Splunk Search

Ask a Question

Discussions

Thread Info

Regex not working for event splitting

Hi Sorry I am a newbie to Splunk and the question may sound silly but the splunk regex that I used to split events...

by Path Finder in

User Query count based on conditions

I've below line in my logs: [2013-01-15 20:06:51:641 GMT+00:00] INFO #new# userid=1234 chair_count=1 table_count=1...

by Path Finder in

Difference between maxHotIdleSecs and maxHotSpanSecs

Hi, What is the difference between maxHotIdleSecs and maxHotSpanSecs. After reading the documentation i understood...

by Influencer in

Calculating duration in a transaction using a different, not-quite-a-time field.

How can I use a different value to calculate duration than the built-in _time? I have a case where the only accurate ...

by Explorer in

External lookup definition doesn't run when

Hello, I'm trying to findout how external lookup definition work. I've a python script which tell me if the date a...

by Engager in

How is this field generated...

... "src_hostname"? The reason I ask, is that I can not seem to find it, and it is generating "odd" results in a ...

by Path Finder in

Create multiple eval fields with wilcards?

I'm attempting to calculate the deltas between a field and it's historical value. I use a subquery w/ appendcols to r...

by Engager in

Take the first value of each multivalue field

I have a big xml I wan't to make flat : element1 ... subelement1 subelement1.1 subelement1.2 subelement2 subele...

by Builder in

how to retrieve the number of all events logged in the last week

Hi, i'm creating a dashboard with some general infos, showed as first dashboard to the user. I have two distinct hid...

by Communicator in

日本語を含むデータ入力の設定方法を教えて下さい

取り込みたいログデータがシフトJISなどの日本語エンコーディングとなっております。この際、データ入力時にどのような設定をすれば良いですか？

by Path Finder in

サーチ履歴を取得する方法は？

サーチキーワードの履歴をリストして、監査やナレッジ共有等に利用したいのですが履歴を取得することはできますか？

by Splunk Employee in

db connect lookup fails with table is invalid

To use a flat file lookup table is easy - simply create (say) a CSV file and use it with the search app syntax | inpu...

by Engager in

RegEx field extraction help

I have this raw data: May 20 09:11:09 172.16.20.111 May 20 2013 09:11:09: %ASA-4-113019: Group = AC-Users, Usernam...

by Path Finder in

FIX message protocol with Splunk

Does anyone have any recommendations of how to use Splunk with FIX trading messages logs and in particular is there a...

by Path Finder in

Eval macro with string argument

I'm trying to define a Splunk eval based macro that takes a string as a parameter (where the string must be able to c...

by Path Finder in

Funnel by Field

... | table Field Count | sort 0 Field For example, we have ...

by Explorer in

How to add Google Map result to dashboard?

Can I add the map view to dashboard?

by Explorer in

Multiple searches on the same field?

Is it possible to perform multiple searches on the same field? For reporting purposes I want to search for all values...

by Engager in

Log file not being forwarded / indexed anymore?

As someone new to Splunk would appreciate some guidance - whilst I had some success in that an inputs and outputs hav...

by Path Finder in

SQL samples in splunk

Just getting started with Splunk & after a little direction. I have a SQL query that returns a list of requests th...

by Engager in

user name missing or exist in search

I am reading user from lookup file and then searching a search and find the user list from lookup file and giving tab...

by Explorer in

Counting total unique urls grouped by a particular parameter

Hi, looking at website log file Would like to see how many unique instances of a certain parameter there are Th...

by Explorer in

Stats sum function causing fields to drop off

I am writing a search against a summary index and I am running into an interesting problem. When I perform a sum on o...

by Path Finder in

One search job, one thread?

My deployment is: 1 forwarder + 2 indexers + 1 search head. The forwarder has forwarded 50GB(about 100,000,000 events...

by Explorer in

Generate lookup tables from searches with guarantee of unique entries

what is the most efficient way to achieve this. I run search #1 that populates the lookup table file with data. ...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex not working for event splitting

User Query count based on conditions

Difference between maxHotIdleSecs and maxHotSpanSecs

Calculating duration in a transaction using a different, not-quite-a-time field.

External lookup definition doesn't run when

How is this field generated...

Create multiple eval fields with wilcards?

Take the first value of each multivalue field

how to retrieve the number of all events logged in the last week

日本語を含むデータ入力の設定方法を教えて下さい

サーチ履歴を取得する方法は？

db connect lookup fails with table is invalid

RegEx field extraction help

FIX message protocol with Splunk

Eval macro with string argument

Funnel by Field

How to add Google Map result to dashboard?

Multiple searches on the same field?

Log file not being forwarded / indexed anymore?

SQL samples in splunk

user name missing or exist in search

Counting total unique urls grouped by a particular parameter

Stats sum function causing fields to drop off

One search job, one thread?

Generate lookup tables from searches with guarantee of unique entries

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...