Splunk Search

Discussions

Thread Info

Why am I getting "Status 401 call not properly authenticated" running a search using the Splunk Java SDK 1.4.0.0?

Hello I am using Splunk java sdk 1.4.0.0 when I execute this query : String QUERY = "search \"ab_exper\" index=...

by Engager in

How to subtract Field values from incremental values

This log is updated every 5 minutes (I have included three examples of the logs). The value is cumulative. So, while ...

by Communicator in

Why is eval searchmatch giving me a "the expression is malformed" error?

Hello, I'm trying to use the searchmatch command to create a field that has two values, success and exceptions. I ...

by Explorer in

How do I search for events which occurred around the same time as another set of events?

I've a search, index=foo sourcetype=bar1 service_name="baz" (fault_type="SecurityFault") operation_name=GoRequest, w...

by Explorer in

Get Splunk to Index data based upon host?

Hello this is a bit of a strange one but I'm hoping someone will be able to help. I currently have Splunk setup to...

by Engager in

How do I set the time range while running a search to find errors occurring between 08:00am and 06:00pm in a given region?

I am trying to find errors occurring between 08:00am and 06:00pm in a given region and plot the results over a month ...

by New Member in

What would be the syntax for the Earliest time modifier to report on data for the last 12 months?

Requirement is i need to fetch a Report for the last 12 months. If today's date is Jun 23, 2015 10:12:20 AM then m...

by Path Finder in

how to show data with 2 different fields

Hi, I have two types of parameters in my logs i.e. "Batch received successfully" and "could not be found" now i wa...

by Communicator in

How to color a table cell whose column name is dynamic

I want to color cells of a column name which is in dynamic _time format. Below is my format if we select last 3 days ...

by Path Finder in

how to use UNION for 4 counter types

Hi, I have 4 counters with the following name for the performance monitor of the system- 1.) Avg. Disk sec/Read...

by Communicator in

Splunk Support and End-of-Life

Since I'm not fluent in legalese, I'd appreciate if somebody could help with clarification on section 2.5.9 in the ge...

by Ultra Champion in

Combining stats output with eval

Some advice on something I would have thought to be easy. I have a field called Elapsed. I want to calculate the n...

by Path Finder in

Using network topology information for search

I develop an IT environment management system and considering using splunk for event analysis. I'd like to be able to...

by Explorer in

How to show/hide the drop-down option based on a value selected in another drop-down?

I want to show/hide a drop-down based on a value selected from another drop-down. 1st drop-down having token, valu...

by New Member in

What are the advantages and disadvantages of placing logs from multiple applications in different indexes?

Hi, I am sending logs from multiple applications to SPLUNK. Would appreciate advice on what are the advantages/dis...

by Explorer in

Problem with drilldown and OUTPUT

I need some help with getting this simple drilldown to pass the dboperationcode to my <link>. Currently my search is ...

by New Member in

Splunk DB Connect: extremely long SQL query doesn't get run

Hi splunkers! I have a query which is just under 10k characters long that cannot be run through DB Connect's dbquery ...

by Builder in

Split not working according to other commands

Here is a log file example: 2015-06-22T09:54:42.767-0600 name=processTwo items="A123" 2015-06-20T21:23:03.279-0600...

by Explorer in

How to extract fields with more that 20 lines of data?

Extract new fields has a limit to only display 20 lines of my data. Please let me know how to change the limit to ...

by Explorer in

Selfjoin - Keeping All Results

This one may be easy, but it's eluding me. I've got a results table from an .csv file (using | inputlookup) that l...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting "Status 401 call not properly authenticated" running a search using the Splunk Java SDK 1.4.0.0?

How to subtract Field values from incremental values

Why is eval searchmatch giving me a "the expression is malformed" error?

How do I search for events which occurred around the same time as another set of events?

Get Splunk to Index data based upon host?

How do I set the time range while running a search to find errors occurring between 08:00am and 06:00pm in a given region?

What would be the syntax for the Earliest time modifier to report on data for the last 12 months?

how to show data with 2 different fields

How to color a table cell whose column name is dynamic

how to use UNION for 4 counter types

Splunk Support and End-of-Life

Combining stats output with eval

Using network topology information for search

How to show/hide the drop-down option based on a value selected in another drop-down?

What are the advantages and disadvantages of placing logs from multiple applications in different indexes?

Problem with drilldown and OUTPUT

Splunk DB Connect: extremely long SQL query doesn't get run

Split not working according to other commands

How to extract fields with more that 20 lines of data?

Selfjoin - Keeping All Results

Using Machine Learning for Hunting Security Threats

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...