Splunk Search

Discussions

Thread Info

Give me a count of all events but give me the date of the last event?

I'm generating a table of event count (same events) but I want it to also return the timestamp of the last event. I c...

by Champion in

Help with Search string count

I am trying to extract a string, count how many times it appears and group it by host. RAW LOG: [2013-01-31T03:55:...

by New Member in

Problem with the counting

Hi, I have a data like : Name 1 2 3 4 5 abc 0 2 5 0 18 def 3 0 10 10 11 ghi 0 0 0 7 20 Now, I have 6 col...

by Contributor in

getwatch list & lookup table

Dave Receiving this error " The splunkd daemon cannot be reached by splunkweb. Check that were are no blocked netw...

by New Member in

Count the concurrent transactions with a single log entry by transaction

Question Hey there, I'm a beginner with Splunk and have questions about timechart and _time variable. Here ...

by Explorer in

Problem of choosing the line number from a report

Hi, I have a report generated by SPLUNK , but I want to remove the first 5 lines and rest of the lines will be my ...

by Contributor in

Comparing two values

Hi everybody, I am trying to compare two values which would be the network interfaces (MAC, em1, em2) and dependin...

by Communicator in

click a table using converttointention

Hi All, I am creating a dashboard with a table, which when clicked will open another chart in the same dashboard d...

by Contributor in

Update lookup file just before running my search?

I'm running a subsearch which updates a lookup file (using outputlookup) but it doesn't seem to work. The subsearch o...

by Champion in

Convert field from Unix Epoch Time to another format

I have events that are being stored in large groups (say 10,000 at a time). The timestamp that they are given at inde...

by Explorer in

Splunk CLI search only returns 100 events

Hi, I am looking for a Splunk CLI search workaround for option (-maxout 0) which shows unlimited events instead of d...

by Engager in

Rolling over data to a a Share

I have a distributed Environment consisting of 2 SH and 2 indexers. I would like to keep around 30 days of logs on my...

by Path Finder in

JOIN two tables in Splunk

Need to extract the value of 'A' from Query 1 - Then do a JOIN to extract the value of 'A' if they occur in Query 2 ...

by New Member in

Regular expression used in transform not performing as expected

I have written a Regex to perform an extraction in transforms.conf that I've tested in multiple PCRE compliant regula...

by Splunk Employee in

How can I use LDAPSearch to retrieve email based on selected specific CN

Hi I have used ldapsearch to narrow down the list of members based on a specific CN: e.g. |ldapsearch domain="mydo...

by New Member in

Extracting usernames from Solaris 9 syslog

Hi guys, I hope this is an easy one for you. We have Solaris 9 boxes sending syslogs to nfs share and our Splunk 4.3 ...

by Path Finder in

How to hide time without values in timechart

Hello comunity, I need help to hide a value unavailable in a timechart. I searched for some functions, but I have ...

by Path Finder in

Add search term and external link.

Hi I have a panel which displays the following in columns AD Events (log dictionary) WSUS (log dictionary) Qual...

by Communicator in

search based on logged in user id

I need to plug in the logged in user id and build a search query. How do I accomplish this ? I see cherrypy.session[...

by Communicator in

How to change the horizontal width of a column in a table

Eexperts, I am a newbie to Splunk. When I changed the width of a table, the width of the panel used to create or extr...

by Explorer in

Scoping a search string to a valid field yields no results

Hi, I have some very strange behaviour from Splunk v4.3.3. When I search for: index="something", splunk correct...

by Path Finder in

Splunk question on stats/multiple stats

Hi, I have two sourcetypes with disparate pieces of information that i want to bring together. Note that there...

by Builder in

Field extraction doesn't show full log

I am trying to extract a line "lockouttime=*" it is on line 107. when I use the extract field tool. It only shows the...

by Path Finder in

Limit on the number of realtime searches

Hi, I would like to know what is the limit on the number of real time searches for the following H/W and user coun...

by Influencer in

unable to change password / edit users

There seems to be a dependency on roles inheriting from 'user' and 'admin'. Example. I create a new role define...

by Influencer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Give me a count of all events but give me the date of the last event?

Help with Search string count

Problem with the counting

getwatch list & lookup table

Count the concurrent transactions with a single log entry by transaction

Problem of choosing the line number from a report

Comparing two values

click a table using converttointention

Update lookup file just before running my search?

Convert field from Unix Epoch Time to another format

Splunk CLI search only returns 100 events

Rolling over data to a a Share

JOIN two tables in Splunk

Regular expression used in transform not performing as expected

How can I use LDAPSearch to retrieve email based on selected specific CN

Extracting usernames from Solaris 9 syslog

How to hide time without values in timechart

Add search term and external link.

search based on logged in user id

How to change the horizontal width of a column in a table

Scoping a search string to a valid field yields no results

Splunk question on stats/multiple stats

Field extraction doesn't show full log

Limit on the number of realtime searches

unable to change password / edit users

Community Content Calendar, November Edition

October Community Champions: A Shoutout to Our Contributors!

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions