Splunk Search

Ask a Question

Discussions

Thread Info

Having trouble extracting these feilds...

Can't seem to make this work.. using a " " delimter in my transforms didn't do the trick.. www-ber 10/18/2013-02:...

by Contributor in

Regex not finding what I'm looking for???

I have this event and I'm trying to send it to the nullQueue if it contains SYSTEM. 2013-10-24 15:02:34,Major,REMO...

by Path Finder in

top with running totals

i have events with two fields: origin and duration i would like to present a table with the count of each origin, ...

by Path Finder in

How do I loop the results into another search and get the desired output?

Hello, I am new to Splunk and trying to come up with a way that would grab the usernames in certain lines (21_ubl)...

by Path Finder in

DNS time stamp REGEX needed

Here is my DNS raw data: Oct 17 19:47:09 ns1 named[15517]: 17-Oct-2013 19:47:09.314 queries: client xxx.xxx.xxx.xx...

by Motivator in

peak time of log sources

Hi , I have some forwarders installed in my environment and want to calculate the peak time in which log sources f...

by Path Finder in

filtering errors based on two timestamps

I have a site and errors on that site are being recorded in splunk. I basically need to filter out those error which ...

by Builder in

Bug in convert ctime?

Hi the following search eval test=7200 | convert timeformat="%H:%M:%S" ctime(test) | table test gives me 03:...

by Path Finder in

Search to find Log Sources not reporting

Hello everyone, I have around 20 forwarders (Universal) in my env and configued to forward data to Splunk Indexer....

by Path Finder in

Problems indexing into zip files

Hi All, I am monitoring files that land in the same directory that I wish to be considered as different source typ...

by Explorer in

Why am I unable to run dbinspect from cli for calculating compression?

I'd like to run the following search on my indexer to calculate compression. It works in UI, but not in CLI. I have d...

by Champion in

Character Encoding in log4j

Setting up Splunk I'm getting rsyslog messages showing up fine but when I point a little test log4j app at it I start...

by Engager in

Trimming the amount of data forwarded

Background: We have an existing indexer, that we have added a lot of data to. We would like to cut down on the amount...

by Explorer in

Setting a field as a raw integer?

This has been giving me headaches for a long time now, and it's pretty simple. So, for reference, this search works a...

by Explorer in

Sorting Duration and Getting the Top 10

I have a duration field in seconds. I wanted the format to be D+hh:mm:ss, so I used this: eval dur_hhmmss=tostring(Du...

by New Member in

Filtering events out via props.conf and transforms.conf?

The props.conf and transforms.conf files that should be modified are under /etc/system/local, correct? We have bee...

by Path Finder in

How to count total hits by certain fields?

I've been playing around with eval, transaction, and stats and I still can't figure this one out... so I'm asking for...

by Builder in

Error in 'join' command: Usage: join ()? [subsearch]

I get the error "Error in 'join' command: Usage: join <options> (<join-fields>)? [subsearch]" when running the follow...

by Explorer in

Best way to create a search time field extraction

I've spent a long time reading, but am not sure the best way to do this. I have events, which contain username-...

by SplunkTrust in

splunk diag command doesn't work with --exclude in splunk version 6.0

The flags such as exclude as explained in http://docs.splunk.com/Documentation/Splunk/6.0/Troubleshooting/ContactSplu...

by Splunk Employee in

track users logging in via SSO

Hello, we are using SSO with LDAP based users for authentication on our search heads. On our search head; how do w...

by Explorer in

sorting date

I have a query as source="C:\Data\acctdata\snm4-logger.log" "Customer has successfully retrieved file"| rex "::\s(? ...

by Explorer in

Count of Occurence of Operating System(OS)

Hi all, I have around 8 hosts in my splunk and i searching for a report which will list out operating systems ...

by Path Finder in

Seprating null and empty fields

Hi All, I have multiple cases with my date: some have empty src value: e.g, id=abc src= lr=2 some does not have sr...

by Explorer in

How to have eval use results of accum

I have a chicken and egg issue here which I am having trouble resolving. I have a search which returns data for ea...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Having trouble extracting these feilds...

Regex not finding what I'm looking for???

top with running totals

How do I loop the results into another search and get the desired output?

DNS time stamp REGEX needed

peak time of log sources

filtering errors based on two timestamps

Bug in convert ctime?

Search to find Log Sources not reporting

Problems indexing into zip files

Why am I unable to run dbinspect from cli for calculating compression?

Character Encoding in log4j

Trimming the amount of data forwarded

Setting a field as a raw integer?

Sorting Duration and Getting the Top 10

Filtering events out via props.conf and transforms.conf?

How to count total hits by certain fields?

Error in 'join' command: Usage: join ()? [subsearch]

Best way to create a search time field extraction

splunk diag command doesn't work with --exclude in splunk version 6.0

track users logging in via SSO

sorting date

Count of Occurence of Operating System(OS)

Seprating null and empty fields

How to have eval use results of accum

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions