Splunk Search

Ask a Question

Discussions

Thread Info

auto-finalized after time limit ( 30 seconds )

I am getting the following warning while running my big query : auto-finalized after time limit ( 30 seconds ) re...

by Contributor in

Where does a search process consume its run time?

We have performance problems. Looking at one of the search logs, I see that it ends with 08-16-2013 14:00:55.172 I...

by Path Finder in

Every _time timestamp in a transaction as a multivalue field

How do I get all the individual event times from a transaction and have them in a multivalue field as part of the tra...

by Communicator in

Time difference for the transaction

I want to find the time difference between the transactions,display as a chart My data will look like this Mon ...

by Communicator in

Significant search performance hit using multiple indexes

I'm seeing three seconds of latency introduced to each search when using ~3,500 indexes. Here's the scenario: ~3,0...

by Explorer in

Search for events with multiple field values

I have events that I'm joining together via transaction. Once in a transaction a field can have multiple values. How ...

by Motivator in

DrillDown Table

How to put | search splunk_web_service="574.357430" before | rex command in drilldown table? I mean, after click o...

by Path Finder in

Dynamic field-names for lookups

Hello, i have a scripted lookup which is working fine. i configured in the lookups that the field name is called c...

by Communicator in

Log Message formating question

I am trying create some new logging formats for some new data and I want to ensure it Splunk friendly, so I can do a ...

by Path Finder in

Efficient filtering with high number of values from a lookup table

Hi all, I've got 16k and growing values in a CSV. I'd like to search for events matching those values, like tag...

by Contributor in

Specifying two regular expressions in a single search query using rex

Hi, I have SharePoint logs and in that there is a field called message.From the message field i have extracted exc...

by Communicator in

extraction fields

Hello splunkers! I create sourcetype and I extract some fields by Field Extraction menu. I copy the props.conf fil...

by Communicator in

カスタム時間で指定した時間からさらに時間を指定する方法

サーチをする際に、カスタム時間で時間を指定し（○月○日の断面等）、出た結果に対し、更にそれから1週間前のデータと比べるサーチ文をご教授下さい。 sourcetype=A | stats count by host | appen...

by Contributor in

Sharing a dynamic lookup from an app

I have a scripted lookup which is part of an app that I've written and it works perfectly. What's the proper way to s...

by Splunk Employee in

extract subject from maillog

Hi, I want to extract the 'subjects' from my SMTP maillog but the regex I have built doesn't seem to work. I have bui...

by New Member in

How to extract data (email address, subject) between two blank spaces that are after the field identifier - eg From:

Hi Our fields have a space between the field name and the information we want to . The two searches I have trie...

by New Member in

Counting how often the mode() value occurs in a result set

I want to query my access logs to learn where the majority of my traffic is coming from in 1 second buckets. This is ...

by Engager in

Newbie struggling with removing "empty" lines for a search/report

Hi there! Being new and still struggling mightily to master Splunk, I have an immediate need to create a search/repor...

by New Member in

real-time search question

Hi, Do real-time searches read events before they enter the indexer?

by Champion in

how to find difference between two "stats count" used in two different saved search

So i have two saved search queries 1. sourcetype="x" "attempted" source="y" | stats count 2. sourcetype="x" "Failed" ...

by Explorer in

Add hidden search string to flashtimeline view

Hi there, I'd like to modify the default search form of Splunk (flashtimeline view) for a new app. Therefore I'd l...

by Path Finder in

extract fields not working

Hi there, I have an errp log from aix that i want to process and determine on with side of the cluster we had prob...

by New Member in

How to group fields using top OR use top inside of stats

I'm playing with the Splunk tutorial data and I have this query that shows the top 5 customer per purchased product a...

by Explorer in

fill_summary_index.py how to locate and run this script in splunks file directory

Hi together, I have found the following fill_summray_index.py script under: http://wiki.splunk.com/Community:Summary_...

by Explorer in

How to ignore timestamp to group events and show # of occurences by ComputerName

I need to run weekly reports that show all Error Messages that have occurred and have it split by the computernames a...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

auto-finalized after time limit ( 30 seconds )

Where does a search process consume its run time?

Every _time timestamp in a transaction as a multivalue field

Time difference for the transaction

Significant search performance hit using multiple indexes

Search for events with multiple field values

DrillDown Table

Dynamic field-names for lookups

Log Message formating question

Efficient filtering with high number of values from a lookup table

Specifying two regular expressions in a single search query using rex

extraction fields

カスタム時間で指定した時間からさらに時間を指定する方法

Sharing a dynamic lookup from an app

extract subject from maillog

How to extract data (email address, subject) between two blank spaces that are after the field identifier - eg From:

Counting how often the mode() value occurs in a result set

Newbie struggling with removing "empty" lines for a search/report

real-time search question

how to find difference between two "stats count" used in two different saved search

Add hidden search string to flashtimeline view

extract fields not working

How to group fields using top OR use top inside of stats

fill_summary_index.py how to locate and run this script in splunks file directory

How to ignore timestamp to group events and show # of occurences by ComputerName

Earn a $35 Gift Card for Answering our Splunk Admins & App Developer Survey

Continuing Innovation & New Integrations Unlock Full Stack Observability For Your ...

Monitoring Amazon Elastic Kubernetes Service (EKS)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6