Splunk Search

Discussions

Thread Info

How to compare columns in a row

Hi I have a query that produces some output like this: ID server_a.1 server_a.2 server_b.1 se...

by Path Finder in

Indexer not searchable by Search head

I'm having a problem where I have 5 indexers and 1 search head. All 5 show up in the search peers under distributed s...

by Contributor in

Dashed line in timechart without advanced xml

I want to use a dashed line in my timechart. I know that this is possible with advenced XML. But is this also possibl...

by Path Finder in

Different Results From Similar Queries

Hi, I wonder whether someone may be able to help me please with something that I just don't understand. I'm using ...

by Motivator in

Conditional Transaction

Hi I'm looking to extract a specific subset of events in my Splunk data. _time=3:01 type=update user=user2 _tim...

by New Member in

How to remove additional results from search.

I have a search that is showing the data I want, but I want to isolate it to a specific team and not show all results...

by Engager in

Finding total number for OOID

Hi all, I currently have a search that I need a little tweaking to get something else that I want. So the curre...

by Communicator in

BEWARE: srchFilter usage may negate each other in certain situation.

If you are using deny (NOT) in your srchFilter be aware that inheritance of multiple roles with negative filters will...

by Champion in

help in calcuating the difference between two time stamps?

Hello Experts, I have the below two fields EML_REQUEST_TIME: 2016-01-19 15:44:00.749 +00:00 EML_RESPONSE_TIME: 20...

by Builder in

How to find where logs are coming from and where they are being monitored?

I am seeing logs in an instance of splunk, but i am unsure where the monitoring is set up. I checked my serverclass.c...

by Communicator in

Print rex result on search

First, i'm sorry for my bad english. Let me explain my problem. I have to do a search on splunk, and in the res...

by New Member in

regex global modifiers

Hi, I trying to execute regex in search command with g (global) m (multi-line) s (single-line). the regular way (?...

by New Member in

Global Environment Vars Shared Between Scripts?

Hello. Is there a way to set a global environment variable in Splunk so that it can be shared and used multiple times...

by Communicator in

Regexing multiple values

Hello everyone, I've been banging my head on this one. I'm sure it involves 'rex' which I'm not so familiar with. ...

by New Member in

Extracting numbers between words

Say I have this data: c.i.m This is just a sample 23456 Yes it is true. My question is how do I extract 23456 a...

by Explorer in

converting to an epoch date format using strptime

I’m trying to extract the date and time from the Winevent log when an unexpected shutdown has occurred(EventCode=6008...

by Engager in

best way to automatically rename fields that have been generically named

Let's say you've got a custom application log that has a lot of sensibly named fields. But in addition to the sensibl...

by SplunkTrust in

how to preserve iplocation data

The database used by iplocation is updated usually with each new version of Splunk. What is the best solution to pres...

by Contributor in

How can i extract a field from my custom search command through a conf file ?

Hello splunkers, I've got PEM encoded value from SSL certificates that are already indexed. I've made a python custom...

by New Member in

How to store a single value search result in some variable in a Splunk HTML page to display in a javascript alert popup?

Hi, I have a dashboard in html code with one search query which provides the result in Single Numeric Value. Is...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to compare columns in a row

Indexer not searchable by Search head

Dashed line in timechart without advanced xml

Different Results From Similar Queries

Conditional Transaction

How to remove additional results from search.

Finding total number for OOID

BEWARE: srchFilter usage may negate each other in certain situation.

help in calcuating the difference between two time stamps?

How to find where logs are coming from and where they are being monitored?

Print rex result on search

regex global modifiers

Global Environment Vars Shared Between Scripts?

Regexing multiple values

Extracting numbers between words

converting to an epoch date format using strptime

best way to automatically rename fields that have been generically named

how to preserve iplocation data

How can i extract a field from my custom search command through a conf file ?

How to store a single value search result in some variable in a Splunk HTML page to display in a javascript alert popup?

There's No Place Like Chrome and the Splunk Platform

The Great Resilience Quest: 5th Leaderboard Update

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

what are the benefits vs drawback in :: and =

Excluding either the start or end of a transaction...

How to extract Json Object Property to Create Tabl...

Using comparison function within mstats

Search to match high temp events, but ignore speci...