Splunk Search

Discussions

Thread Info

How to run subsearches on individual values of a field from a primary search?

I have a primary search that finds all the events that indicate a failure of a process and presents a list of unique ...

by Path Finder in

Why query works in my own app, but not Search and Reporting app?

Hi, I am having trouble with a query. It works in my own app, which I created with the Splunk -> Manage Apps, new ...

by Path Finder in

Max of Distinct Count

I am trying to get a distinct count of two concatenated numbers and then get the max of that distinct count over a ti...

by Explorer in

How to split time equally in bar chart

index=main sourcetype=myTest host="hello1234" getUserDetail | rex "(?im)^(?:[^:]*:){4}\s(?P<TIMESTAMP>(?P<Date>[^T]*)...

by Path Finder in

How to create overlay chart in Splunk 6.0 with 2 y-axes?

How to create an overlay chart in 6.0 with 2 y axis where bar graph refering to one axis and line graph refering to s...

by Explorer in

Searching indexes by Deployment Client Name

In a network with up to 150 deployment clients (all UF), is there a way to search indexes for all data from a particu...

by Builder in

Field Extraction from space-aligned fields in multi-line events

From events of the form: Filesystem Type Size Used Avail UsePct ...

by Motivator in

Need help with Lookup and Auto Lookup

I do have a solution to get guest logged into our network. This gives nice logs that I get into Splunk. My goal is to...

by Builder in

EVAL, EXTRACT in props.conf not working when using field names with special characters

Hi, I try to add some EVAL and EXTRACT to the props.conf of same windows events with german localisation. Because ...

by Path Finder in

Real-time charts - Query once, view many?

Hi all, We have a splunk setup where we are investigating a way of having a shared streaming dashboard that can be...

by Communicator in

Filtering events with inputlookup not working

Hello, Here is an example of my csv - first three lines: sourceHost web-a01 a02 I have given the lookup glob...

by Path Finder in

How can I do a timechart of sum(val) where events have start/end times?

I'm hoping that this is easy for someone with more Splunk-Fu than my meager amount. The indexed data looks like th...

by Path Finder in

time range selection not working on CLI

I'm trying: splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00 and i'm not getting r...

by New Member in

Wildcards and Regex(s) in Windows OS (UF) Monitor Paths (inputs.conf)?

Without any examples of Windows UF Monitor Paths (Universal Forwarder), it's pretty tough to figure out just what wor...

by Splunk Employee in

Table visualisation of events with extra metadata fields

I'm currently trying to get a dashboard to show a simple overview table of 4 or 5 keys fields. Then instead of using ...

by Path Finder in

Transaction with field from a lookup

Hi, I'm trying to correlate events from 2 different sourcetypes. The “correlation field” is the user email address...

by New Member in

How do i get top services and put it in chart??

Hello, I need to get the top 25 services from the requesting system and have to put it in a chart with the SUCCESS...

by Explorer in

calculate duration between multiple events from same session

I am dealing with log files which are structured as follows TimeStamp=1 SessionHandle=1 SessionEvent=A TimeStamp=2 Se...

by New Member in

Moving manual rex to props.conf and transforms.conf

Hi When I perform index=test_index, I can see the field name "actions" and "active_features" with one or more arra...

by Path Finder in

How to change the format of my data?

Hi, we have data that i am getting report using addcols to combine the data and using transpose to get the data in...

by Contributor in

Set variable Sourcetype based on Regex

Hi Guys, Quick question, i would like to set a sourcetype based on regex. Meaning, considering these events: CEF:0...

by Explorer in

Why don't my custom lookups work after upgrading to 4.1?

I recently upgrade a test system to Splunk 4.1, and my lookups are all giving me the following error: The loo...

by Super Champion in

visualization of discrete events

I'd like to visualize some continuous time series data like 'response time' while displaying discrete events, like a ...

by Explorer in

Splunk ES - Correlation search Vs normal saved search ?

Splunk ES - What does correlation search do much than a savedsearch in this app ? [I see the Correlation search...

by Motivator in

Problems exporting a BGP Status to a field

Hi all, i have a problem exporting a BGP event to a field. Events: %BGP-5-ADJCHANGE: neighbor $IPv6-IP$ Up %...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to run subsearches on individual values of a field from a primary search?

Why query works in my own app, but not Search and Reporting app?

Max of Distinct Count

How to split time equally in bar chart

How to create overlay chart in Splunk 6.0 with 2 y-axes?

Searching indexes by Deployment Client Name

Field Extraction from space-aligned fields in multi-line events

Need help with Lookup and Auto Lookup

EVAL, EXTRACT in props.conf not working when using field names with special characters

Real-time charts - Query once, view many?

Filtering events with inputlookup not working

How can I do a timechart of sum(val) where events have start/end times?

time range selection not working on CLI

Wildcards and Regex(s) in Windows OS (UF) Monitor Paths (inputs.conf)?

Table visualisation of events with extra metadata fields

Transaction with field from a lookup

How do i get top services and put it in chart??

calculate duration between multiple events from same session

Moving manual rex to props.conf and transforms.conf

How to change the format of my data?

Set variable Sourcetype based on Regex

Why don't my custom lookups work after upgrading to 4.1?

visualization of discrete events

Splunk ES - Correlation search Vs normal saved search ?

Problems exporting a BGP Status to a field

Splunk App for Anomaly Detection End of Life Announcment

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions