that looks something like: ... | timechart span=15m max(c84162281) as "Average Seizure ...

by Motivator in

Use the result from first search into second search to obtain correlated result from both searches

I have a scenario like this: Login logs are created when users ( both admin and normal) logs in the website with a v...

by Explorer in

How do I create a search which takes a list of items as input and returns a table

I am using Splunk to log all data from a firewall. I get records that contain MAC addresses and timestamps among many...

by New Member in

Is there a best practice for counting distinct values over periods of time?

I would like to count unique users by day, week, and month. I'm not really sure what's the preferred Splunk method to...

by Builder in

Connecting to a SQLServer DB using an Alisas

We are currently indexing data from several SQL Server DBs in Splunk. All of the connections are currently configured...

by Explorer in

How do I prevent losing the nice formatting of fieldformat after adding xyseries to my stats search?

I have a stats command that correctly formats the count field. stats count by method client | fieldformat count=t...

by Path Finder in

Automatic field extractions from a quoted string

Our nginx access logs use a quoted string when dumping cookies. It ends up looking something like this: "cookie_a=...

by Explorer in

Is there an example of how to run 2 different searches based on the selected drop-down value on the same panel?

Hi, I need to run 2 different search queries based on the drop-down value on the same panel. Is there an example t...

by Contributor in

Advise a rex for domain\username example windows\mathews

can you please advise a rex for domain\username example windows\mathews Below is sample of event I am trying to ex...

by Explorer in

How to search how many documents were created, updated, or deleted for each OOID in my data?

Hi guys! So I am building on some of the previous anwsers I got, but I want to get even more specific now and can'...

by Communicator in

Does specifying real-time earliest/latest values in the search bar work for anyone?

Following the example described on http://www.splunk.com/base/Documentation/4.1/User/RealtimeSearch#Expected_performa...

by Communicator in

Regex Match Case on Multiple Conditions

I have 4 strings which are inside these tags OrderMessage 1) "Missed Delivery cut-off, Redated to <>" 2) "Exist...

by SplunkTrust in

How to search the total number of hits to URL's that do NOT include CategoryID?

I'm new-ish to Splunk, so forgive me if I'm not sure of the best way to do this. Basically, I'm trying to find out...

by New Member in

What would be the regex to break events by the @ symbol in my data?

Right now, Splunk indexes events that looks like this: Msg1=... time=... val=... id=... @ Msg2=... time=... val=.....

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

IndexScopedSearch Error

How to use the per_second function with streamstats?

If I have a search that returns a list of IP addresses, what would be the syntax to check if IPs in a second list do not appear in this result set?

Would it be possible to include time into this chart?

How to edit my rex search to extract field values with a hyphen?

How to combine my 3 searches into one to create an alert?

How to get hits/sec in splunk over a time period

How to search for a "deleted/moved" in Regex?

Is there a tool that automatically generates raw data I can use for a Splunk demonstration?

Why is my CIDR lookup search returning no results for any field from the lookup table?

Right Align Table Cells

what is the limit to the number of categories that can be in a legend in splunk timechart

Use the result from first search into second search to obtain correlated result from both searches

How do I create a search which takes a list of items as input and returns a table

Is there a best practice for counting distinct values over periods of time?

Connecting to a SQLServer DB using an Alisas

How do I prevent losing the nice formatting of fieldformat after adding xyseries to my stats search?

Automatic field extractions from a quoted string

Is there an example of how to run 2 different searches based on the selected drop-down value on the same panel?

Advise a rex for domain\username example windows\mathews

How to search how many documents were created, updated, or deleted for each OOID in my data?

Does specifying real-time earliest/latest values in the search bar work for anyone?

Regex Match Case on Multiple Conditions

How to search the total number of hits to URL's that do NOT include CategoryID?

What would be the regex to break events by the @ symbol in my data?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!