Splunk Search

Discussions

Thread Info

DB Connect Tail Command not updating

I am using a tail db command to pull events from a Oracle database every hour. I was able to pull in all of the data ...

by Engager in

Searching _fishbucket

I'm trying to figure out how to analyze and manage specific records in the _fishbucket index. I have big director...

by Path Finder in

Splunk-perfmon failing: InitQuery failed in PeriodicDataCollector::tick

Hi all, I'm pulling some logs in from Windows perfmon. All was going well, but now I am seeing the following error me...

by Communicator in

The lookup table 'nix_action_lookup' does not exist. It is referenced by configuration 'IDS

Arg this is so frustrating. I cant find the nix_action_lookup and I can't find the IDS config. How do i trouble...

by Motivator in

Bad timestamps in DB Connect query results

I am running a query via a created dashboard on one of my production databases. I defined this in the DB Connect app,...

by Explorer in

why does this form search work

Can anybody enlighten me on why the form below (shortened) works when it's designed exactly this way, but not in any ...

by Path Finder in

Having issues with Subquery when comparing two searches of same source at different points in time

We're trying to compare searches from our Security source, trying to see if someone hasn't logged in within the last ...

by Engager in

improving lookup and inputlookup performance

Hi, when trying to filter a high EPS feed with a lookup I am experiencing quite some performance issues. Are are k...

by Path Finder in

chart drill down to table

Hello, We have the following table with this search but would like to drill down to a table with just the ticket d...

by Splunk Employee in

Search Bucket ID Range

Greetz, Is it possible to search a range of bucket ids? I have moved a lot of warm/cold buckets and scrubbed th...

by Contributor in

Lookups and non matching values

One of our users has a lookup requirement that I'm struggling to find a workable solution. They want to have a number...

by Path Finder in

timechart with SLA value

I would like to create a timechart with an SLA value. I have tried this search sourcetype=foo | eval sla=50 | time...

by Motivator in

Line breaking with custom regex

Hi All I've got a very bad csv to index, which is basically a csv with 63 columns and tildes as separators, becaus...

by Contributor in

field extraction

hi, I have a log files which are having columns that are not fixed. if first log entry has col1,col2,col3 then nex...

by Communicator in

Splunk search head CPU cores required for reporting command based search

How would CPU core load or CPU core sizing be split between a search head and its peer indexer when "searches with re...

by Path Finder in

date sorting numerically not alphabetically

Hello, We have the following search in a chart but the dates are sorting alphabetically rather than numerically. i...

by Splunk Employee in

Changing default field case sensitivity

All, I'm wondering if there is a way to change my configuration files to ignore the capitalization of a field. For...

by Contributor in

Omitting zero values when calculating stats avg()?

What I want is: ... | stats avg(eval(MyValue!=0)) as Avg It doesn't work that way (Avg is always 1.0). Of ...

by Communicator in

chart sorting by last field

Hello, We have the following chart which displays current ticket counts over the last 7 days for different groups ...

by Splunk Employee in

Custom Fields at index Time

Hi I know that splunk automatically creates default fields like host,sourcetype,index at index time.And also the s...

by Contributor in

Uploading a CSV with multiline field value

hi, I want to do a lookup to a CSV file which is having multi line field value when i upload a file for lookup its...

by Communicator in

How to build a query that returns the hostname of the search head the query is running on?

Hi, I have built an app that aggregates data into a summary index. The app also provides a query that searches for...

by Path Finder in

regex extract capturing group value

I would like to use function case and regex together and extract the value of capturing group in one field e.g. http_...

by New Member in

saved searches VS inline searches

hi, Is there any performance impact if i use inline search instead of saved one? Thanks and Regards

by Communicator in

Analyzing connection times based on start time and end time

Hey, quite a long post, but I'm going crazy here trying to solve this problem: I have a connection log of: id, userna...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

DB Connect Tail Command not updating

Searching _fishbucket

Splunk-perfmon failing: InitQuery failed in PeriodicDataCollector::tick

The lookup table 'nix_action_lookup' does not exist. It is referenced by configuration 'IDS

Bad timestamps in DB Connect query results

why does this form search work

Having issues with Subquery when comparing two searches of same source at different points in time

improving lookup and inputlookup performance

chart drill down to table

Search Bucket ID Range

Lookups and non matching values

timechart with SLA value

Line breaking with custom regex

field extraction

Splunk search head CPU cores required for reporting command based search

date sorting numerically not alphabetically

Changing default field case sensitivity

Omitting zero values when calculating stats avg()?

chart sorting by last field

Custom Fields at index Time

Uploading a CSV with multiline field value

How to build a query that returns the hostname of the search head the query is running on?

regex extract capturing group value

saved searches VS inline searches

Analyzing connection times based on start time and end time

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions