Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
sideview

Can my dashboard pick from a set of predetermined timechart spans depending on the user's timerange length?

First, the answer here may be to simply not use span=1h at all, but rather to use bins=500 or some similar number in...
by SplunkTrust SplunkTrust in Splunk Search 12-01-2014
1 2
1
2
bruceclarke

Splunk DB Connect: How to get dbquery to respect time range picker?

All, I'd like to do something like the following | dbquery MyDatabase "SELECT * FROM myTable WHERE timestamp > '$ea...
by bruceclarke Contributor in Splunk Search 12-01-2014
3 1
3
1
prabhu_kar

Calculation based on field matching counts of a value

We have a CSV fields set defined (shortening it here), Txn,Destination,Status test1,NY,Pass test2,NY,Pass test2,NY,...
by prabhu_kar New Member in Splunk Search 12-01-2014
0 6
0
6
ITCrowd

Getting eval error "Typechecking failed, '-' only takes numbers." How to convert Zulu time format to Epoch using strptime?

(index=unix) (sourcetype="web") | eval Time.atFirewall=DateOutbound-DateInbound | eval Time.atDataCentre=strptime(ind...
by ITCrowd Engager in Splunk Search 12-01-2014
0 2
0
2
jwf

How to group by and find stats on every X number of events instead of time or bins?

Hello. I want to get a statistic for values of every X number of non-overlapping events. For example, for events wit...
by jwf New Member in Splunk Search 12-01-2014
0 1
0
1
lukasz92

Round problem

When I enter this query: index=_internal | head 100 | eval time1=round(_time,0) | eval time2=round(_time,-3) | eval ...
by lukasz92 Communicator in Splunk Search 12-01-2014
0 7
0
7
lewix

How to extract pipe separated subfields from a field?

Hi, I have a index with a field named PARAMS. This field has a content valued by subfields pipe separated. Example: ...
by lewix New Member in Splunk Search 12-01-2014
0 3
0
3
melonman

What is the effect of maxresultrows for [stats] in limits.conf?

Hi, My understanding about the configuration parameter "maxresultrows" for [stats] is for limiting the number of sta...
by melonman Motivator in Splunk Search 11-30-2014
1 2
1
2
masato_wang

How can I run an on-demand scan?

How can I run an on-demand scan?
by masato_wang Explorer in Splunk Search 11-30-2014
1 1
1
1
Lucas_K

Counting events only once using different fields in specific orders.

A potentially simple question that i'm just missing the obvious answer to  Say for example we have the following ev...
by Lucas_K Motivator in Splunk Search 11-30-2014
0 4
0
4
marina_rovira

How can I get the flieds of two logs by joining them?

Hi people, I have a doubt. I've two logs with their own fields. One of them is ldap-pre.log, that has this fields: IP...
by marina_rovira Contributor in Splunk Search 11-30-2014
0 1
0
1
binojmn

Finding ip which are not exists in second index

Hi All, I am new to Splunk and need some help. I have 2 index, and in both index there is a field "ip", How can I f...
by binojmn New Member in Splunk Search 11-29-2014
0 1
0
1
rodrigorenie

How can I rename column names after a transpose based on a field?

Hello Everyone. I have a search that uses streamstat to create a field called "answer" and "frequency" for each resu...
by rodrigorenie Explorer in Splunk Search 11-28-2014
0 2
0
2
splunkn

How to exract regex to my field

I am having events like below, E.g. 1 Nov 7 10:18:49 111.222.333.444 Success user=abc userid=123 account=xyz E.g...
by splunkn Communicator in Splunk Search 11-28-2014
0 4
0
4
crt89

Align results with time differences

Good day Splunkers, I'm having a problem with my search, well this is what I am trying to achieved. I have 2 source...
by crt89 Communicator in Splunk Search 11-27-2014
1 2
1
2
snabi

Calculate avg task duration

Thanks in advance... - My server log contains the following xxxxxxxx|xx -> Finished embeding fallback task 00:01:00...
by snabi Explorer in Splunk Search 11-27-2014
0 6
0
6
dpadams

Example of doing an external lookup using HTTP GET or POST?

I've been looking at Splunk's external lookup features and they sound ideal for several of my logs. For example, I've...
by dpadams Communicator in Splunk Search 11-27-2014
2 8
2
8
zaphod1984

timechart: fill values in empty slots

Assuming I have the following log entries 2014-11-01 foo=bar 2014-11-02 foo=bax With the search | timechart span=1d...
by zaphod1984 Path Finder in Splunk Search 11-27-2014
0 6
0
6
manus

Search Performance: Does filtering on sourcetype, source or host make a search more efficient?

My understanding is that filtering on index is necessary. Sometimes it works without, but sometimes it doesn't and I ...
by manus Communicator in Splunk Search 11-27-2014
2 8
2
8
marco_sulla

populatingSearch vs search?

What's the difference between <populatingSearch fieldForValue="user" fieldForLabel="user"> <![CDATA[QUERY]]> </...
by marco_sulla Path Finder in Splunk Search 11-27-2014
0 1
0
1
HeinzWaescher

How to set up an automatic lookup where a predefined value is used when there is no match in the lookup?

Hi, I would like to set up an automatic lookup, where a predefined value is used when there is no match in the looku...
by HeinzWaescher Motivator in Splunk Search 11-27-2014
0 3
0
3
splunkn

How to use transaction command

Im very new to splunk. Could anyone please help me with the following issue? I am in need to collect the details abo...
by splunkn Communicator in Splunk Search 11-27-2014
0 3
0
3
mchang_splunk

Splunk 轉發到 Syslog 的事件, 長度被限制在 1024 bytes

透過Splunk 將已經索引的事件轉發到syslog時,超過1024 bytes的部分會被截斷 請問有何方法解決? 目前使用的版本是 6.1.2 original answer: https://answers.splunk.co...
by mchang_splunk Splunk Employee Splunk Employee in Splunk Search 11-26-2014
0 1
0
1
nishan_perera

How to get a specific country,state geoip results and ignore everything else

Hi im running the following query, host="x.x.x.x" XXXXXX | iplocation c_ip |geostats count by City I want to get...
by nishan_perera Explorer in Splunk Search 11-26-2014
0 1
0
1
KindaWorking

Create a field and then make a graph based on the different inputs to that field over time.

I am very new to both regex and splunk... If I have a particular field in the middle of a bunch of data. How do I mak...
by KindaWorking Path Finder in Splunk Search 11-26-2014
0 2
0
2
Top Labels
Get Updates on the Splunk Community!

Data Management Digest – December 2025

Welcome to the December edition of Data Management Digest! As we continue our journey of data innovation, the ...

Index This | What is broken 80% of the time by February?

December 2025 Edition   Hayyy Splunk Education Enthusiasts and the Eternally Curious!    We’re back with this ...

Unlock Faster Time-to-Value on Edge and Ingest Processor with New SPL2 Pipeline ...

Hello Splunk Community,   We're thrilled to share an exciting update that will help you manage your data more ...