Splunk Search

Discussions

Thread Info

Splunk DB Connect: Why am I unable to index data from a Postgres database?

I am trying to index data from a Postgres database using DB Connect 1. I am able to make a connection to the database...

by Communicator in

How to subtract a static number (e.g.. minutes, hours, seconds) from a timestamp?

Hello, I have a timestamp formatted as 2015-10-14T10:04:47.962Z and I'd like to add or subtract a fixed number of...

by Path Finder in

Why am I unable to change this datetime string to a time formatted field?

I have a date timestamp coming in as a string in this format ‎2015‎-‎10‎-‎07T19:49:34.676416100Z With Regex, I get...

by Communicator in

Is Maxmind GeoIP 2 compatible with Splunk?

Is Maxmind GeoIP 2 compatible with Splunk? Does anyone use any of their other products integrated in Splunk, and how ...

by Path Finder in

How to write a search to find the count and group linkdown traps based on interface?

Dear All, I am new to Splunk and got a request to create dashboard on Splunk. Criteria is to collect/group linkdow...

by Explorer in

Comparing Today's & Yesterday's data, why is it showing the same date for both sets of data when we hover over the graph?

I have tried to show the data comparison of yesterday with today. It shows correctly, but the date it shows when we h...

by Communicator in

How to edit my search to chart counts and a calculated count, order the bars, apply better labels, and graph values over time?

I've found a way to chart event counts by eventtype, plus a calculated total of implied events. However, it's a littl...

by Engager in

Why is my timechart overlay axis (second Y axis) not accepting settings correctly?

Hi. On my timechart, I have defined an overlay in the "Chart Overlay" tab of the settings. View as Axis = On ...

by Motivator in

using UTF-8 files for CSV lookup

I need to use a .CSV file for a lookup which has accented characters in the field values If I save the file in ANS...

by Path Finder in

How do I edit my search to group FieldB values by FieldA?

My input table is like this Ticket No Tower Status 1 Backup Resolved 2 Storage WIP 3 ...

by Explorer in

Why does my timechart lose data with real-time search? (all data is present and correct on "Last x minutes/hours" type search)

Hi, I have a timechart which appends three types of data into one chart in this way: eventtype=x sourcetype=x ...

by Communicator in

I need to retrieve results for the last 30 days, but why is my search only returning results for the last 3 days?

I have this search: index=os sourcetype=ps host=rtl*pxiw01* (DataFlowEngine AND *Inbound) earliest=-30d | multikv...

by Engager in

Why am I getting error "can't find xxx.csv" using a oneshot search and lookup via Python?

Hello all, I am trying to run a oneshot search in Python that contains a lookup function of a .csv. I can run any ...

by Engager in

Splunk DB Connect with Microsoft SQL Database: Why do I keep getting error "Connection refused"?

I realize this question has already been posted, but none of the answers have helped me. I have followed this documen...

by Explorer in

How to configure props and transforms.conf to only index a few fields and ignore the other fields?

I tried all the possible things in Splunk, but couldn't index only some part of the file. For example: 2015/11/...

by Path Finder in

Using inputlookup on a CSV file in searches, why do results only get displayed in the Statistics and Visualization tabs, not the Events tab?

I have an excel file (CSV), which I add as a lookup and do searches using inputlookup. The search results only gets d...

by Explorer in

How to get a variable from first search and pass to subsearch?

There are 2 kinds of log: one is error log the other is access log. In error log, there is a field requestUrl. val...

by Explorer in

How do I list valid sids for a loadjob command programmatically/by subsearch?

| loadjob <sid> savedsearch="admin:search:test2" sids looks like the epoch time of the job start time. How do I l...

by Contributor in

How do I deal with Linux auth.log "Last Message Repeated" log lines when trying to get a count of identical events over a time period.

I'm trying to read in some logs on a Solaris system to check for users failing a login N times over Y seconds. Curren...

by Path Finder in

How to get the count of a field WITH values and the count of the same field WITHOUT values in the same search using Hunk?

I'm trying to count the number of occurrences of a field WITH values and the number of the same field WITHOUT values ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Splunk DB Connect: Why am I unable to index data from a Postgres database?

How to subtract a static number (e.g.. minutes, hours, seconds) from a timestamp?

Why am I unable to change this datetime string to a time formatted field?

Is Maxmind GeoIP 2 compatible with Splunk?

How to write a search to find the count and group linkdown traps based on interface?

Comparing Today's & Yesterday's data, why is it showing the same date for both sets of data when we hover over the graph?

How to edit my search to chart counts and a calculated count, order the bars, apply better labels, and graph values over time?

Why is my timechart overlay axis (second Y axis) not accepting settings correctly?

using UTF-8 files for CSV lookup

How do I edit my search to group FieldB values by FieldA?

Why does my timechart lose data with real-time search? (all data is present and correct on "Last x minutes/hours" type search)

I need to retrieve results for the last 30 days, but why is my search only returning results for the last 3 days?

Why am I getting error "can't find xxx.csv" using a oneshot search and lookup via Python?

Splunk DB Connect with Microsoft SQL Database: Why do I keep getting error "Connection refused"?

How to configure props and transforms.conf to only index a few fields and ignore the other fields?

Using inputlookup on a CSV file in searches, why do results only get displayed in the Statistics and Visualization tabs, not the Events tab?

How to get a variable from first search and pass to subsearch?

How do I list valid sids for a loadjob command programmatically/by subsearch?

How do I deal with Linux auth.log "Last Message Repeated" log lines when trying to get a count of identical events over a time period.

How to get the count of a field WITH values and the count of the same field WITHOUT values in the same search using Hunk?

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...