Splunk Search

Discussions

Thread Info

histogram on search queries

Hi, I am a new user to splunk. Our splunk data consists of lines like: engine id= error1 en...

by New Member in

Set chart from 12am to 11.59am ? [search queries]

I have this search query sourcetype="CurrentWeatherSGMap" Message="Yishun" | eval Description=case(current_summary="R...

by Path Finder in

Not able to limit the no of entries in search result

Hi All, I have been writing some search queries and now i have written a search query for which im getting a no of...

by Path Finder in

[Help] Renaming field of a specific source

Hi, I am using multiple sources in a single search command and i want to rename the _raw field of one of the sourc...

by Engager in

Data in /opt/splunk/var/spool/splunk filling up disk

I'm seeing a number of very large files building up in /opt/splunk/var/spool/splunk: drwx------ 2 root root 4096 ...

by Builder in

Regex for source AND Type

Hi everyone, Been trying to get regex syntax to behave. What I have below works. It only shows events that are from t...

by New Member in

props.conf fixed value using EXTRACT

I would like to take the following lines in my props.conf file, and at Search Time, use these Field Extractions to Se...

by Path Finder in

Search is queued: The maximum number of historical concurrent system-wide searches has been reached. current=11 maximum=10 Search not executed!

I'm in search of the above tips on how to solve?

by New Member in

How do I feed an array of strings from the results of a search to another search

I have setup a field extraction that parses OC4J Apache logs of the following format and extracts the ecid: index=...

by Explorer in

Finding search strings when all you have is an expired SID

Greetings, I have a saved & shared search URL that has the SID in it. The search has long expired, and I'd like to...

by Contributor in

Getting rid of subsearch

I feel like this should be a piece of cake with distinct count. I'd like to turn this into a more elegant search: ...

by Contributor in

how do I pull in Tomcat logs, ie catalina.log' periodically

I've read many a post and either I'm just not getting it or it's just not the answer. I want to index the daily catal...

by New Member in

Match using OR statement

In in my host field I have several different addresses, 4 of these addresses are from Location1 and the rest are from...

by Path Finder in

Splunk and timezones

In our splunk instance I believe the props.config file is set to UTC as that is what most of our logs are in but we d...

by Communicator in

Stats - a number of different stats but only one by date_month

Hello, I'm trying to report a number of different stats however only one of the stats needs to be by month. All of...

by New Member in

Search, top, count inside a transaction

Hi! I would like to know the frequency of each value of a certain field inside a transaction, for example: my event a...

by Communicator in

_time resolution in Summary Index

The following query construct populates a summary index: source=1.log OR source=2.log | eval _time = case(source ...

by Motivator in

Calculated field in DB Connect

I have done testing the calculated fields for Splunk DB Connect in my local machine. Basically I added props.conf fil...

by Explorer in

correlate uses and samples

Hi All, Am trying to find the usage of correlation. When i try my search using coorelation, it gives me an output,...

by Explorer in

Disabling eventtypes on a per-query basis?

I've got a long-running search that's spending more time than necessary in command.search.typer. I say more time than...

by Splunk Employee in

Stats -- Alert When Count Exceeds Threshold

I'm sure this is easy to do, but I'm a bit stumped. Say I have a search like this: http_status="500" | stats count...

by Path Finder in

Hide custom named column from SimpleResultsTable

Hi, we're trying to use a little piece of JavaScript (put in application.js) to perform column hiding for SimpleRe...

by Communicator in

how to add labels to chart values or order timechart

Hello. My query looks like ...| timechart count by type And I have values tupe_a, type_b and so on. When I call them...

by Communicator in

Question about table and duplicate fields

Hello everyone, I have a splunk request that creates a table with two fields X and Y and i want to deduplicate lin...

by Communicator in

How to extract field from json array?

If I have a log which is in JSON format and contains array in JSON, can Splunk extract values in this array? For exam...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

histogram on search queries

Set chart from 12am to 11.59am ? [search queries]

Not able to limit the no of entries in search result

[Help] Renaming field of a specific source

Data in /opt/splunk/var/spool/splunk filling up disk

Regex for source AND Type

props.conf fixed value using EXTRACT

Search is queued: The maximum number of historical concurrent system-wide searches has been reached. current=11 maximum=10 Search not executed!

How do I feed an array of strings from the results of a search to another search

Finding search strings when all you have is an expired SID

Getting rid of subsearch

how do I pull in Tomcat logs, ie catalina.log' periodically

Match using OR statement

Splunk and timezones

Stats - a number of different stats but only one by date_month

Search, top, count inside a transaction

_time resolution in Summary Index

Calculated field in DB Connect

correlate uses and samples

Disabling eventtypes on a per-query basis?

Stats -- Alert When Count Exceeds Threshold

Hide custom named column from SimpleResultsTable

how to add labels to chart values or order timechart

Question about table and duplicate fields

How to extract field from json array?

CX Day is Coming!

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions