Splunk Search

Ask a Question

Discussions

Thread Info

How can we improve the performance of an Hunk's query?

We have the following Hunk query - index=<claims_table> claim_classification=INPATIENT OR claim_classification="I...

by Ultra Champion in

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

I have a regullar expression extracted in transforms.conf as below :- [split_and_extract_commands] SOURCE_KEY = ab...

by Builder in

Is there a search or command that will number rows in a table?

is there any command to get row numbers in table? Like, I have a table like host source type DFR splunk_id...

by New Member in

Grouping a "time" span from one true value to another

I have a boolean value in my data set. I want to group all event together that are between the event(a) right after a...

by Path Finder in

How to edit my search to format String to Number with fieldformat for all 60 columns?

Hey guys Is there a quick way to format data? I want to format data like this <search> |fieldformat test1a=tonumb...

by Path Finder in

Which users have done this but have not done that ?

Hello there, I'm struggling a little bit with the search language, booleans, eventtypes and stuff ... I can't find...

by Communicator in

How to exclude last 3 values in the search results.

Hi , I need exclude the values last 3 three values from the search results. Can someone please help me on this. ...

by Explorer in

SEDCMD: to filter the character between the user

Curently our proxy logs with user having special characters inbetween. ref: DC=local/bob\, tom I have created a pr...

by Path Finder in

OR operator problem

Hi all, Hey, what's wrong with the next search structure? I'm using OR operator because the field names are diffe...

by Path Finder in

Is there a way to speed up my search through millions windows security logs?

Doing some long-tail analysis and I am running in Fast Mode but the query for 24 hours is taking a long time. Plea...

by Contributor in

best tips for speeding up searches?

by Explorer in

Group full auditd (rlog) EXECVE commands by User?

Hello, I have been trying to write some custom searches against linux auditd logs to get a list of all commands ex...

by Engager in

inputlookup format to insert wildcard * is it possible?

inputlookup like: user mailbox smithj john smith bloggsj joe bloggs search string: | inputlook...

by Path Finder in

Need help on finding daily hourly max for a month for a timechart

Hi All, I am pretty new to splunk and trying to figure out a splunk search query. I am extracting a monthly report...

by Explorer in

unable to filter specific source with REX

i have data coming from different sources (catalina,sailpoint,accesslogs,etc) now i want to filter it into different ...

by Loves-to-Learn in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can we improve the performance of an Hunk's query?

regex used in transforms.conf isn't extracting the fields though there isn't anything worng with the regex?

Is there a search or command that will number rows in a table?

Grouping a "time" span from one true value to another

How to edit my search to format String to Number with fieldformat for all 60 columns?

Which users have done this but have not done that ?

How to exclude last 3 values in the search results.

SEDCMD: to filter the character between the user

OR operator problem

Is there a way to speed up my search through millions windows security logs?

best tips for speeding up searches?

Group full auditd (rlog) EXECVE commands by User?

inputlookup format to insert wildcard * is it possible?

Need help on finding daily hourly max for a month for a timechart

unable to filter specific source with REX

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...