Splunk Search

Ask a Question

Discussions

Thread Info

How to group events by host name and display the most recent "Message" field value from each group?

If I have fields such as: _time = timestamphost = the host nameMessage = either "up" or "down" How do I group b...

by Explorer in

How to get statistics on user log in duration

I have two types of logs in my files that record when a user logs in and logs out. They are of the form: Session <...

by Communicator in

transforms.conf extract part of sourcepath

Hello Splunkers! My eventdata places on folders: /folder1/subfolder1/123/log1.log /folder1/subfolder1/234/log2....

by Communicator in

How to search if a user in Log A also appears in Log B?

Hi community, propably a simple question, but I still hanging. I need a search over two logfiles, which shows me a...

by Path Finder in

Combine 2 searches that have a subsearch

I want to get all events related to dnis=27159866 I can perform this by getting all the events with a sessionid or pa...

by Explorer in

How to build a drop-down with a default automatic span for a timechart in a simple XML dashboard in Splunk 4.3.6?

I'm building a drop-down menu for picking the timechart span in simple dashboard. By default I'd like to have automat...

by Path Finder in

How to update a lookup table using REST API?

Hi all Hope someone can help me with this. I am building a custom application, which extracts data from a db an...

by Communicator in

Why search query works in Search app, but is not working in a dashboard?

Hi My search : index="abc" (source="tac.log" DebugLevelSrc=xxx "*ccc*") OR (source="crt.log" DebugLevelSrc=xx...

by Path Finder in

Setting fields from logs with different row values

Hello everybody, I have a question that might have been responded before but I have a log file from a server that ...

by Explorer in

Splunk SPL help...

I hope someone can point me in the right direction because I really need help. SPL transforms are anything but easy a...

by New Member in

SearchTemplate + RealTime search to SearchPostProcess

Hi. We are trying to create a dashboard in which all the panels use the same information about the current (real t...

by Engager in

Grouping similar

HI All, Im have a search and its working great for calculating averages based on the domain, the problem is that I...

by Path Finder in

Is there any way to set a higher default "bins=xxx" for timechart setting?

I know I can override the default bins=100 in any particular search. Is there any way to set something slightly highe...

by SplunkTrust in

Why is the conversion of duration from seconds to hours in a search automatically adding 18 hours to the value?

I'm looking to change the format of the useful duration tool from seconds to hours. I found out how to do this via so...

by Communicator in

Why is virtual index search showing no results found after installing Hunk?

Hello guys, I installed hunk and followed its tutorial. I have checked the HDFS location and it seems fine. Hadoop...

by Engager in

Why Splunk query returns values when run as separate search, but is not working as a subsearch?

My actual search sourcetype="xyz" Operation=q | eval msg=if(Status == "fail",[search sourcetype="xyz" Operation="p" ...

by New Member in

How Can I Save Three Count Searches Separated And Then Use Them Together Later?

I have some conditions for each search as follows: Search A index=users Channel=40 | eval Token = User."-".Cha...

by Contributor in

Match several sub-urls, regexp

I have a set of URLs in a log like so: url1:"POST /stuff/test/" url2: "GET /stuff/test-type?" url:3"POST /stuff/te...

by Path Finder in

Search query for permon counter

Hi All, we had configured splunk to get the perfmon counter data from server (every 5mins). The counter value gets...

by Contributor in

How to identify users (UID) that use program A, but have never used program B?

I've got users using 2 apps that I'm pulling from, and I'm looking at login reports. Given that the users have unique...

by Explorer in

piping events from a custom generating command into timechart results in irregular buckets when not using all-time

I have 26 days of events (Monday 9/15 through Friday 10/10) piped to a timechart span=7d. I'd like to have 3 bucke...

by Splunk Employee in

Is my regex or the Interactive Field Extractor regex more efficient? Is there a better option?

Comparing regex strings... Log format: Thu 08/07/2014, 6:41:59.97,USERA,TERM1,XXXX-YYYAPP65-5 Thu 08/07/2014, 6:...

by Path Finder in

Configure a time-based lookup for more than one field

In a lookup file, how can I configure more than one time-based fields (ex. start_date, update_date, expire_date)? ...

by Path Finder in

How would you go about extracting multiple fields from a single field?

I have an event with the field SRT and value as show below. SRT="0|0|NA1|FB1|FE2|FE0|FR1|IR2|FE3|FR1|IR3|FD1|ID21|...

by Builder in

Lookup command using a dynamic csv in a real-time search

Does this work? When my lookup table is updated every hour via a separate search, is my real-time search using that n...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to group events by host name and display the most recent "Message" field value from each group?

How to get statistics on user log in duration

transforms.conf extract part of sourcepath

How to search if a user in Log A also appears in Log B?

Combine 2 searches that have a subsearch

How to build a drop-down with a default automatic span for a timechart in a simple XML dashboard in Splunk 4.3.6?

How to update a lookup table using REST API?

Why search query works in Search app, but is not working in a dashboard?

Setting fields from logs with different row values

Splunk SPL help...

SearchTemplate + RealTime search to SearchPostProcess

Grouping similar

Is there any way to set a higher default "bins=xxx" for timechart setting?

Why is the conversion of duration from seconds to hours in a search automatically adding 18 hours to the value?

Why is virtual index search showing no results found after installing Hunk?

Why Splunk query returns values when run as separate search, but is not working as a subsearch?

How Can I Save Three Count Searches Separated And Then Use Them Together Later?

Match several sub-urls, regexp

Search query for permon counter

How to identify users (UID) that use program A, but have never used program B?

piping events from a custom generating command into timechart results in irregular buckets when not using all-time

Is my regex or the Interactive Field Extractor regex more efficient? Is there a better option?

Configure a time-based lookup for more than one field

How would you go about extracting multiple fields from a single field?

Lookup command using a dynamic csv in a real-time search

Fun with Regular Expression - multiples of nine

[Live Demo] Watch SOC transformation in action with the reimagined Splunk Enterprise ...

What’s New & Next in Splunk SOAR

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions