Splunk Search

Discussions

Thread Info

Using subsearches to narrow down main search to a specific source

Hi, Say I'm collecting crash reports into log A (I'm extracting the PID using rex) and the activity leading to sai...

by Explorer in

Lookup Table作成について

Query上でoutputlookupコマンドを利用して作成したlookup csvファイルは、自動的にSettings > Lookups > Lookup table filesに生成されると認識していたのですが、実際にcsvファ...

by Contributor in

Multiple diff commands in same search

I am using diff to compare two results from a search. Everything works great if my search only returns two results. W...

by Communicator in

Search query requirements

Is it possible to require fields in a search query for specific users/roles? Non-power users or admins, they must ...

by Path Finder in

Colour the rows of dashboard

Hi, I have created a dashboard in search named "dashboard_title", which shows the output result as follows: I ...

by Builder in

update search head & indexer to 6.0.3 but not forwarders?

I would like to update my search head and indexer (ver. 6.0 both) to version 6.0.3. Do I need to update all of my ...

by New Member in

Plottng a value (cumulative) over time.

Hi: I am feeding in Accounting data from my network equipment. This allows me to see what current active sessions ...

by New Member in

Microsoft DNS debug logs. Massaging log format.

I have sending DNS debug log from forwarder on Windows 2003 to Splunk indexer: The DNS names in the log appear lik...

by Path Finder in

What does it mean the difference between "phoneHomeIntervalInSecs" and "handshakeRetryIntervalInSecs" ?

Hi Splunkers, I cannot understand the difference between "phoneHomeIntervalInSecs" and "handshakeRetryIntervalInSe...

by Contributor in

Time extraction from string?

I have following values in a field +000 00:00:00.00 +000 00:00:00.03 +000 00:00:43.18 +000 00:00:20.69 ...

by Path Finder in

Filter search result to only include events that has top N largest values

Hi - I am building a query as below: sourcetype=my-data | eventstats count(request-id) as requestCountByServic...

by Engager in

Dynamically extract field names from multiline event

I've got some log data that has a multi-line event this format: 2011-04-28 11:40:00|ACTION|1304005199906869|stuff|...

by Explorer in

simple xml for table display

I am using the simple xml example from the "UI Examples" APP in the example the output is a count field. I would like...

by Motivator in

Use subsearch results for dbquery

I have a subsearch that finds destination IP's like this [search sourcetype=ids sid=xxxx | dedup dst | table dst] ...

by Motivator in

Finding/displaying date range

I have a process running on 50 servers that processes 4 files into a SQL DB and then writes to a log file the name of...

by Path Finder in

How can i get ip address from postfix logs

Hi, How can i get ip address from like under log?? --- Sep 13 23:55:42 mailhost1 postfix/smtpd[15824]: [ID 1975...

by Engager in

How to pass a parameter from one search query to another as a search argument?

Hello, I have a situation where I want to do the following: search field_1 from (index_1 and sourcetype_1) and the...

by Contributor in

Multiprocessing funcion "Pool()" cannot be used in my lookup external python script on Linux.

Hello, I cannot use one of multiprocessing functions, "Pool()" in my lookup external python script on CentOS 6.3 w...

by Communicator in

Trying to get the first 10 events based on sourcetype

I'm trying to get the first 10 or so events per sourcetype but the methodology is escaping me. You can't simply use t...

by Motivator in

how to retrieve the IE version using splunk

I have a farm of Windows Boxes, and it's a pain to figure which versions of IE they are running on. The only place I ...

by Communicator in

Search for multiple hosts in parameterized search

I have a saved search that will take a 'host' parameter, like the following: |savedsearch "searchName" host="hostN...

by Explorer in

How to debug in Splunk python sdk??

Hi, Can anybody please tell me , how I can debug a python file in Splunk python SDK. Which IDE should I use?

by Builder in

Performance issue on index

Hi Guys, I get the following error below: Any ideas on what may be causing it? The list of indexes to be sea...

by Path Finder in

How to count field with string and empty string and draw a chart ?

I have below format of data. I would like to count email with empty string as anonymous and email with any string as ...

by Engager in

特定の時間のstatus=successより一つ前のstatus=successをとる方法

時間を指定して、その時間帯に出ているオペレーションに対するステータスが成功（status=success）に対し、その時間よりも前でstatus=successが出ているのを抽出しその間の時間を出したい時にどのようなサーチ文を組めばよ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using subsearches to narrow down main search to a specific source

Lookup Table作成について

Multiple diff commands in same search

Search query requirements

Colour the rows of dashboard

update search head & indexer to 6.0.3 but not forwarders?

Plottng a value (cumulative) over time.

Microsoft DNS debug logs. Massaging log format.

What does it mean the difference between "phoneHomeIntervalInSecs" and "handshakeRetryIntervalInSecs" ?

Time extraction from string?

Filter search result to only include events that has top N largest values

Dynamically extract field names from multiline event

simple xml for table display

Use subsearch results for dbquery

Finding/displaying date range

How can i get ip address from postfix logs

How to pass a parameter from one search query to another as a search argument?

Multiprocessing funcion "Pool()" cannot be used in my lookup external python script on Linux.

Trying to get the first 10 events based on sourcetype

how to retrieve the IE version using splunk

Search for multiple hosts in parameterized search

How to debug in Splunk python sdk??

Performance issue on index

How to count field with string and empty string and draw a chart ?

特定の時間のstatus=successより一つ前のstatus=successをとる方法

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions