Splunk Search

Ask a Question

Discussions

Thread Info

Timestamp has correct time, incorrect date for some events

I am adding data from a log file with filename: C:\init97\log\mpinet_init97-20120414-000004.mlg For the timestamp,...

by Engager in

Extract a field using Regex

Hi, I have following output from a log file. (5/1/13 - 1:36:05.01 PM) Event LOAD 1 Setup (5/1/13 - 1:36:...

by Contributor in

variable where clause

Hi, I need to set where clause based on certain condition. For example, if value=a, then where should be x>1. If ...

by Communicator in

can we rename the group label dynamically ??

Hi , i am using the following group name for my dashboard..i wanted to change this name dynamically...i.e wanted to a...

by Motivator in

Multi Language APP

I want my dashboard to display the contents in multi-lingual environment (Like English, French, Arabic etc..). By de...

by Builder in

props.conf w/ Regex ?

is it possible to exclude specific results in a field from the search in the props.conf? I suppose more specifically ...

by Motivator in

Bucketing function

I Cant get this search to work as i wish. This is my search (timespan = -2h@h): sourcetype=stats device_id=1352...

by Communicator in

Why does the splunk indexes only 50 fields out of 120 fields from my Oracle DB table

I have a table in the oracle database with 120 columns, but when I index the table into splunk using DB Connect only ...

by New Member in

Strip date and hostname from search results

Is it possible to strip the date and hostname from the log entry search result that shows up in search? I still wa...

by Path Finder in

Convert the timezone from a time field

I have a field extracted from log entries, containing time values in GMT. Can I convert the field to PST time? If so,...

by Communicator in

Forward specific syslog message to another system

Hi, I have splunk v5.0 running on RHEL and I want to forward all syslog messages %SYS-CONFIG-5 events from splunk to ...

by Explorer in

saving result of a search query to a variable in order to use in another search

I have a query like below and I want to compare the result of avg1 with each day result and specify if it is normal o...

by Explorer in

Splunk not reflecting correct REGEX Grouping

I am new to splunk and have been trying to set up my first transforms but I am having some issues. I was hoping to ge...

by New Member in

conditional stats function

Hi Folks, I need to use conditional stats e.g current: | stats avg(res_time) count(res_time) by transaction ...

by Path Finder in

custom command help

Hi .. In my Splunk results say i get a lot of numerical values for a field say "A" . Now i want avg of the top 95 ...

by Motivator in

The lookup table 'dm_audit_class_type' does not exist. It is referenced by configuration 'WinEventLog:Security'

Hello Please help me this issue The lookup table 'dm_audit_class_type' does not exist. It is referenced by...

by Explorer in

how to solve the date issue and how to count the _raw fields from a log using time chart

Hi I have uploaded a log contains below type of events with time stamp; ...

by Path Finder in

Problems w/ basic lookup table.

added the table files & definitions w/ just defaults. command is sourcetype="hitachi_poolinfo" host="*0695*" %...

by Contributor in

How to use splunk to compute and display the cost of a downtime

Hi, I'm new to splunk. So, please bear with me if my question is lame and splunk is not meant for such things. ...

by Engager in

How to achieve Optimized Search time in Splunk

Now its being a serious issue. I need some expert advice for this. Scenario: Splunk 5.0.2 Data Input : TCP License: ...

by Contributor in

Turn Search History off ?

any way to turn the search history off ?

by Explorer in

Default sort order in query result

I use Splunk 5.0.2 with Java SDK 1.1. I've noticed that the results of a search are sorted according to the _time ...

by Explorer in

Data sampled at different rates .. "expand" one to fit the other?

I have two sets of data in splunk -- every 10 minutes we get a host and watts measurement; every hour we get a host a...

by Path Finder in

update lookup table with outputcsv

I would like to update an existing app lookup table with static known fields instead of search results, for example m...

by Contributor in

Can Splunk dynamically extract JSON Key names while joining the event with other sourcelogs?

The following query is able to join two source logs where one of the source logs is in json format: (sourcetype="r...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Timestamp has correct time, incorrect date for some events

Extract a field using Regex

variable where clause

can we rename the group label dynamically ??

Multi Language APP

props.conf w/ Regex ?

Bucketing function

Why does the splunk indexes only 50 fields out of 120 fields from my Oracle DB table

Strip date and hostname from search results

Convert the timezone from a time field

Forward specific syslog message to another system

saving result of a search query to a variable in order to use in another search

Splunk not reflecting correct REGEX Grouping

conditional stats function

custom command help

The lookup table 'dm_audit_class_type' does not exist. It is referenced by configuration 'WinEventLog:Security'

how to solve the date issue and how to count the _raw fields from a log using time chart

Problems w/ basic lookup table.

How to use splunk to compute and display the cost of a downtime

How to achieve Optimized Search time in Splunk

Turn Search History off ?

Default sort order in query result

Data sampled at different rates .. "expand" one to fit the other?

update lookup table with outputcsv

Can Splunk dynamically extract JSON Key names while joining the event with other sourcelogs?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!