Splunk Search

Discussions

Thread Info

Single Input with multiple host and multiple Sourcetype

I would like to know can I configure splunk to receive syslog in Single Input (UDP:514) with multiple host and multip...

by New Member in

Only show Count > X in Timechart

I want to hide peaks in timechart that do not exceed a certain threshold. I'm trying the below query but am not havin...

by Explorer in

Generating Custom Events from many sources not directly monitored by SPLUNK

Have never used Splunk; just looking to see if something is possible. I not only want to monitor the things that Splu...

by New Member in

lookup against an extracted field

Is it possible to have a lookup table keyed off of an extracted field? Given the props: [foo] EXTRACT-bu = ^(?<...

by Contributor in

Extracting data using xpath

source="D:\\SplunkLogs\\HI_IR.xml"|xmlkv|xpath "//HI_IN//IMK[TY_ID="\234\"]//RE_N" outfield=RE_N|stats values(RE_N) ...

by Communicator in

making a chart

hi, by running this query in search field index="New" "Phase * ended" | table phaseinformation , phase_ended , dateti...

by New Member in

RSS conditional get

hello, I was wondering how to set up Splunk's RSS to support conditional gets (so that my reader when setup corre...

by Path Finder in

How to Generate Bar Chart to Include Hosts with No Events?

I have a dashboard panel that displays the number of user sessions on a web server in a column chart. The user wants ...

by Contributor in

Issue in csv lookup while summarization

Hi, We have scheduled saved search running every 5 minutes to create summary index. In our test setup we get 20...

by Communicator in

Subsearch is wonky

Okay, I am sure that I have done something stupid, but I can NOT figure it out! This search works and returns abou...

by Legend in

displaying chart

Hi, I have csv file uploaded on to splunk.Here is the sample entries Intime Outtime 8:33 17:39 8:38 17:40 8:...

by New Member in

Getting duplicate values

hi, this is my query index=tm_idx host="server" sourcetype="TM_Test_10" | rex field=msg "(?i)TM1\sserver\slo...

by Communicator in

Group IP addresses (integer)

Problem: Huge list of IP addresses across multiple subnets, how to group and list in order of subnets. This is wha...

by Explorer in

Lookup table does not exist from indexer but everything is global

I've configured a CSV lookup and an automatic lookup on Splunk 5.0.4 that work on one of my search heads (let's call ...

by Explorer in

One file with two sourcetype Need Regex

I have my DNS and DHCP logs in one file and I would like to set "TZ = UTC" on the sourcetype. My problem is what woul...

by Motivator in

Use of NOT operator

Hello Splunkers, I'm trying to run a search against some logs that include a wild carded hostname, two error messages...

by Contributor in

Alternative to stats dc(*)

Hello, I have a dashboard for windows event viewer. There are two pulldowns which populates the relevant fields. But ...

by Champion in

DB Connect does not work when enableSplunkdSSL=false

Hi. For some reasons, I turned off SSL for Splunk REST API. Everything is fine, except the Splunk DB Connect app. ...

by Path Finder in

streamstats multiple moving averages

My current Splunk search looks like this: sourcetype="ContributionWebApiUat" DbResponseTime=* | chart values(DbRes...

by Path Finder in

Is this a Join, subsearch, or something else?

In my search I am at a stage where I have something like below. USERID EVENT STATUS 1 HELLO PASS 2 HELLO FAIL 3 HE...

by Explorer in

How to remove "received event for unconfigured/disabled/deleted index" messages

Due to some mistake, I am getting this messages: received event for unconfigured/disabled/deleted index='2013-03-1...

by Path Finder in

Regex remove quotes from log file field

Hi, I have a transform like this - it works fine except when I need to look up a field [specialLogFile] REGEX = ^...

by Path Finder in

extracting year from directory name & date/time from file

I have syslog files that are in the directory structure of system/Hosts/year/month/day I've been able to get the i...

by New Member in

Values function separator

My query is the following index="_internal" | table host | stats values(host) output: values(host) host1 host2 ...

by Explorer in

Running tscollect on a search head pool

We have a dashboard that I would like to use tstats to generate the data, and run a search ever 2 minutes using tscol...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Single Input with multiple host and multiple Sourcetype

Only show Count > X in Timechart

Generating Custom Events from many sources not directly monitored by SPLUNK

lookup against an extracted field

Extracting data using xpath

making a chart

RSS conditional get

How to Generate Bar Chart to Include Hosts with No Events?

Issue in csv lookup while summarization

Subsearch is wonky

displaying chart

Getting duplicate values

Group IP addresses (integer)

Lookup table does not exist from indexer but everything is global

One file with two sourcetype Need Regex

Use of NOT operator

Alternative to stats dc(*)

DB Connect does not work when enableSplunkdSSL=false

streamstats multiple moving averages

Is this a Join, subsearch, or something else?

How to remove "received event for unconfigured/disabled/deleted index" messages

Regex remove quotes from log file field

extracting year from directory name & date/time from file

Values function separator

Running tscollect on a search head pool

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions