Splunk Search

Discussions

Thread Info

How to refresh the list of servers in the SOS app

I removed a server from my cluster, and it still shows up in the dropdowns of the SOS app. How is it maintained, can ...

by Communicator in

Splunk appears to be ignoring limits.conf: base_max_searches = 8

When submitting queries in rapid succession to Splunk (via the REST API), I'm getting 503 errors from splunkd. This s...

by Splunk Employee in

How to use delim with stats?

How to use delim with stats? Multivalued fields generated after using list() in stats is resulting in space-separated...

by Explorer in

Using token from previous populating search within a second populating search

Hi all, I am currently using a populating search for several dropdowns in a dashboard. I have one for location, de...

by Path Finder in

How to run subsearches on individual values of a field from a primary search?

I have a primary search that finds all the events that indicate a failure of a process and presents a list of unique ...

by Path Finder in

Why query works in my own app, but not Search and Reporting app?

Hi, I am having trouble with a query. It works in my own app, which I created with the Splunk -> Manage Apps, new ...

by Path Finder in

Max of Distinct Count

I am trying to get a distinct count of two concatenated numbers and then get the max of that distinct count over a ti...

by Explorer in

How to split time equally in bar chart

index=main sourcetype=myTest host="hello1234" getUserDetail | rex "(?im)^(?:[^:]*:){4}\s(?P<TIMESTAMP>(?P<Date>[^T]*)...

by Path Finder in

How to create overlay chart in Splunk 6.0 with 2 y-axes?

How to create an overlay chart in 6.0 with 2 y axis where bar graph refering to one axis and line graph refering to s...

by Explorer in

Searching indexes by Deployment Client Name

In a network with up to 150 deployment clients (all UF), is there a way to search indexes for all data from a particu...

by Builder in

Field Extraction from space-aligned fields in multi-line events

From events of the form: Filesystem Type Size Used Avail UsePct ...

by Motivator in

Need help with Lookup and Auto Lookup

I do have a solution to get guest logged into our network. This gives nice logs that I get into Splunk. My goal is to...

by Builder in

EVAL, EXTRACT in props.conf not working when using field names with special characters

Hi, I try to add some EVAL and EXTRACT to the props.conf of same windows events with german localisation. Because ...

by Path Finder in

Real-time charts - Query once, view many?

Hi all, We have a splunk setup where we are investigating a way of having a shared streaming dashboard that can be...

by Communicator in

Filtering events with inputlookup not working

Hello, Here is an example of my csv - first three lines: sourceHost web-a01 a02 I have given the lookup glob...

by Path Finder in

How can I do a timechart of sum(val) where events have start/end times?

I'm hoping that this is easy for someone with more Splunk-Fu than my meager amount. The indexed data looks like th...

by Path Finder in

time range selection not working on CLI

I'm trying: splunk search Calling -earliest=06/30/2014:11:40:00 AND -latest=06/30/2014:12:00:00 and i'm not getting r...

by New Member in

Wildcards and Regex(s) in Windows OS (UF) Monitor Paths (inputs.conf)?

Without any examples of Windows UF Monitor Paths (Universal Forwarder), it's pretty tough to figure out just what wor...

by Splunk Employee in

Table visualisation of events with extra metadata fields

I'm currently trying to get a dashboard to show a simple overview table of 4 or 5 keys fields. Then instead of using ...

by Path Finder in

Transaction with field from a lookup

Hi, I'm trying to correlate events from 2 different sourcetypes. The “correlation field” is the user email address...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to refresh the list of servers in the SOS app

Splunk appears to be ignoring limits.conf: base_max_searches = 8

How to use delim with stats?

Using token from previous populating search within a second populating search

How to run subsearches on individual values of a field from a primary search?

Why query works in my own app, but not Search and Reporting app?

Max of Distinct Count

How to split time equally in bar chart

How to create overlay chart in Splunk 6.0 with 2 y-axes?

Searching indexes by Deployment Client Name

Field Extraction from space-aligned fields in multi-line events

Need help with Lookup and Auto Lookup

EVAL, EXTRACT in props.conf not working when using field names with special characters

Real-time charts - Query once, view many?

Filtering events with inputlookup not working

How can I do a timechart of sum(val) where events have start/end times?

time range selection not working on CLI

Wildcards and Regex(s) in Windows OS (UF) Monitor Paths (inputs.conf)?

Table visualisation of events with extra metadata fields

Transaction with field from a lookup

.conf23 Registration is Now Open!

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

KV Store status is currently unknown

Are hidden characters breaking my joins?

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...