Splunk Search

Discussions

Thread Info

comparing values returned by two separate searches

I have two searches. One search returns a field (using stats count) representing the number of users logging into a w...

by Contributor in

Filter syntax options in serverclass.conf

Is it possible to use regular expressions for the whitelist/blacklist filters in serverclass.conf? For example: wh...

by Path Finder in

forwarding - where to define the field extraction : on sender or receiver?

On splunkA I am monitoring an xml log file. It is forwarded to SplunkB in a separate index. Where should I define the...

by Contributor in

Highlighting a field in the events output

I have a search that is looking pipes through a rex. rex fields=_raw "\D(?<big_num>\d{15,16})\D" I want the UI...

by Engager in

Remote and Local CLI search only returns 100 events

Here's my CLI search: SPLUNK_URI=https://splunk_search_head:8089 /opt/splunk/bin/splunk search '|savedsearch "m...

by Path Finder in

Transform, but only when matching this RE

I get lots of data from various systems via syslog. One of my systems sends me data that looks like this HEADERTEX...

by Path Finder in

Queries are timing out

Hi We have a few charts that display summary-indexed data. The charts take a couple of form inputs including _tim...

by Path Finder in

Concurrency count

(Love this forum. Didn't even know about the concurrency command before this morning.  My search: SYSCODE=ezLM...

by Influencer in

map not working with zero value data?

There is probably a better way to do this, but I am trying to catalog what rules are (and are not) used using the fir...

by Communicator in

Year to date splunk license bandwidth usage

I am currently running a search for license bandwidth : index=_internal source=*metrics.log group=per_index_thrupu...

by Explorer in

Error with regex for syslog event

Running splunk on windows2003. I am getting the events but it seems my regex is not working right on the event. S...

by New Member in

Conditional for Sub Search

Hello, I have a search that looks for a particular set of data. if the data comes from a particular source address...

by Communicator in

How to tell splunk to stop searching after a text is found

Hello, I have a log file with a very long record (about 255 chars) and I would like to know if and how is it possible...

by Communicator in

Search for users in a log from a specific Active Directory OU

Hello, I am asking a lot of questions today (obviously new to Splunk and in implementation...). We do NOT use A...

by Communicator in

Separating merged events

I'm trying to develop a regex to separate merged events from a log. Here's my stanza in props.conf: [source=c:\tem...

by Communicator in

Search to verify bundle delivered

Is there a search to check bundles delivered from search head to peers?

by Splunk Employee in

searching for specific errors

For starters this app is amazing. I am trying to search a ton of log files for a certain error and its definitely doi...

by New Member in

SQL type LEFT JOIN.

Below are the two files tcodesNew.csv paste.plurk.com/show/284992 chlogNew.csv paste.plurk.com/show/284990 I am tr...

by New Member in

Splunk Lookups - Data Enrichment

Unfortunately our proxy data does not have user information. However I do have access to AV data that is able to map ...

by Explorer in

Time interval for searches

I have a best practice time question for veteran Splunkers out there. Right now I have a a failed login search that r...

by Communicator in

Splunk Search

Discussions

comparing values returned by two separate searches

Filter syntax options in serverclass.conf

forwarding - where to define the field extraction : on sender or receiver?

Highlighting a field in the events output

Remote and Local CLI search only returns 100 events

Transform, but only when matching this RE

Queries are timing out

Concurrency count

map not working with zero value data?

Year to date splunk license bandwidth usage

Error with regex for syslog event

Conditional for Sub Search

How to tell splunk to stop searching after a text is found

Search for users in a log from a specific Active Directory OU

Separating merged events

Search to verify bundle delivered

searching for specific errors

SQL type LEFT JOIN.

Splunk Lookups - Data Enrichment

Time interval for searches

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Help with Dashboarding

How do I implement multiple rename commands based ...

How do I get Spunk to parse the events returned by...

How to search for last 6 months for event indexed ...

How to insert Bar Graph Chart with patterns?

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >