Splunk Search

Discussions

Thread Info

Will the search "host=XX*" search all hosts in all indexes, or will it only search hosts in the default index?

When I run the search as: host=XX* will this search all the hosts in all the indexes, or will it only search hosts i...

by Path Finder in

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

Is there a way to round up the average, max and min values to 2 decimal places - without disrupting the sparkline dis...

by Path Finder in

Why splunk stop to extract new fields for some reason?

Hi Splunkers, I will cut the intro and talk straight to the problem: I have 5 fields that were declared on prop...

by Communicator in

What is the difference between earliest/latest and starttimeu/endtimeu?

In my case I was using the map command with starttimeu/endtimeu but I'm not sure WHY i'm using those in the subquery ...

by Path Finder in

Column comparison for authentication

Hi, I created a search which provides me with the usernames of all user which have logged on, i have another colu...

by Explorer in

Display result of two sources in the same map

Hi everyone, I have two dashboards that display results on a map. The first dashboard displays results for source1...

by Explorer in

Report on latest status per host

Hi, I have put together a database input that queries a sql table that logs events against hosts. The events I"m i...

by Communicator in

How to change line graph color?

I have this code for rendering the charts var rbCpuChart = new ChartView({ id: "element5", manager...

by Explorer in

Evaluating and converting dates in search query

I have a graph that displays an average value per day over a week as columns. When clicking a specific column a line ...

by Communicator in

erex not working in splunk 6

In previous versions of splunk, I've been able to use erex at search time to define a regular expression based on sea...

by Contributor in

How can I create this report table with two column labels?

Hi, Is it possible to get a report like this in Splunk? I have fields APP, status and category. Here I am taking t...

by Communicator in

How do I write a search to create a cohort-like table view?

Hi, I'm trying to create cohort "like" table view. Cohort "like" because I have two searches that I want to execut...

by Explorer in

How do I fix "Error in 'rex' command: Invalid argument: '(' The search job has failed due to an error. You may be able view the job in the Job Inspector."

Why does this rex query work fine in a simple search, but then fail when used in both a primary and a subsearch? I ne...

by Explorer in

associated query according to the context

My raw data is like: FieldA | FieldB | FieldC | FieldD 1439638106 | 1.1.1.1 | 21 | 500 1439637106 | 1.1.1.1 ...

by Path Finder in

How do lookups work in Splunk? Can you lookup a value and use the corresponding value to its left and vice versa?

How do lookups work in Splunk? I presume it works like this, lookupA is the value you are looking for and ValueToR...

by Motivator in

Import a text data with a index

Hello everyone, I'm starting with the development in splunk... Each time a new database or datatable and created o...

by Engager in

How to store daily aggregate data into another index for historical searches?

Dear SPLUNK community, I have 200 servers and index metrics such as CPU, disk, memory, etc. on a per minute interv...

by Communicator in

How do I search for a field with the value 0 in this format in my logs? "reportReferenceNumber" : 0

Please find the sample entries of two log messages given below. I want a search condition to select a report with the...

by Path Finder in

How to view records/data horizontally by host?

Hey is it possible to view data/records from a file horizontally by host. For example, I have a search string like...

by Explorer in

How to use eval and case results with bucket span to list categories with different time buckets?

I am trying to get calls classified into different categories based on their response times: sourcetype=abc |eval ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Will the search "host=XX*" search all hosts in all indexes, or will it only search hosts in the default index?

Is it possible to round up average, max, and min values to 2 decimal places using eval, but without changing how a sparkline is displayed?

Why splunk stop to extract new fields for some reason?

What is the difference between earliest/latest and starttimeu/endtimeu?

Column comparison for authentication

Display result of two sources in the same map

Report on latest status per host

How to change line graph color?

Evaluating and converting dates in search query

erex not working in splunk 6

How can I create this report table with two column labels?

How do I write a search to create a cohort-like table view?

How do I fix "Error in 'rex' command: Invalid argument: '(' The search job has failed due to an error. You may be able view the job in the Job Inspector."

associated query according to the context

How do lookups work in Splunk? Can you lookup a value and use the corresponding value to its left and vice versa?

Import a text data with a index

How to store daily aggregate data into another index for historical searches?

How do I search for a field with the value 0 in this format in my logs? "reportReferenceNumber" : 0

How to view records/data horizontally by host?

How to use eval and case results with bucket span to list categories with different time buckets?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

How to display Avg of Users per Time Picker?

search help, token

searching for specific result

How to Add Datamodel Fields in Search and Reportin...

AD servers with indexing delays when evt_resolve_a...