Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why does putting in a wildcard for Sourcetype in the "Apply to" menu not work when adding a new automatic lookup?

Hi, When I add a new automatic lookup, if I put * at the Apply to: Sourcetype, it does not work, but if i put the...

by Path Finder in

How to search the top 5 distinct users per day in the last 7 days?

Hello Everyone I'm a new user. I would like to search the top 5 user logfail distinct by day in the last 7 days. I w...

by New Member in

Why am I still seeing multiple entries in my results from a lookup table that should have been filtered out by another lookup?

Hello Splunkers, I have what I think should be an easy question, but I'm not able to make it happen. I have two lo...

by Contributor in

Why is Splunk DB Connect changing the table output of my query?

Hello, I found a strange behavior with my mySQL Server. I try to do this query: select t.change_time, t.cre...

by Contributor in

Example of props.conf and breaking line after or Transaction command

Hello, I wish to create a new sourcetype in props.conf that uses the linebreak properties such as : SHOULD_LINEMERGE ...

by Builder in

Splunk rules and their way how it is configured

Hi , We are using Splunk 6.1.1 Ver .I would like to know few Information from Splunk. Their are alerts configur...

by New Member in

Search first 10 results by sourcetype

Hello I have question regarding limiting the number of events on search to reduce the search time. Currently, I'm ...

by Path Finder in

Python SDK real time search results in web page

Is it possible to display results in a web page using a python script? It is easy to dispatch a search and display th...

by Builder in

Date not parsed if the hour is 24

Splunk doesn't parse the date in the beginning of an event, when it has a hour of 24 (JODA time), like in 03.02.2015 ...

by Explorer in

rex expression that match pathname of variable lenght

Hi all, quick question: How I can match with rex or regex a regular expression that match all of this field? [/h...

by Communicator in

How to convert epoch to local time?

Hi! I have log entries with a timestamp embedded for expiration inside the log event. What's the best way to c...

by Contributor in

How to write the regex and break and extract a field to get the required data?

I need to create a report of failed services. From the logs, I get the data in the below mentioned format: ******...

by Contributor in

How to search and filter based on fields created by stats?

Howdy, I have a stats search that returns values from fields in different events such as OS Devicetype etc. This inf...

by Explorer in

A particular search result is not showing up in | stats count output. Very wierd.

Hello, Here is my search: index=app_win source=service State=Stopped StartMode (Auto OR Manual) Name (*IBM* ...

by Communicator in

Unknown search command 'gauge'.

Hi Guys, i am new to SPLUNK. when i search a query with non admin user i am getting below error, Unknown sea...

by Explorer in

Sum a series of values based on the distinctness of another column

i think its easier to ask my question by showing you some of the data I'm working with: Mon Feb 23 16:35:07 2015 ...

by Explorer in

I am try to to find the number of business days between two extracted fields

I am trying to follow what the others have done, but I am stumped as to why things are not functioning for me. I have...

by Path Finder in

Search in multiple indexes

Hi guys, I need some help. I have 2 index, and in both there are the field "ip", How can I create a search that...

by Contributor in

How to compare two weeks ?

Hi, I use Splunk 6.2. I try to compare two values between two differents weeks. index="market_logs" host="1...

by Engager in

Splunk treats any number that uses E (instead of *10) as a string

Any number such as 1.23456E-3 (equivalent to 1.23456*10^-3 or 0.00123456) is recognised by splunk as a string rather ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does putting in a wildcard for Sourcetype in the "Apply to" menu not work when adding a new automatic lookup?

How to search the top 5 distinct users per day in the last 7 days?

Why am I still seeing multiple entries in my results from a lookup table that should have been filtered out by another lookup?

Why is Splunk DB Connect changing the table output of my query?

Example of props.conf and breaking line after or Transaction command

Splunk rules and their way how it is configured

Search first 10 results by sourcetype

Python SDK real time search results in web page

Date not parsed if the hour is 24

rex expression that match pathname of variable lenght

How to convert epoch to local time?

How to write the regex and break and extract a field to get the required data?

How to search and filter based on fields created by stats?

A particular search result is not showing up in | stats count output. Very wierd.

Unknown search command 'gauge'.

Sum a series of values based on the distinctness of another column

I am try to to find the number of business days between two extracted fields

Search in multiple indexes

How to compare two weeks ?

Splunk treats any number that uses E (instead of *10) as a string

New Splunk Observability innovations: Deeper visibility and smarter alerting to ...

Synthetic Monitoring: Not your Grandma’s Polyester! Tech Talk: DevOps Edition

Instrumenting Java Websocket Messaging

how to extract usernames from windows event log 46...

Windows Event Log of Account Creation Search?

How to convert large bytes to human readable units...

How to convert a large number to string with expre...

Need help on Dashboard related issue?