Splunk Search

Ask a Question

Discussions

Thread Info

listing events directly from a table

Hi all, is there any option to directly list the events for a particular table entry.. after a search in dashboard u...

by Builder in

index a file in a file system which can be mounted on different servers

Hi I would like to index a file which is in a file system which can be mounted on different servers at different p...

by Explorer in

Temporal Input lookups?

We have been able to successfully use inputlookup with lookup files we have created. However, our lookup files have t...

by Explorer in

Sorting Charts

I have the following search that returns a chart of response times for web pages by GET and POST. index=iis_PRODU...

by Contributor in

How flexible use search if statement?How flexible use search if statement?

To produce a single value dashboard, the utilization of the CPU and the MEN , and when any value exceeding the target...

by New Member in

Possible bug - Deleting a saved search deletes all searches with the same name

I believe I have found a possible bug. There is a condition that when you delete a saved search all saved searches wi...

by Explorer in

eval fails if fields have a ":" in their name

I have some data in the form of xml records. The fields extract fine using the xmlkv operator, but I can not perform ...

by Path Finder in

multiple values for single field in multiple lines of a single multi-lined event

Below is my sample log. I'm trying to extract all the 'Pend Reason' codes and still maintain the host field which I'm...

by Splunk Employee in

Regular expression help and error (Regex: unmatched parentheses )

The regular expression is correct according to RegExr, but i keep on getting this error Regex: unmatched parenthes...

by Contributor in

Oracle into Splunk

I am trying to get the login/logoff and failed login of oracle 10.2.0.4 installed on windows to be seen by splunk. I ...

by New Member in

stats by date_hour failing to return results

Been scratching my head about this one... This search returns a value: index=os source=cpu host=myhost | stats ...

by Path Finder in

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

I have a lookup table that includes fields for hostname and subnet. I can easily view all hosts in a subnet by search...

by Contributor in

Need help with regex

Hello I am trying to get the browser information from the below raw data and haven't been able to do so. Can anyon...

by Motivator in

Event Options Menu lacks "show source" item if search has "fields" command in it.

If you say "*" as search, you see "show source" in the Event Options Menu by every event. If you say "* | fields site...

by Explorer in

Extraction failure

This seems like a straight forward config can someone spot where it's going wrong. I am unable to extract the "aaa" f...

by Path Finder in

Field Extraction Default Delimiter

I know that Splunk will automatically extract fields for field=xyz patterns in my data. How can I tell Splunk to also...

by Splunk Employee in

Frequency of Universal forwarder

I have installed Universal forwarder to send the log files to my Splunk storm project. My question is how frequently...

by New Member in

Simple regex

I'm just trying to get the CN name from what looks like the fields below CN=John Smith,OU=Customer Service,OU=Users,O...

by Path Finder in

Data format

I have the data in this format where the value of the date_month changes how much data I select date_month DATASE...

by Path Finder in

extracting multiple values for a field from one row(one event)

Hi all, Regex is troubling me when i have to extract a field compared with previous line. My log is like Thread Ev...

by Builder in

similiar to chartTitle param do we have any way to give title to Table?

I'm using panel_row2_col1_grp1 - panel_row2_col1_grp3 to collate 1 table and 2 charts. I need to group it since i use...

by Contributor in

REX not working in props.conf

I am using this rex command | rex max_match=100 "(?i)<severity>(?P<Severity>[^<]+)" When I add this to the pro...

by Motivator in

transformation : set a field value according to the host

I'd like to set at search_time a new field, with a value according to the host : if host=abc.com then =te...

by Builder in

sapninja data collection framework

hi , can someone help me with sapninja data collection framework which is used for data collection for the app Splun...

by Communicator in

Joining two large datasets without a Join

I have two data sources, one that is a very large file listing with *nix timestamps, and one that has a text descript...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

listing events directly from a table

index a file in a file system which can be mounted on different servers

Temporal Input lookups?

Sorting Charts

How flexible use search if statement?How flexible use search if statement?

Possible bug - Deleting a saved search deletes all searches with the same name

eval fails if fields have a ":" in their name

multiple values for single field in multiple lines of a single multi-lined event

Regular expression help and error (Regex: unmatched parentheses )

Oracle into Splunk

stats by date_hour failing to return results

Using a lookup to grab a host's subnet and then list out all other hosts in that subnet.

Need help with regex

Event Options Menu lacks "show source" item if search has "fields" command in it.

Extraction failure

Field Extraction Default Delimiter

Frequency of Universal forwarder

Simple regex

Data format

extracting multiple values for a field from one row(one event)

similiar to chartTitle param do we have any way to give title to Table?

REX not working in props.conf

transformation : set a field value according to the host

sapninja data collection framework

Joining two large datasets without a Join

See your relevant APM services, dashboards, and alerts in one place with the updated ...

Cultivate Your Career Growth with Fresh Splunk Training

Introducing a Smarter Way to Discover Apps on Splunkbase

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions