Splunk Search

Discussions

Thread Info

Is there a search command to look up results from saved results?

Hi there! Is there a search command that will allow me to look up results from a "saved result"? I'm looking for w...

by Path Finder in

Dashboard --> search last 24h --> logfiles of other splunk server

Good day Currently receives a master Splunk server log files from 3 other splunk server. I created a dashboard for ea...

by Explorer in

Filter count?

Trying to output just names where the count=1. Original Search Aliases="*hba*" | rex "Aliases:\s+(?<Aliname>\S...

by Contributor in

Multiple regex expressions for 1 field name

I have 2 different extractions but their values need to be part of the same field. How can I do that? I've tried usin...

by Communicator in

100 result limit in JS SDK

I tried adding "count" to params object when calling service.search() but it doesn't work. How do I get more than 100...

by Explorer in

Show percent instead of count in top chart

I'm using the top command and wanted the generated chart to show the percent value for each of the items instead of t...

by Engager in

Splunk for OSISoft PI logs?

Anybody experience with OSIsoft PI logs and Splunk? http://www.osisoft.com/value/business/Business_Solutions.aspx ...

by Splunk Employee in

Regex matching in search when it doesn't in regex creator

This regex is actually a lot longer, and obviously the events are too, but here's what appears to be happening. I wan...

by Communicator in

Locked/Unlocked

rex field=_raw "Message=A user account was.*(?<accaction>.+?)\." 07/19/2012 11:32:19 AM LogName=Security SourceNa...

by Contributor in

Graphing conversion rate over time by banner

I have data like this: [2011-04-23T23:59:54-05:00] bannerid=1210 action=view [2011-04-23T23:59:55-05:00] bannerid=...

by Path Finder in

Live Product Roadmap & Input?

Hi In the support program page: http://www.splunk.com/view/support-programs/SP-CAAACC8 what does "Live Pro...

by Motivator in

Index time SEDCMD not applying when indexer is split from search head

I have a configuration working perfectly in development in an environment with a single Splunk instance. This is t...

by Path Finder in

Using AND in case() function

Hi all, I'm currently trying to get the case() function working so that for each .csv file I have (which has infor...

by Explorer in

Need help creating alerts using regular expressions

I am new to Splunk logging and I have a host name and source that I would like to create an alert for. I want to crea...

by New Member in

how to set x-axis and y-axis

Now i select two fields A and B , it default set A as x-axis and B as y-axis. But now i want set B as x-axis and A as...

by Explorer in

Obtaining the search time range in a custom search command

I have a custom command that takes in the input from a search command and I would like to make available in that comm...

by New Member in

Help with rex

We are looking to create a multi field rex command to capture the following: 1. Firstname Lastname 2. OrgUnit I am...

by Path Finder in

field alias limit?

Hi, Are there any limitations in amount of alias fields or is it a bug in 4.3.2 that fields are randomly aliased? ...

by Explorer in

Using now() in real-time

Hello everyone. I want to track in real-time the time since the last event occurred. When I do this currently the tim...

by Communicator in

Multivalue XML extraction not working

I'm trying to add several lines of XML to a multi-valued field. The data looks like: <EXPLT> <REF><![CDATA[CVE-20...

by Builder in

how to set the retention policy of index

Hi,I'm also confusing about the retention policy. I want to keep some indexes for 90 days. Now I'm doing some test,wh...

by Explorer in

Regex help! (easy one)

I need to extract fields from a set of results with inconsistent formatting. I think this would be easy for a regex p...

by Communicator in

retrieve earliest and latest boundaries of a search

Hi, I've a search where I need to know the time boundaries of the search and use it to further filter results of the ...

by Path Finder in

Not getting any data

index="Server" (CategoryString="Account Management" OR TaskCategory="Security Group Management" ) (Message="Security ...

by Contributor in

Search Help: Last time Windows Systems checked in by sourcetype

Hello, I currently have a search that runs to show me the last time all my hosts checked in with Splunk. Howeve...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Is there a search command to look up results from saved results?

Dashboard --> search last 24h --> logfiles of other splunk server

Filter count?

Multiple regex expressions for 1 field name

100 result limit in JS SDK

Show percent instead of count in top chart

Splunk for OSISoft PI logs?

Regex matching in search when it doesn't in regex creator

Locked/Unlocked

Graphing conversion rate over time by banner

Live Product Roadmap & Input?

Index time SEDCMD not applying when indexer is split from search head

Using AND in case() function

Need help creating alerts using regular expressions

how to set x-axis and y-axis

Obtaining the search time range in a custom search command

Help with rex

field alias limit?

Using now() in real-time

Multivalue XML extraction not working

how to set the retention policy of index

Regex help! (easy one)

retrieve earliest and latest boundaries of a search

Not getting any data

Search Help: Last time Windows Systems checked in by sourcetype

Developer Spotlight with Paul Stout

State of Splunk Careers 2024: Maximizing Career Outcomes and the Continued Value of ...

Data-Driven Success: Splunk & Financial Services

Decode base64 into any charset

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas