Splunk Search

Discussions

Thread Info

Monitor file names with regex - is it a best practice?

I am looking for best practice to monitor a bunch of files - whose names i dont know. For example, my report director...

by Path Finder in

how to use lookups to compare a csv against indexed DNS data

I am ingesting DNS records into my splunk system. I want to compare these events again a list of Dynamic DNS domains....

by New Member in

How to create a timechart of the percentage of users whose download times were above average for a period of time?

Hi fellow Splunkers I am trying to calculate a percentage of users whose download times were above average and cre...

by Path Finder in

No result found when search it by Fast mode or Smart mode

We run transforming search like [index=myIndex earliest="08/26/2014:00:00:00" latest="08/27/2014:00:00:00" myField =...

by Explorer in

DB Connect 1.1.4: Why am I getting error "The login is from an untrusted domain and cannot be used with Windows authentication." trying to connect to MS SQL?

We are trying to set up a connection to MSSQL database with dbconnect version 1.1.4 . See this error when we try t...

by Path Finder in

Why is my search not returning results for the latest events per index?

Hi, I have 3 indexes that get updated with the same date. They are all a snapshot of pre production config data t...

by Engager in

Splunk DB Connect setup help

Hello, Just downloaded & installed v6 onto my Win7 computer. Have then installed Splunk DB Connect, trying to set ...

by Explorer in

How to parse the payload inside a csv log to run a stats count search on the extracted fields?

Hi, What would be the simplest way of parsing the following logs so I can search what is inside the {} field: "...

by Path Finder in

lookup in the event

Hi, If my event does not contain the user field, and i need to have the automatic lookup for the user info based on t...

by Path Finder in

Why does putting in a wildcard for Sourcetype in the "Apply to" menu not work when adding a new automatic lookup?

Hi, When I add a new automatic lookup, if I put * at the Apply to: Sourcetype, it does not work, but if i put the...

by Path Finder in

How to search the top 5 distinct users per day in the last 7 days?

Hello Everyone I'm a new user. I would like to search the top 5 user logfail distinct by day in the last 7 days. I w...

by New Member in

Why am I still seeing multiple entries in my results from a lookup table that should have been filtered out by another lookup?

Hello Splunkers, I have what I think should be an easy question, but I'm not able to make it happen. I have two lo...

by Contributor in

Why is Splunk DB Connect changing the table output of my query?

Hello, I found a strange behavior with my mySQL Server. I try to do this query: select t.change_time, t.cre...

by Contributor in

Example of props.conf and breaking line after or Transaction command

Hello, I wish to create a new sourcetype in props.conf that uses the linebreak properties such as : SHOULD_LINEMERGE ...

by Builder in

Splunk rules and their way how it is configured

Hi , We are using Splunk 6.1.1 Ver .I would like to know few Information from Splunk. Their are alerts configur...

by New Member in

Search first 10 results by sourcetype

Hello I have question regarding limiting the number of events on search to reduce the search time. Currently, I'm ...

by Path Finder in

Python SDK real time search results in web page

Is it possible to display results in a web page using a python script? It is easy to dispatch a search and display th...

by Builder in

Date not parsed if the hour is 24

Splunk doesn't parse the date in the beginning of an event, when it has a hour of 24 (JODA time), like in 03.02.2015 ...

by Explorer in

rex expression that match pathname of variable lenght

Hi all, quick question: How I can match with rex or regex a regular expression that match all of this field? [/h...

by Communicator in

How to convert epoch to local time?

Hi! I have log entries with a timestamp embedded for expiration inside the log event. What's the best way to c...

by Contributor in

How to write the regex and break and extract a field to get the required data?

I need to create a report of failed services. From the logs, I get the data in the below mentioned format: ******...

by Contributor in

How to search and filter based on fields created by stats?

Howdy, I have a stats search that returns values from fields in different events such as OS Devicetype etc. This inf...

by Explorer in

A particular search result is not showing up in | stats count output. Very wierd.

Hello, Here is my search: index=app_win source=service State=Stopped StartMode (Auto OR Manual) Name (*IBM* ...

by Communicator in

Unknown search command 'gauge'.

Hi Guys, i am new to SPLUNK. when i search a query with non admin user i am getting below error, Unknown sea...

by Explorer in

Sum a series of values based on the distinctness of another column

i think its easier to ask my question by showing you some of the data I'm working with: Mon Feb 23 16:35:07 2015 ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Monitor file names with regex - is it a best practice?

how to use lookups to compare a csv against indexed DNS data

How to create a timechart of the percentage of users whose download times were above average for a period of time?

No result found when search it by Fast mode or Smart mode

DB Connect 1.1.4: Why am I getting error "The login is from an untrusted domain and cannot be used with Windows authentication." trying to connect to MS SQL?

Why is my search not returning results for the latest events per index?

Splunk DB Connect setup help

How to parse the payload inside a csv log to run a stats count search on the extracted fields?

lookup in the event

Why does putting in a wildcard for Sourcetype in the "Apply to" menu not work when adding a new automatic lookup?

How to search the top 5 distinct users per day in the last 7 days?

Why am I still seeing multiple entries in my results from a lookup table that should have been filtered out by another lookup?

Why is Splunk DB Connect changing the table output of my query?

Example of props.conf and breaking line after or Transaction command

Splunk rules and their way how it is configured

Search first 10 results by sourcetype

Python SDK real time search results in web page

Date not parsed if the hour is 24

rex expression that match pathname of variable lenght

How to convert epoch to local time?

How to write the regex and break and extract a field to get the required data?

How to search and filter based on fields created by stats?

A particular search result is not showing up in | stats count output. Very wierd.

Unknown search command 'gauge'.

Sum a series of values based on the distinctness of another column

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

From Alert to Resolution: How Splunk Observability Helps SREs Navigate Critical ...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions