Splunk Search

Ask a Question

Discussions

Thread Info

How can I get a fixed number of columns returned in my search?

Hi, Hope someone can point me in the right direction. I have a search that pulls a count by 'UserID' of the num...

by New Member in

how to find the Unique field value which is present in two different source logs

My question is how to find the uniqueId which is present in two different source logs..? I have 2 source logs say,...

by Explorer in

using a subsearch in an outer search problem

I'm trying to use the results from a subsearch in the outer out search to pull info i'm looking for right now it l...

by New Member in

Streamstats by clause

Hi splunkers, I'm using the streamstats command with the by clause to split the results using another field but th...

by Explorer in

count message types by facility

I need to know when a particular facility isn't passing a message type(s). In Powershell it would be as easy as, fore...

by Explorer in

Copy data from search results to clipboard; preserve previous search

The results of the searches bring a lot of useful information such as hashes, ip addresses, file locations and names....

by Motivator in

average of a sum of values based on differing values in a different column

Hi, given the data below, I want to find the average sum of a1 to a3 and b1 to b3 every 10 minutes time field1 fie...

by Path Finder in

Extend Search without re-running

I just ran a search over the last 24 hours which returned a large number of results, but not the full picture I was l...

by Path Finder in

adding results from top query

Hi, I've got a result table from a top query and want to add the results to compute an overall cache hit rate and ...

by New Member in

when will OSX 10.7 / Lion supported ?

I saw that 4.2.4 is only supported on Mac OS 10.5 and 10.6. When will Lion be supported ? Will Splunk run in full ...

by Communicator in

Custom modules not loading

Hi, I have created some custom modules, but receive warnings that the module cannot be found when opening the view...

by Path Finder in

Override Sourcetype

I'm trying to do a sourcetype override and not having much luck. I am trying to change the sourcetype from 2 hosts, f...

by Communicator in

Stop displaying aliased fields

I have aliased a field (let's call it application_auth_id) to a new name (user). I want my Splunk users to search usi...

by Legend in

Only display earliest hit for each day

Hi, We have building access logs in Splunk and I have to generate an attendance report. I can filter based on spec...

by Explorer in

Need help with Splunk REST command, Get property value from configuration file

Hi All, I am trying to write a search to get values from the configuration file. An example of it will be to the m...

by Revered Legend in

Multiple Search Heads in a Cluster

We're setting up an Index Cluster with a Master Node. From the documentation it looks like the Cluster will take care...

by Path Finder in

TIME_FORMAT vs DATETIME_CONFIG = CURRENT

I have a log file that has a date at the top, but otherwise is essentially unpredictable stdout. It could be written ...

by Contributor in

Show date in label

Hello Everyone, Please suggest me how I can get current date and time in label . Regards Vikas

by Builder in

what could account for changes in case for input sources?

When constructing a search to render a table of count of events by source I noticed that splunk was treating the iden...

by Builder in

Detecting expensive searches in enterprise environment

Is there a search I can run that will identify expensive searches across our enterprise environment? We are finding m...

by Path Finder in

Automatic Lookup not applying to scripted inputs

I have implemented an automatic lookup by specifying the filename in transforms.conf: [host_info] filename = host_...

by Communicator in

Summary Field = "OK" or "DOWN"

I am currently attempting to create a 'summary' type of view within a dashboard stating that this list of services (s...

by Motivator in

Add a button in Dashboard using XML and run a search command to show the result

Hi, I want to create a button in dashboard using XML. And on click of this button, a search command should run which ...

by Builder in

Using splunk to perform semi-automated analysis of customer comments / reviews / complaints?

Is there a practical way to do this in Splunk? As far as I can tell it is basically only some sentiment analysis opti...

by New Member in

Host list on default search shows error message of: [SimpleResultsTable module] Input is not proper UTF-8, indicate encoding ! Bytes...

So my main search page in the bottom right hosts summary has the following error message listed: [SimpleResultsTab...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I get a fixed number of columns returned in my search?

how to find the Unique field value which is present in two different source logs

using a subsearch in an outer search problem

Streamstats by clause

count message types by facility

Copy data from search results to clipboard; preserve previous search

average of a sum of values based on differing values in a different column

Extend Search without re-running

adding results from top query

when will OSX 10.7 / Lion supported ?

Custom modules not loading

Override Sourcetype

Stop displaying aliased fields

Only display earliest hit for each day

Need help with Splunk REST command, Get property value from configuration file

Multiple Search Heads in a Cluster

TIME_FORMAT vs DATETIME_CONFIG = CURRENT

Show date in label

what could account for changes in case for input sources?

Detecting expensive searches in enterprise environment

Automatic Lookup not applying to scripted inputs

Summary Field = "OK" or "DOWN"

Add a button in Dashboard using XML and run a search command to show the result

Using splunk to perform semi-automated analysis of customer comments / reviews / complaints?

Host list on default search shows error message of: [SimpleResultsTable module] Input is not proper UTF-8, indicate encoding ! Bytes...

.conf25 Global Broadcast: Don’t Miss a Moment

Observe and Secure All Apps with Splunk

What's New in Splunk Observability - August 2025

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions