Splunk Search

Ask a Question

Discussions

Thread Info

"Unknown country" returned by iplocation? bug?

iplocation bug? "UNKNOWN COUNTRY" is returned for ip addresses that actually have a known country? USA 208.65.4...

by Path Finder in

Different values of parameters

Hi, I have below variations of uri patterns for a particular functionality. i want to list out query string parame...

by Contributor in

Search to Pull Values from START log

I have a search that monitor's failed PO's. Essentially the idea is to monitor the overall state of the txn, and w...

by Builder in

How to create an array of values from a field?

Hello, I am trying to parse a field like the one below into an array of Key/Value pairs and access each array valu...

by Explorer in

Two Search Heads One Indexer

I have two Splunk instances, a development and a test platform. Can I have them both pointing to the same indexer wit...

by Builder in

Show source not available

Hi. For some events in a particular index, users (including Admins) are getting an error of "Show Source not availabl...

by Path Finder in

Top Limit 50000 results - Where to Change?

In my local limits.conf file, on my Search Head, I have the following: [searchresults] maxresultrows = 1...

by Builder in

splunk daemon error

Hi All, whenever i am trying to search the query,i am getting following error. Splunkd daemon is not responding...

by Path Finder in

How to turn search '... | extract access-extractions' into a props.conf file?

Hey All, So i have some web logs, lets call them source type 'webbylogs'. If I search 'sourcetype=webbylogs | extr...

by Path Finder in

Difference between input.conf and search results

Hello, This is my input.conf on the iis server: [monitor://D:\IISLogs\W3SVC2] index=iis_db sourcetype=iis Ho...

by Engager in

DB Connect - Oracle - Single quote in query

I am have the following stanza in my inputs.conf. [dbmon-tail://DB/TABLE] interval = 1m query = SELECT SL_UID,SL_T...

by Engager in

Is there a way to drilldown to two different dashboards depending on column i click?

In my dashboard, it loads data into a table with 4 columns Now what i require is to drill down to Dashboard1 if an...

by Contributor in

How to pass a variable value from one search to another in advance xml?

Hi, Following is the advance xml code, where I have defined a search command in a postprocess module and want to pas...

by Builder in

Searches appearing in search results (yo dawg)

When I search in the search application, my search terms are starting to appear in subsequent searches. So search for...

by Explorer in

Joining multiple events via a common field.

So I have three sources that i need to join together to view as one event. The three sources are NewWFL, MoneyNEW, an...

by Explorer in

Longer Period of Time showing Fewer Results??

Hi, I have a search which returns 37 results for one date (May 30), but 0 results for May 30-Jun2. I am failing t...

by Path Finder in

Null iplocation data

Hello, I have the following query: . . . | iplocation ClientIP | eval GeoLocation=case(Country="United States",...

by Contributor in

Add fields to all events, derived from a static application name

Our deployed application services have a static deployment name of this format: {service name}-{environment}-{the...

by New Member in

How do you extract multiple strings of text using rex?

I have VPN access connect/disconnect events from a Meraki security appliance being fed into Splunk. They show up in S...

by Engager in

rex command to regex in transforms.conf

This rex statement works in search command: rex field=source "3......(?P .+?)rly" I would like to conver...

by Explorer in

Regex for extraction

Hi, i want to extract account field and i have events in 2 patterns. One where account has boundaries of @account...

by Contributor in

Join two searches and draw them on the same chart

Hello guys , I kinda need your help , i spend some time on this query and i don't really see how to do that ( tri...

by New Member in

Calculate Difference Between Outputs of two Scheduled Searches

I have two scheduled searches that each output a single numerical value to populate panels on a dashboard. I want to ...

by Builder in

Extracting multiple field values with same field name

Can anyone provide assistance for extracting multiple field values with same field name? My log is something like thi...

by Explorer in

Timed out waiting for peer xxx.xxx.com

Hello, I am getting the following errors in my search head while loading a dashboard which includes the saved seac...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

"Unknown country" returned by iplocation? bug?

Different values of parameters

Search to Pull Values from START log

How to create an array of values from a field?

Two Search Heads One Indexer

Show source not available

Top Limit 50000 results - Where to Change?

splunk daemon error

How to turn search '... | extract access-extractions' into a props.conf file?

Difference between input.conf and search results

DB Connect - Oracle - Single quote in query

Is there a way to drilldown to two different dashboards depending on column i click?

How to pass a variable value from one search to another in advance xml?

Searches appearing in search results (yo dawg)

Joining multiple events via a common field.

Longer Period of Time showing Fewer Results??

Null iplocation data

Add fields to all events, derived from a static application name

How do you extract multiple strings of text using rex?

rex command to regex in transforms.conf

Regex for extraction

Join two searches and draw them on the same chart

Calculate Difference Between Outputs of two Scheduled Searches

Extracting multiple field values with same field name

Timed out waiting for peer xxx.xxx.com

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions