Splunk Search

Discussions

Thread Info

Can Splunk Do This? Index -> backfill -> /opt/splunk/var/run/splunk/dispatch

I need to back fill an index from a scheduled search but the result set of the scheduled search is quite large. There...

by Motivator in

Chart sum as well as the source numbers

I would like to return a chart that has LOGIN SUCCESS LOGIN FAILURE and TOTAL LOGIN ATTEMPTS. In my logs I retur...

by Explorer in

Multiple raw text fields returned and charted

There have been many answers close to my solution but I have not been able to replicate based on those. I am look...

by Explorer in

absolutes and percentage of total

If I have something like page views by platform: search ... | stats sum(page_views) by platform which correctly...

by Engager in

String validation not working in splunk like String validation with Arthimetic operator & where is not working

If I am trying to match string in where like ..| where server=server108 is not generating result. Tried, server==serv...

by Communicator in

Lookup by file name

Hi group... I have systems that are categorized into security groups. I have one spreadsheet for each group wit...

by Motivator in

Search Query issues involving transaction & sum

Hello there, So I built this query and as the case often is it worked fine with a smaller set of test data but doe...

by Path Finder in

Use lookup to find out if a user is NOT in an Active Directory group

We're trying to construct a search that tells us if any group changes have been made to a user by someone in a group ...

by Path Finder in

Field extraction taking whole event as field

Hello Everyone I am working with three different files.Each file has different start time and end time.that all fi...

by Path Finder in

timechart without spaning

I would like to show the message_types from each event on a timeline. I think timechart would be the right element...

by Builder in

Subsearch Help

[subsearch]: Subsearch produced 50000 results, truncating to maxout 50000. How to fix this??please help Thanks in ...

by Path Finder in

How can I use the value of a field as an immediate search expression (dynamic search string formatting)?

I have a set of rules in one of my sourcetypes: Rule Expr Value Rule0 <0 Value0 Rule1 =1 Value1 ... Rule5 >=5 Valu...

by Communicator in

Are there any known problems regarding missing values in big lookup-files and is there a solution for it?

Hi all, I got a problem while performing a lookup at a csv-file.In general the lookup works fine, but its missing ...

by Path Finder in

Peculiar Time requirement

Hello, I have a very peculiar time problem that I want to fix with a quick and dirty fix. I am creating a sparklin...

by Path Finder in

search query help

Hi all, I have 2 files, where suplierID,contractID are the common fields, Now I want to exclude the values of these f...

by Path Finder in

How to troubleshoot python scripts

I'm trying to get the Pulse cloudwatch app to work using boto and dateutil, but splunkd.log shows this: 04-09-2013...

by Communicator in

EASY QUESTION: How to search for events that produce a field value of zero

Hi all, wish I could figure this one out myself but I'm stumped. I'm interested in producing a list of all the accoun...

by Explorer in

String validation in eval command

Eval is not validating "string" proparly, means status=Normal is not validating. It is perfectly working for numaric ...

by Communicator in

Use results from search as input to a lookup

I have an initial search that will find the top 100 Called_Numbers by the number of calls they are taking. A simplifi...

by Path Finder in

Distinct count of one field when second field matches string %200%

Hi I am trying two get distinct count of field1 when field2 contains string 200, 500, 400 etc and i am trying to summ...

by Explorer in

anomalousvalue misuse or bug?

I ran the following: source="/path/to/vpn_log" | anomalousvalue action=summary date_hour Every event was normal...

by Path Finder in

I want collect all characters and events that end with a certain text via Regex?

I want to collect all data before a specified text or that ends with it, I have tried the following: (.+?)ABC_...

by Builder in

Help on custom command (Examples needed)

Hi, May I ask if there is any steps on how can you have your custom command take in the search results of "x|cust...

by Engager in

Compare multiple inputlookup's

I am looking for a way to compare data from multiple inputlookup csv's. Each CSV has the same exact set of fieldnames...

by Engager in

Name space between 2 or more variables found in 2 or more source logs

Let's say we have the following 3 logs sources: request.log : timestamp id=123 q=1 filter=2 query_time="timestamp...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can Splunk Do This? Index -> backfill -> /opt/splunk/var/run/splunk/dispatch

Chart sum as well as the source numbers

Multiple raw text fields returned and charted

absolutes and percentage of total

String validation not working in splunk like String validation with Arthimetic operator & where is not working

Lookup by file name

Search Query issues involving transaction & sum

Use lookup to find out if a user is NOT in an Active Directory group

Field extraction taking whole event as field

timechart without spaning

Subsearch Help

How can I use the value of a field as an immediate search expression (dynamic search string formatting)?

Are there any known problems regarding missing values in big lookup-files and is there a solution for it?

Peculiar Time requirement

search query help

How to troubleshoot python scripts

EASY QUESTION: How to search for events that produce a field value of zero

String validation in eval command

Use results from search as input to a lookup

Distinct count of one field when second field matches string %200%

anomalousvalue misuse or bug?

I want collect all characters and events that end with a certain text via Regex?

Help on custom command (Examples needed)

Compare multiple inputlookup's

Name space between 2 or more variables found in 2 or more source logs

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions