Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to use fields as tokens in scheduled report emails, but not in visualizations?

Dear experts, I defined the below mentioned pivot to generate a monthly report of the most frequently used URL pat...

by Explorer in

Why is MV_ADD=true extracting everything twice and producing duplicates in my search results?

My Event: Directory: /var/tmp/.X11-unix Mtime : 2015-01-06 06:26:36 +0000 | 2016-01-04 15:31:39 +0000 ...

by Communicator in

How to edit my search to add a third column to my table results if there are certain values in the first

I want to add a column "FinalType" in a statistical table, so when the EventType=ScoreLock and TxnType=Renewal, it sh...

by Communicator in

How can I increase the max number of searches on my dashboard in Splunk Enterprise?

I'm running Splunk Enterprise on my Windows machine and am facing an issue in loading my dashboard fully. The dashboa...

by Engager in

Why are we getting error "Server has invalid Kerberos principal" when running a search that triggers MapReduce?

With Hunk, we're getting an invalid Kerberos principal when we try to run a search that triggers MapReduce. The strea...

by Path Finder in

How to use dedup on a field, but aggregate all other values in another field?

I am running a search to identify all users and the URLs they have connected to. The result includes duplicate users,...

by New Member in

How do I filter my search to only display users that have appeared a minimum of 5 times?

Hi There, I have a field that identifies users, e.g. userID. I also have a field that is common in every log, e.g....

by New Member in

How to group and add the count for each value of a field?

I am currently trying to group together unique products, and have the username listed under each product, however, I ...

by Explorer in

Why is the Search and Reporting app Data Summary showing EARLIEST EVENT as 15 years ago?

Hello everyone I'm trying to track down the reason my Data Summary in the Search app is reporting BILLIONS of even...

by Builder in

Why am I unable to combine multivalue fields in my search?

HI, I have a search in which I am interested in three fields: index=my_computer sorucetype=asia_data message="N...

by Explorer in

How to calculate response time for my sample data?

172.22.220.15 - XXX@XXX.com [05/Jan/2016:01:19:36 -0600] "GET HTTPS://XXX.allianceweb2.XXXX.com/AERWEB/dwr/interface/...

by New Member in

How to get the count (Exceptions) for last 5 days in a single table?

This is my expected result: Exceptions Day1 Day2 Day3 Day4 Day5 Abc 5 4 3 1 0 Start ...

by Path Finder in

How to convert SID to Active Directory friendly name for an alert?

I'm new to Splunk and trying to configure an alert so when Windows Event ID 4760 occurs. I have the basic syntax crea...

by Engager in

How do I join two searches that both include rex field extractions?

Hi, I wonder whether someone may be able to help me please. I have the following two searches: index=main a...

by Motivator in

How to edit my search to show a line of an average over the last 30 days on a column graph?

Hi helpful people, I wish to display on a column graph an average line for my search. My current search is as foll...

by Path Finder in

How to search failed login attempts of a user in Siteminder smaccess.log and alert after the 3rd unsuccessful login attempt?

Need to develop a dashboard and a report for getting the the user information of who tried to log in and failed. Need...

by Path Finder in

How is search performance affected using tags vs host names?

Suppose I have the following list of hosts and sourcetypes hosts = h1, h2, ... h10sourcetypes = s1, s2, ... s10 ...

by Explorer in

How to search over a field when it's JSON and has many different top level fields? Stars in field names? Aliases or spath?

I have events that come in as JSON. That works fine, but I'm having trouble searching for a value in a field that has...

by Builder in

What is the best way to correlate events (from same source type) that share a common field value?

I am new to splunk so I don't know all the syntax or the most efficient way to construct searches. My goal is to c...

by Contributor in

How to extract and apply header information to every log line?

Hello Splunk Guru's, The file below contains a header of 7 lines followed by an undetermined number of log lines. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use fields as tokens in scheduled report emails, but not in visualizations?

Why is MV_ADD=true extracting everything twice and producing duplicates in my search results?

How to edit my search to add a third column to my table results if there are certain values in the first

How can I increase the max number of searches on my dashboard in Splunk Enterprise?

Why are we getting error "Server has invalid Kerberos principal" when running a search that triggers MapReduce?

How to use dedup on a field, but aggregate all other values in another field?

How do I filter my search to only display users that have appeared a minimum of 5 times?

How to group and add the count for each value of a field?

Why is the Search and Reporting app Data Summary showing EARLIEST EVENT as 15 years ago?

Why am I unable to combine multivalue fields in my search?

How to calculate response time for my sample data?

How to get the count (Exceptions) for last 5 days in a single table?

How to convert SID to Active Directory friendly name for an alert?

How do I join two searches that both include rex field extractions?

How to edit my search to show a line of an average over the last 30 days on a column graph?

How to search failed login attempts of a user in Siteminder smaccess.log and alert after the 3rd unsuccessful login attempt?

How is search performance affected using tags vs host names?

How to search over a field when it's JSON and has many different top level fields? Stars in field names? Aliases or spath?

What is the best way to correlate events (from same source type) that share a common field value?

How to extract and apply header information to every log line?

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month