Splunk Search

Community Activity

Search Heads complain about " Archiver - Archiving large_file". Should I have mounted bundles in search head clustering or not? Just moved to a new 6.2.2 Search Head Cluster (SHC) from a Search Head Pool (SHP) which had mounted bundles enabled. ... by ckurtz Path Finder in Splunk Search 03-20-2015 0 1	0	1
How to correlate events from two sourcetypes where the correlation field from SourcetypeA is multivalued and SourcetypeB is a single value? I have two different network sensors - Sensor A and Sensor B. Each has their own event format that I aggregate in Sp... by IngloriousSplun Communicator in Splunk Search 03-20-2015 2 10	2	10
How to use TimePicker on CSV Hi, I have a csv file as shown below: DATE VALUE 1-Jan 2 02-Jan 3 04-Jan 5 05-Jan ... by harshal_chakran Builder in Splunk Search 03-20-2015 0 2	0	2
What is the most efficient way to search for the top users hitting our servers? Hey everyone, We currently have a query that tracks the top 100 users hitting our server in the past 24hrs. It looks... by rlough Path Finder in Splunk Search 03-20-2015 0 4	0	4
How to create a dashboard when required fields are not present in the event logs? I have a source="/opt/www/logs i need the fields jobTitle, orgName, orgSegment, parentOrgname, and userType Can any... by moiezuddin Explorer in Splunk Search 03-20-2015 0 2	0	2
Why am I not seeing any fields extracted with my REGEX in transforms.conf? At the risk of once again displaying my ignorance... I added this transform regex to transforms.conf: [myformat] REG... by reedmohn Communicator in Splunk Search 03-20-2015 0 14	0	14
How to change the color of the bars in a pivot bar chart depending on the y-axis value? Hi Guys, I am working with pivot in splunk and what I want from the pivot (bar chart) is to display bars in differen... by vinodmadaan Path Finder in Splunk Search 03-20-2015 0 3	0	3
How to extract a multivalue field into separate fields? I'm using the following regex to extract name from data: .. \| rex "@name='(?P<Name>[^']+)" max_match=0 This works ... by bibc Explorer in Splunk Search 03-20-2015 1 5	1	5
If I have a python variable with some value, how do I pass that value to a Splunk search? I am new to Splunk so just want to know that if I have a python variable with some value, can I pass that value in a ... by ektasiwani Communicator in Splunk Search 03-19-2015 0 3	0	3
How to create a new field after using the chart command Hi Ninjas, I have a search which produces a bar chart comparing four different fields week over week: index=foo con... by lukeh Contributor in Splunk Search 03-19-2015 2 2	2	2
Unable to mask data using regex expression in XML logfile I need to mask WILLIAM as seen below: 2015-03-18 10:04:37,453 [WebContainer : 1] INFO com.farmers.ffq.saq.service.S... by mookiie2005 Communicator in Splunk Search 03-19-2015 0 3	0	3
Can you restrict search strings being sent to search peers? We have a situation where our organization hosts 2 separate Splunk instances, each containing different indexes and e... by ianshefferman Explorer in Splunk Search 03-19-2015 0 1	0	1
Is there a better way to write my search currently using boolean OR operators to make it shorter or more efficient? I have the following search with OR operators index=index1 host=host1 elementType=ET measInfoId=117440551 OR measIn... by HattrickNZ Motivator in Splunk Search 03-19-2015 0 3	0	3
Why are my searches not returning any events unless I use a wildcard? Have source from cisco:asa with a field value of user. The following search(s) will return all values for user: (Th... by rgoody New Member in Splunk Search 03-19-2015 0 10	0	10
Can a stats search use if/else functions or something similar? I am counting the occurrence of uniq keys in the log file and need to do the following count: <...>key1<....> <...>k... by jgcsco Path Finder in Splunk Search 03-19-2015 1 2	1	2
How to specify ip range or network for ipv4 random generation with eventgen ? Hello, I'm trying to generate sample logs with eventgen in my eventgen.conf, I'm using token.1.token = ipsrc token.... by matthieu_araman Communicator in Splunk Search 03-19-2015 0 1	0	1
Search on this Key Value pair to display PricingInfo / PricingCount How can i search on this Key Value pair to display PricingInfo / PriceCount An example log entry may look like the b... by smudge797 Path Finder in Splunk Search 03-19-2015 0 6	0	6
Show the average per 4 seconds on a timechart with "count by" I have an timechart (over 1 hour) with "count by STATUS" and i changed the span of the timechart to 4s, since Splunk ... by hofer Explorer in Splunk Search 03-19-2015 0 1	0	1
How can I search the Splunk internal field _cd to return certain events? How do I return events from searching the Splunk internal field _cd? For example, the following are the _cd values. ... by badadata1 Explorer in Splunk Search 03-19-2015 0 4	0	4
By intersect, I am getting a list of hosts, but how can I use that list to get the count of errors per host? Hi, By using intersect i got the list of hosts. now i want to to get the list of errors in those host. how can i ach... by kartik13 Communicator in Splunk Search 03-19-2015 0 2	0	2
Chart of multiple field values in one line I'd like to make a chart on how many times a state-text occurs. The thing is, there can be more than one state-text i... by hofer Explorer in Splunk Search 03-19-2015 0 2	0	2
How to write the REGEX to extract and add new fields to existing search results? I have a search: source="/opt/www/logs/nbcucentral/nbcucentral.log"\| rex "(?P\w+.\w+@\w+.\w+)" \| rex "details (?P\w+... by moiezuddin Explorer in Splunk Search 03-19-2015 0 8	0	8
How to Declare a Variable in Search? I have a query which returns back response times that are greater than 5 seconds.. I then set an alert to email me wh... by skoelpin SplunkTrust in Splunk Search 03-18-2015 0 4	0	4
Why am I getting "No Results Found" when searching for tag I set on a field created with eval or inline field extraction? So I have the search: index=testIndex1 \| eval newField=userName+age I look through the results, set the newField... by asdfasdf12321 Explorer in Splunk Search 03-18-2015 1 4	1	4
Why am I seeing poor search performance for simple searches and high CPU on one core? Splunk deployment -adhoc query have been slow for the past months. 1- We upgraded our system from 2 core to 12 core... by sat94541 Communicator in Splunk Search 03-18-2015 2 3	2	3

