Splunk Search

Ask a Question

Discussions

Thread Info

How do I extract last numbers in field

Hello Splunkers, I Would like to create a new field with the last numbers in another field called logid For ex...

by Communicator in

Issue in returning space from eval macro

Hi, I am in need of an eval macro that takes in three values, examines them and returns the values for three separ...

by Communicator in

Using variable

My search string is (host=ABC AND "Emp Code"=inputString) OR (host=joinHost AND "EMPLOYER_CODE"=inputString) Can I h...

by Path Finder in

The Java Bridge server is not running DBX 1.10

Hello, The java bridge is not re-starting after PC reboot. Tried several install / re-install. Each time the java ...

by Explorer in

Using a result from a subsearch as

Hi all, I've been searching for the last day or so trying to find an answer, but unable to find one. I think I may...

by Engager in

calculating time of free form value in log message

Is there a way I can create a bar chart with the response time extracted from these free form log messages that corel...

by New Member in

Table Formatting

I am having some difficulty formatting a table the way I would like. I am monitoring port state for a couple differe...

by Motivator in

Service Check in Table

I have quite a few services that I am looking to grab the latest state on, for each machine. I am trying to come ...

by Motivator in

Can I process ASA Built and Teardown as a single event ?

Hi, can anyone please answere if it is possible to process ASA Built and Teardown messages of the single connectio...

by Explorer in

Finding the field difference between previous event and current event

I have log lines that looks this: mm-dd-yyyy hh:mm:ss Item counts: 1000 Process ID: 12345 ... mm-dd-yyyy hh:mm:s...

by Communicator in

Calculate delta for corresponding fields base on time grouped events

Need ideas on how to do field calculations based on 2 sets of transactions. Data file is as follows : Timestamp_1 ...

by Explorer in

Custom index metadata

Is it possible to store additional data with an index? For example, if I wanted to add a custom tag an index to ident...

by New Member in

Is there a way to ignore single events in (transaction)?

I'm using (transaction) to count the number of events in a stream of data. There are numerous single events, but I'm ...

by Communicator in

common among all users

I have been asked to identify a list of all websites that a group of users has visited, but the spin on it is that ea...

by Contributor in

Time between events

We're trying to calculate the time between a users 1st event on our site and their 3rd event on our site. We can use ...

by Path Finder in

how to join two saved search results based on common field

Hi I have two saved searches lookup1 and lookup2 with line_id as common field , low will I join two results based on ...

by Path Finder in

Results desappearing at finalizing time

Hi! I'm using this search to calculate the exit rate of each page visited on a web site, count how many time a pag...

by Communicator in

Search does not work and also stopped indexing data.

Search does not work with this message. Error in 'litsearch' command: Your Splunk license expired or you have exce...

by Explorer in

How to assign each event a fields value extracted from another event

Hi, I need your help to understand which road to test. I have raw events like this 11/02/2013 sessionID1 fiel...

by Communicator in

search and index problem..(Trial license has expired/updated to free license version)

Trial license has expired, so updated to free license version. However, still does not search, and data does not ind...

by Explorer in

_time from host

I have host A and B.Both of this host have different _time values.Can I use _time from Host A only? How can i do this...

by Path Finder in

yet another nullQueue question

Hi, I've been trawling through the questions / wiki / docs etc, I just cannot see what I'm doing wrong: everyth...

by Explorer in

How to chart max per day

OK, probably a dumb question--but I can't get it output the way I want. I have a series of values that rise up throug...

by Splunk Employee in

reducing metadata size

Hi, I recall hearing at Splunk Conf2013 that it's a good idea to keep your metadata size reasonable. I process lot...

by Champion in

where count is > 5

Hi Everyone - I'm trying to reduce noise on some of my reports. Certain messages with "unreadable" are coming in and ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I extract last numbers in field

Issue in returning space from eval macro

Using variable

The Java Bridge server is not running DBX 1.10

Using a result from a subsearch as

calculating time of free form value in log message

Table Formatting

Service Check in Table

Can I process ASA Built and Teardown as a single event ?

Finding the field difference between previous event and current event

Calculate delta for corresponding fields base on time grouped events

Custom index metadata

Is there a way to ignore single events in (transaction)?

common among all users

Time between events

how to join two saved search results based on common field

Results desappearing at finalizing time

Search does not work and also stopped indexing data.

How to assign each event a fields value extracted from another event

search and index problem..(Trial license has expired/updated to free license version)

_time from host

yet another nullQueue question

How to chart max per day

reducing metadata size

where count is > 5

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown