Splunk Search

Discussions

Thread Info

How do I search for a single specific event?

Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...

by Contributor in

I know the data is in the index, why didn't my scheduled search find all of the events?

I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search back...

by Splunk Employee in

suppressing adjacent events with duplicate field values

I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...

by Contributor in

Will having lots of extracted fields increase my index size?

I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...

by Splunk Employee in

How do I share all of the field extractions defined in a given app with all other apps?

I need to share all of the field extractions in my app with all of the other apps on the system. What is the most eff...

by Splunk Employee in

What is the format of the Sources.data file?

$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this:...

by Splunk Employee in

Feature Request: troubleshooting/debugging for field extraction config files

[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...

by Contributor in

how to filter only desired fields from fetched events?

In SQL-speak, "how to specify the columns in SELECT clause"? Normally, Splunk does the equivalent of SELECT *, which ...

by Splunk Employee in

Finalize action for searchscript?

I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operation...

by Splunk Employee in

how to tell if I have multiline events?

Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.

by Splunk Employee in

Splunk Search

Discussions

How do I search for a single specific event?

I know the data is in the index, why didn't my scheduled search find all of the events?

suppressing adjacent events with duplicate field values

Will having lots of extracted fields increase my index size?

How do I share all of the field extractions defined in a given app with all other apps?

What is the format of the Sources.data file?

Feature Request: troubleshooting/debugging for field extraction config files

how to filter only desired fields from fetched events?

Finalize action for searchscript?

how to tell if I have multiline events?

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >

Regex: Error using where/match and backslash chara...

Split trellis over two variables

Export value from the filed based on another log

Best way to make alert for each predicted value of...

Automated lookup using kvstore collection not work...

Splunk Search

Discussions

Don't miss your chance to share your Splunk wisdom in-person or virtually at .conf21!Call for Speakers hasbeen extended throughThursday, 5/20! Submit Now! >

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!

Submit Now! >