Splunk Search

Discussions

Thread Info

List of IP Excludes

All, I have a list of IP addresses which is about 40 long I don't want to include in my search. Seems silly to ty...

by Builder in

Where is the bottleneck?

We are having minor performance issues with our deployment and I would like an outside opinion on where the bottlenec...

by Path Finder in

App: limit searches done through a SearchBar

Is it possible to limit searches done through a SearchBar by automatically prepending them with something like source...

by Explorer in

Do we have splunk 1.1 jar as maven dependency

Hi Do we have splunk1.1 jar as maven dependency.If available,can you guys provide me the dependency tags.

by New Member in

where can i find the log ?

I installed the add-on, but I have no idea where I can find the checkpoint log.

by New Member in

Diff dashboard

Hi, My search query is like this : index=main source=file1.txt | stats values(wrk) as "Work Name", values(name) as "N...

by Builder in

SPath and Aggregations

Hi, I currently have a fairly complicated event format (see below 2 examples): 10/09/2012 09:49:55 126.115.88.9...

by New Member in

matching lookup file with a search

Hi, I have 2 sets of logs, Log A contains username and hostname whereas Log B contains userid and hostip. In or...

by Explorer in

problem with lookup command

Hi, I am getting the following error while running a lookup command with |inputlookup : [subsearch]: Subsearch ...

by Contributor in

Splunk Data flow Diagram

Can some one guide us or provoide us with the splunk data flow diagram with all the port number services etc

by Path Finder in

find event that happens before another event only

I have two events that occur often event A and event B are two different url's (both are different values stored i...

by New Member in

Issues adding FileMaker driver to DB Connect

I have Splunk version 5.0.2, build 149561 and DB Connect 1.0.8 running on an Ubuntu server 12.10. I am trying to u...

by Engager in

active user session at any given time

Hi, I would like to draw a chart representing number of active sessions at any given time...probably on a time cha...

by Communicator in

Help on Editing regex command on the example geven below

hi i have the following logs @2013-03-25 17:29:36,634||FINE|CXI|15553|Session=kksrrdica24v-2013084212936-1|CXI Diagno...

by New Member in

how to identify how many times that same timestamp is occured .....

I have logs in which some events occured twice in same timestamp.......so i need to identify and eliminate those repe...

by Explorer in

Trouble splitting multi-line events

I have some suricata stats logs which are in the following format: -----------------------------------------------...

by Engager in

Part 2: How to extract a json portion of an event then use spath to extract key=value pairs

I have the following log event but I have not been able to use spath to extract the json key=value pairs if the json ...

by Motivator in

Lookup question

Hi, I would like to know how to create a lookup for translating or replacing a field result into results from a csv f...

by Explorer in

correlated subsearch

Hi, I'm looking for a way to do an equivalent of a SQL correlated subquery in Splunk. [I did look at Splunk for SQL u...

by Engager in

How can I query Splunk to tell me how much space it thinks is being used in each volume?

How can I query Splunk to tell me how much space it thinks is being used in each volume? My volumes have nothing but ...

by Path Finder in

Alerting on a percentage of events

I want to craft an alert that will get the number of errors: sourcetype="my-thing" error | stats count and the...

by Explorer in

How to transfer Strftime TIME_FORMAT to a regular expression ?

Log content (log4j) begin with a date that i will use it as TIME_FORMAT in my props.conf file. Fri Jan 04 2013 13:...

by Builder in

Why some Fields are extracted and some are not

I have indexed memory log files for windows. I have done the required the configuration in props.conf and transforms....

by Path Finder in

Relative search time off by an hour

The clock on my server didn't adjust to the proper time for DST. I have updated the clock and restarted the server. H...

by Motivator in

Time duration

Hi, 03/22/2013 05:27:59.603 Message 1 03/22/2013 05:27:59.920 Message 1 03/22/2013 05:28:00.245 Message 1 03/22/20...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

List of IP Excludes

Where is the bottleneck?

App: limit searches done through a SearchBar

Do we have splunk 1.1 jar as maven dependency

where can i find the log ?

Diff dashboard

SPath and Aggregations

matching lookup file with a search

problem with lookup command

Splunk Data flow Diagram

find event that happens before another event only

Issues adding FileMaker driver to DB Connect

active user session at any given time

Help on Editing regex command on the example geven below

how to identify how many times that same timestamp is occured .....

Trouble splitting multi-line events

Part 2: How to extract a json portion of an event then use spath to extract key=value pairs

Lookup question

correlated subsearch

How can I query Splunk to tell me how much space it thinks is being used in each volume?

Alerting on a percentage of events

How to transfer Strftime TIME_FORMAT to a regular expression ?

Why some Fields are extracted and some are not

Relative search time off by an hour

Time duration

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...