Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Field categorization

Hi All, A quick question reagrding the symbols "#" and "a" (alpha I believe), on the left hand side of a filed nam...

by Contributor in

enumerating field names as a new field

Dear all, I have in splunk events of this simple structure fileldX=value, like field1=..., field2=..., ... fiel...

by Path Finder in

How to make the Search and Reporting app the default landing page for a user?

I have an App landing page which is not working fine. I want to make the Search and Reporting app as the default page...

by Explorer in

Averages skewed by empty time buckets

When creating a report of the max count/minute and average count/minute by host for a specific error there seems to b...

by Path Finder in

how do I clac time out using eval

in,out,name 05-06-2015 11:37:04,05-06-2015 11:37:04 ,uid2 05-06-2015 11:36:06,,uid2 how do I do this, If out time ...

by Engager in

Why does dedup not return any results?

Below is an example of a log file I'm trying to analyse (thousands of entries). I wish to remove duplicate entries ba...

by Explorer in

Spunkd normal process count?

Hi, What is the normal process count for splunkd? Am having two processes for splunkd both for my forwarder & s...

by Explorer in

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

I'm trying to filter out events from a search based on a list of strings retrieved from the results of another search...

by Path Finder in

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

This is related to http://answers.splunk.com/answers/136754/splunk-sdk-fields.html. I've tried searching via the ...

by Splunk Employee in

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Hi, I have a chart like this from a search: source="*.log" "Found TaskId" | | dedup source | eval FileFoundDa...

by Path Finder in

Where to enable the "dbx_capable" capability in Splunk DB Connect?

I have a Prod and Non-Prod instances of Splunk running. A former admin installed DBX in both. In trying to setup the ...

by Engager in

What is Parameters must be in the form '-parameter value'

I'm new to Splunk and I'm trying to add monitor to my logs as: ./splunk add monitor -auth admin:changeme /var/lib/mys...

by New Member in

How to write a search to get the total count of emails sent out and the count for each individual mail ID?

I have a search which gives the total count of emails sent out from 5 different mail ids. I use a scheduled report fo...

by Explorer in

How to extract interesting fields from JSON data pulled from Google Places' API?

Hi! I'm trying to get Information from Google Places into our Splunk. We want to analyze how we get rated on socia...

by Communicator in

stats, earliest() and report acceleration

I have a search that basically looks like this: some source | stats earliest(_time) as _time latest(_time) as end ...

by SplunkTrust in

problem with field that contains character "\\"

Hi, I have a log with this type of content: domain\\user. I have extracted this info with field extraction called ...

by Path Finder in

How to extract information from my sample log file?

I am new to Splunk but am given a tight deadline to explore the possibility of using Splunk to extract information fr...

by New Member in

How to get results of two searches and compare them?

i have two searches: earliest=-10m index=perfmon server=web1 sourcetype="Perfmon:CPUTime" | stats avg(Value) as C...

by Engager in

How to rename table field names dynamically in a search?

Sample EventList for my scenario given below: ID=1 | Name=sankar | Age=20 | Dept=Computer science | Programming=60...

by Path Finder in

How to write a search to find which tablets have a latest status of Error or Corrupted?

Hi all, I have an event sent with the information if a tablet downloaded app successfully or not. If it faces prob...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field categorization

enumerating field names as a new field

How to make the Search and Reporting app the default landing page for a user?

Averages skewed by empty time buckets

how do I clac time out using eval

Why does dedup not return any results?

Spunkd normal process count?

Why am I getting error "Regex: invalid UTF-8 string" trying to filter events based on string results from a subsearch?

Why do I only get default indexed fields via REST or SDK call, but get more extracted fields in Splunk Web for the same search?

How to edit my search to create a chart that inserts "NO" wherever the value is blank?

Where to enable the "dbx_capable" capability in Splunk DB Connect?

What is Parameters must be in the form '-parameter value'

How to write a search to get the total count of emails sent out and the count for each individual mail ID?

How to extract interesting fields from JSON data pulled from Google Places' API?

stats, earliest() and report acceleration

problem with field that contains character "\\"

How to extract information from my sample log file?

How to get results of two searches and compare them?

How to rename table field names dynamically in a search?

How to write a search to find which tablets have a latest status of Error or Corrupted?

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...