Splunk Search

Discussions

Thread Info

Inline field extraction with rex

I'm not a big regex power yet, I know this is easy, but since it is not on a system I can't test and figure out mysel...

by Super Champion in

Can I use search on lookupfields for earliestTime instead of hardcoding them?

Hi I want to use lookupfield search to extract value for earliesTime and latestTime. Can I use as in example below...

by New Member in

Comparing 2 fields

Hi, I have 2 fields that are already extracted uri and referer. I want to right a search based on if uri value =...

by Contributor in

get the unique count from the list of numbers

Hi, I want to get the unique count of the numbers available in the log. for e,g, I have used the list query to ...

by Builder in

filter results inside a chart...

I am using: … | chart sum(field1) over field2 by field3 to give me a nice chart of sums dependent on differen...

by Communicator in

How to change app to use default search UI on Splunk 6?

We upgraded from Splunk 4.3.5 to 6 and I would like to update an app to use the new UI search. There were no other cu...

by Builder in

Custom Conditions

I am new to splunk and want to create an alert for switch ports that flap. So, I need a way to alert if a port on a g...

by Path Finder in

Distributed search with multiple timezones

We recently set up a distributed search environment to display live data on a shared dashboard. The search peer is 3....

by Builder in

Query - Splunk "DB Connect" app

We are using Splunk "DB Connect" app running on search head to connect to remote MS SQL database and pull relevant in...

by New Member in

events since a certain time (1700) in the previous business day

We have a deadline on a business day after which we cannot place orders (events). This is 1700 hrs. I would like ...

by Engager in

PANIC - Splunk 6 can't find any lookup fields

When I arrived in the office today I discovered our Splunk 6 logs were filling with errors like these: 10-10-2013 ...

by SplunkTrust in

Conver string to time duration.

Hi I have logs where the media length/duration is displayed in a non standard format. anyone think this can be conver...

by Path Finder in

avg(count) not working in timechart?

I'm trying to chart the average count over a 24 hour span on a timechart, and it's just not working. The RegEx I'm us...

by Explorer in

Horizon Charts

Congrats on this great major release ! Are there any plans to introduce horizon charts(similar to sparklines but n...

by Builder in

Fieldset disappears when using table command

I have recently upgraded from 4.3 to the latest 5.x version. I found that now when I use the table command the fields...

by Communicator in

Nested search to find the result

Hi, I have come across a situation where I have a search string to find error id, then I need to search that error...

by New Member in

Macro returns no result when applied

Hello, Could someone explain what am I doing wrong in using a macro ? Here is the macros.conf file [GET_IP]...

by Path Finder in

Form a single statistics from two different sources on common parameters

Hi, I am using two different sources, for e.g.source1 and source2, which contains different numeric error on same tim...

by Builder in

Plotting instances of logs onto chart

Hi My log looks like this: 2013-10-07T15:37:27.334Z | allepha | 2013-10-07T16:37:04+01:00 info platform shell A...

by Path Finder in

How do I not show the value I do not want?

For an apache access log file with an extra field I have created a field extraction myfield - it works great. I th...

by Path Finder in

Lookup Script doesn't return search results

Below is the props.conf at $SPLUNK_HOME/etc/system/local: [SPLUNK_SERVICE_Log] lookup_table = namelookup Id OU...

by Path Finder in

Can customized SearchBar be readonly?

Hello Splunk Experts, I have a SearchBar that inherit it's value from a Search $calculation$ ...

by Builder in

How to extract a variable number of fields?

Given the following data sample of 4 events where each event has a number immediately after the timestamp that indica...

by Splunk Employee in

Multi-Axis timechart

I am wanting to timechart total logins, login failures, and failure rate on a mult-axis graph. So time across the bot...

by New Member in

columnグラフにlineグラフをのせたときの単位の設定方法

以下の画像のように、棒グラフ上にライングラフを載せた場合、両サイドに棒グラフの単位とライングラフの単位が表示されると思いますが、この単位を両サイド同じ単位（間隔）に合わせる方法をご教示下さい。 Hello, I created ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Inline field extraction with rex

Can I use search on lookupfields for earliestTime instead of hardcoding them?

Comparing 2 fields

get the unique count from the list of numbers

filter results inside a chart...

How to change app to use default search UI on Splunk 6?

Custom Conditions

Distributed search with multiple timezones

Query - Splunk "DB Connect" app

events since a certain time (1700) in the previous business day

PANIC - Splunk 6 can't find any lookup fields

Conver string to time duration.

avg(count) not working in timechart?

Horizon Charts

Fieldset disappears when using table command

Nested search to find the result

Macro returns no result when applied

Form a single statistics from two different sources on common parameters

Plotting instances of logs onto chart

How do I not show the value I do not want?

Lookup Script doesn't return search results

Can customized SearchBar be readonly?

How to extract a variable number of fields?

Multi-Axis timechart

columnグラフにlineグラフをのせたときの単位の設定方法

Splunk Observability Synthetic Monitoring - Resolved Incident on Detector Alerts

Video | Tom’s Smartness Journey Continues

3-2-1 Go! How Fast Can You Debug Microservices with Observability Cloud?

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...