Splunk Search

Discussions

Thread Info

Dealing with spaces in fields

I am sending events into Splunk using a tool that has a notification engine. The notification engine only allows me t...

by New Member in

highlight the selected the tab in splunk web ui

Hi, I want to change the color of selected Splunk header tab. as it is very difficult to see the highlighted s...

by Builder in

Negative Event searches

How would you search an application log for the absence of one or more specific events in a given time period? I'm...

by Path Finder in

Trend by sourcetype?

Hello, How can I get a trend of total events by sourcetype in a graph over a week? My indexing volume dropped sign...

by Builder in

DB Connect Quit Working

All database connections quit working at the same time. I have checked the splunkd.log, dbx.log, and the jbridge.log ...

by Path Finder in

How to extract value with in brackets

Hi , I have data in the following format: NOT_HOMOLOGATED-(UNKNOWN) HOMOLOGATED-(Thomson SpeedTouch ST510 V6 versao 6...

by Path Finder in

How to monitor a log file that updates the same line?

Hi all, I have a log file that briefly logs file in this pattern. For e.g. Available 12-01-2...

by Explorer in

When I am in default search app and click on an index name the query executed has garbage whitespace embedded. How do I fix this?

I have multiple indexes setup. Most user queries go to my default index however my users typically execute a search o...

by Path Finder in

How to write this query when variable names instead of constants need to be used to automate the query

Here is a simplified version of my issue. I have csv file as below named Q.csv Q1avg, Q2avg100 , , 90 , 100 , 1...

by Explorer in

Need help when using variable instead of constant in splunk query construct within where and eval

I have a query Q1 which is used to collect avg over 10 days.Say the average is AvgQ1 100. I have another query Q2 whi...

by Explorer in

Is there a way to run a batch of savedqueries using splunk rather than python or REST?

| savedquery Q1 -> this runs okay | savedquery Q1 | savedquery Q2 -> not okay. splunk error. | savedquery Q1, Q...

by Explorer in

Subsearch returning 2 fields and evaluation needed on one

Hi Guys, I am trying to do this scenario where a subsearch is called to retrieve 2 fields using regex out of which...

by Path Finder in

are search language keywords case-sensitive?

Are all these OK? * | STATS COUNT * | stats count * | STATS count * | stats COUNT Conclusion: search lang keyw...

by Splunk Employee in

Detecting keywords from another search in a field from other search

Hi Guys, I have a requirement like this. In a search I am getting a field like ExtraInfo Count User-Gmail-GoogleCh...

by Engager in

How to combine information from 2 different sources?

Hi! I have a small problem here.. I have two different sourcetypes named 'server' and 'metrics'. Server-sourcetype...

by Explorer in

refer to first bucket values to compute more data

Hi Folks, Here's what I have, index=blah | bucket span=1d _time | chart count(id) over _time by src Chart: ...

by Explorer in

Join Same Saved Search

Hi, I created generic saved search and it is running fine individually as below |savedsearch PausedTime_SS inde...

by Contributor in

appendpipe variable

Hi Guys, appendpipe [stats avg(*) as *], adds a new row with the average of all the rows of the respective column....

by Path Finder in

Extract Fields Using RegEx

I am having trouble trying to parse data from a raw event line. The raw event come in 2 different ways further bel...

by Engager in

How to search for possible missing sections when logs did not come in from a given host?

So we spot checked a random time in splunk for a sourcetype(made up of 2 hosts sending in data). The data was missing...

by Path Finder in

Efficient searches using boolean operators

I'm currently trying to optimize my searches to keep my Splunk searches as quick as possible. Is there any appreciabl...

by Explorer in

How can I compare the average of values across all events with specific values in events?

I have the following in my query index=_internal source=*license_usage.log | eval sizemb=b/1024/1024 timechart sp...

by Path Finder in

search of user logon count using lookup table to return all users

Hi, I have a search like this to return the number of times users have logged in over a week. source="mysource"...

by Engager in

Question index csv with field contain comma

I have issue with index field which contain comma. Below is my csv input "28650096","2013-12-02 20:30:30","blocked...

by Explorer in

Query Modification

I have a search that tables project name, the group it belongs to, and the total count of deployment types: index=...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Dealing with spaces in fields

highlight the selected the tab in splunk web ui

Negative Event searches

Trend by sourcetype?

DB Connect Quit Working

How to extract value with in brackets

How to monitor a log file that updates the same line?

When I am in default search app and click on an index name the query executed has garbage whitespace embedded. How do I fix this?

How to write this query when variable names instead of constants need to be used to automate the query

Need help when using variable instead of constant in splunk query construct within where and eval

Is there a way to run a batch of savedqueries using splunk rather than python or REST?

Subsearch returning 2 fields and evaluation needed on one

are search language keywords case-sensitive?

Detecting keywords from another search in a field from other search

How to combine information from 2 different sources?

refer to first bucket values to compute more data

Join Same Saved Search

appendpipe variable

Extract Fields Using RegEx

How to search for possible missing sections when logs did not come in from a given host?

Efficient searches using boolean operators

How can I compare the average of values across all events with specific values in events?

search of user logon count using lookup table to return all users

Question index csv with field contain comma

Query Modification

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown