Splunk Search

Ask a Question

Discussions

Thread Info

Fields Creation Problem ??

Hi I have created a Field Called "DESTINATION" in this field i have the values like this.. Banglore Bombay Kar...

by Motivator in

Field extractions, data types and convert()

Hi -- I'm having some trouble with search-time field extractions that I've set up in the Splunk Manager. My tab-se...

by Engager in

Can I access the search timeframe within the search?

I want to get at the duration of the search timeframe within the search itself. So if I set the search to look at the...

by Explorer in

Separate chart legend on dashboard

Hello, I've got several charts on the same row that use the same legend. This particular dashboard is intended to be ...

by Explorer in

Subsearch with different date range

Script sends VM configuration information into splunk daily. Trying to get a list of events that existed more than 3 ...

by Explorer in

Colored table based on content

I was wondering how to set the color of a table row based on a presence of word.for example i have an event that says...

by New Member in

The latest event for each IP address

i have a list of events , sorted by ip addresses , i would like to see only the latest event for each ip, i tried usi...

by New Member in

Trying to find events greater than the average wtih streamstats

Hi Guru's. I am trying to find events greater than the average of the last 10. I also want to display my results in a...

by New Member in

Problems with timechart

I have a saved search that runs every hour and saves a count of events into a summary index. A chart on a dashboard d...

by Builder in

how to prevent specific syslog events from being collected?

Hi. I am new to Splunk and I am trying to prevent specific logs to be collected. I have 3 Etehrnet switches and they ...

by New Member in

Get top 5 field values (by percent) for multiple fields in a single search or report

I have a simple need that I cannot solve. For a generic search of source=whatever filter1 filter2 filterx | I want to...

by Path Finder in

Can index compression be disabled once an index has already be created and is in use ?

Can we disable index compression in the /opt/splunk/etc/system/default/indexes.conf file once indexes are created ? ...

by Engager in

SysLog based Alert

I am trying to set up an Alert for syslog (udp:514) - and this is the search condition I use: sourcetype="syslog" ...

by Builder in

Source Host instead of Relay Host

Due to network restrictions, I needed to use a server as a relay. This relay server in turn forwards the logs to my S...

by New Member in

How to let Intermediate Forwarder redirect some events to each indexer ?

Hello, I would like to add one intermediate Forwarder between UF(Universal Forwarder) and 2 indexer. For ex: i wan...

by Contributor in

How to add ArcGis data into Splunk?

I want to add ArcGis data into Splunk but I do not know how to add because Arcgis data is different from Splunk data....

by New Member in

data format...

I'm looking at importing TCPDUMP data into Splunk purely for the graph functions and for the TOP functions available ...

by Contributor in

Collecting iPad activity data

Has anyone Splunk'ed data from a iPad? Specifically, user activity data if it exists in the logs or cache? I thin...

by Explorer in

plot numeric value in a field on a google map

Hi I am trying to plot numeric value in a field on a google map. I can show the count of a field, but can not fig...

by Motivator in

How do I exclude everything but certain events at my heavy forwarder?

At my HF I want to exclude everything BUT three websites. I have been playing with this for days now, that's what she...

by Path Finder in

sort and combine multiple lines if there's no pause

Hi, I'm new to Splunk so any help would be greatly appreciated. I'm trying to do two different things, and I'm not qu...

by Observer in

numeric field with thousand separator - stats doesn't interpret as numeric, timechart does

I stumbled on a very strange behavior of stats versus timechart when trying to interpret an extracted numerical field...

by Communicator in

How do I filter a transaction search based on the number of events in each transaction?

I want to group search results by user & src_ip (eg. via "transaction) however I only want to display results where t...

by Explorer in

Regex for host field inputs.conf

Anyone with ideas on how to convert this rex search string into host_regex= input for the Host field, to be a host na...

by Path Finder in

Automatic Lookup not working

I've followed http://docs.splunk.com/Documentation/Splunk/latest/User/CreateAndConfigureFieldLookups and looked at pl...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Fields Creation Problem ??

Field extractions, data types and convert()

Can I access the search timeframe within the search?

Separate chart legend on dashboard

Subsearch with different date range

Colored table based on content

The latest event for each IP address

Trying to find events greater than the average wtih streamstats

Problems with timechart

how to prevent specific syslog events from being collected?

Get top 5 field values (by percent) for multiple fields in a single search or report

Can index compression be disabled once an index has already be created and is in use ?

SysLog based Alert

Source Host instead of Relay Host

How to let Intermediate Forwarder redirect some events to each indexer ?

How to add ArcGis data into Splunk?

data format...

Collecting iPad activity data

plot numeric value in a field on a google map

How do I exclude everything but certain events at my heavy forwarder?

sort and combine multiple lines if there's no pause

numeric field with thousand separator - stats doesn't interpret as numeric, timechart does

How do I filter a transaction search based on the number of events in each transaction?

Regex for host field inputs.conf

Automatic Lookup not working

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

What’s New in Splunk Observability – September 2025

Fun with Regular Expression - multiples of nine

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions