Splunk Search

Discussions

Thread Info

Filter fields per role access?

Hi! I would like to ask question whether its possible to filter certain fields per role. For example, If I h...

by Communicator in

Webknight Field Extractions and Header Exclusions

If anybody uses WebKnight ISAPA filter in your environment you will probably have spotted that the log file formal ca...

by Explorer in

Search is truncating results to a smaller result set after completion

Hello, I'm running a fairly complex search using transactions in order to identify an error occurring in a distinc...

by Explorer in

Indexing internals

Hi, I'm planning the event sources for Splunk and I'd like to know (if someone could give an answer) how does spl...

by Engager in

dbx query timeout

Is there a flag in the dbx app that times out a query if it exceeds a certain time? We have an SLA that our queries c...

by Splunk Employee in

Duration with just days (2)

source="J:\\B6 Files\\Web Logs\\Vegas\\access_logs\\star.log" INFO star | rex field=_raw "INFO (?<report>star) - (?...

by Explorer in

How to create multiple radial gauges from a singel query?

I have a query that produces 4 field values. I am looking for a way to use thae gauge command to create multiple gaug...

by New Member in

Creating Chart Overlays in Splunk 6

All, I'm trying to implement overlays for the dashboard panel I am working on. I want the exactly the same chart ...

by Contributor in

Time of Day on Y Axis

I'm trying to create a chart that has the time of day on the y axis. I have a results table that looks like this: ...

by Communicator in

Chart Android over Iphone apache logs

so I have index=apache useragent=android | timechart etc etc index=apache useragent=iphone | timechart etc etc ...

by Builder in

How to get total for line count then subtotal for another field in the same query?

Hi - Very new to splunk. I have the following query that gives me total count for a specific log: LOGGING strin...

by Path Finder in

How do you reference the value of a transaction

Does anyone know if it is possible to reference the value of a transaction? For instance transaction account s...

by Path Finder in

Extract information via regex

Hi guys, I need some help to split the field below: xyu_0987|123456:123456|123456:123456, before the first p...

by Contributor in

searchtime field extraction, ignore event prefix

Hi all, I'm using props and transforms to extract fields, all the fields are extracted properly, except the first ...

by Path Finder in

Sum max(count) from multiple hosts

Hi I have 4 hosts. Each host collects error logs. Each log consists of a Counter, like so: 2013-12-02 11:23:26,...

by Path Finder in

How to increment counter field with a by clause

Given events Group MultiValue A 7,2,9 B 8,1 I'm using makemv to pivot the results to below, but I also want a new ...

by Explorer in

Joining two data sets using time windows

I have two data sets that I want to join: Set A: _time, field1, field2, field3... via search: eventtype=mystats...

by Explorer in

Matching specific fields in main search with the results from subsearch

I am monitoring a directory with multiple CSV files and indexing these to say an index "ABC". The goal is to extract ...

by New Member in

Splunk doesn't recognize searchbnf.conf

Hi all, I trying to implement online help for my custom search commands. There is a searchbnf.conf located in the ...

by Explorer in

Strange error with subsearch

I have a query with a subquery that I am using to identify a set of transactions that contain a string - from those t...

by Path Finder in

Field extraction based on the element position in a csv

Hello, I have csv files but Splunk can`t auto extact the fields based on headers beacause we've assigned our own s...

by Explorer in

Chart X -AXIS Splunk 6

Hi Everyone! Is it possible in Splunk 6 to rotate the X-axis label of chart to vertical? Thanks in Advanced! Xi...

by Communicator in

how to get the field names based on the case statement conditions?

This is my query sourcetype="pivotsource" OR sourcetype="vodplayerrors_animation" | stats count AS tnow | eval tno...

by Explorer in

Process User input before search

Hello, I'd like to know if there's any possibility to process the user input before executing a search but without...

by Explorer in

Splunk Search and Iterate over a log

Can I do the following in Splunk: Search for a line using a query. Iterate from that line onwards in the log. ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Filter fields per role access?

Webknight Field Extractions and Header Exclusions

Search is truncating results to a smaller result set after completion

Indexing internals

dbx query timeout

Duration with just days (2)

How to create multiple radial gauges from a singel query?

Creating Chart Overlays in Splunk 6

Time of Day on Y Axis

Chart Android over Iphone apache logs

How to get total for line count then subtotal for another field in the same query?

How do you reference the value of a transaction

Extract information via regex

searchtime field extraction, ignore event prefix

Sum max(count) from multiple hosts

How to increment counter field with a by clause

Joining two data sets using time windows

Matching specific fields in main search with the results from subsearch

Splunk doesn't recognize searchbnf.conf

Strange error with subsearch

Field extraction based on the element position in a csv

Chart X -AXIS Splunk 6

how to get the field names based on the case statement conditions?

Process User input before search

Splunk Search and Iterate over a log

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

AppDynamics is now part of Splunk Ideas

Advanced Splunk Data Management Strategies

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...