Get Updates on the Splunk Community!

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

Thursday, July 9, 2026 | 11:00AM–12:00PM PDT Duration: 1 hour (includes Q&A) Managing can feel like a ...

Splunk Search

Search Heads complain about " Archiver - Archiving large_file". Should I have mounted bundles in search head clustering or not?

How to correlate events from two sourcetypes where the correlation field from SourcetypeA is multivalued and SourcetypeB is a single value?

How to use TimePicker on CSV

What is the most efficient way to search for the top users hitting our servers?

How to create a dashboard when required fields are not present in the event logs?

Why am I not seeing any fields extracted with my REGEX in transforms.conf?

How to change the color of the bars in a pivot bar chart depending on the y-axis value?

How to extract a multivalue field into separate fields?

If I have a python variable with some value, how do I pass that value to a Splunk search?

How to create a new field after using the chart command

Unable to mask data using regex expression in XML logfile

Can you restrict search strings being sent to search peers?

Is there a better way to write my search currently using boolean OR operators to make it shorter or more efficient?

Why are my searches not returning any events unless I use a wildcard?

Can a stats search use if/else functions or something similar?

How to specify ip range or network for ipv4 random generation with eventgen ?

Search on this Key Value pair to display PricingInfo / PricingCount

Show the average per 4 seconds on a timechart with "count by"

How can I search the Splunk internal field _cd to return certain events?

By intersect, I am getting a list of hosts, but how can I use that list to get the count of errors per host?

Chart of multiple field values in one line

How to write the REGEX to extract and add new fields to existing search results?

How to Declare a Variable in Search?

Why am I getting "No Results Found" when searching for tag I set on a field created with eval or inline field extraction?

Why am I seeing poor search performance for simple searches and high CPU on one core?

Monitoring AI Agents with Splunk Observability Cloud

[Puzzles] Solve, Learn, Repeat: Tiling

SOK it to Me: Top 3 Benefits of Using Splunk Operator on Kubernetes that’ll Make ...

How to get an extract of threshold values set in s...

how to query OCI Audit logs from Datasafe

SPLUNK ES 8.2.3 Drill Down not appearing

Using Splunk to Analyze Web Traffic & Machine-Gene...

How can i export a list of all services in APM

Splunk Search

Join the Conversation