Splunk Search

Discussions

Thread Info

How to chart extracted name value pairs across multiple events?

I have a set of events that look like this. (Each line is a different event) a:2 b:1 c:5 a:6 d:3 b:9 I am tryi...

by Engager in

clean eventdata with wildcard

I have about 100 indexes that all start with the same prefix EnLog_ and I want to clean the data in all of them. Is t...

by Builder in

Group By optional fields in splunk

I am trying the following search. EXECUTED, TRANSLATION_UID, DOCUMENT_TYPE are present in the logs but MAP_TYPE and M...

by Explorer in

[How to] Build a Seach that can detect particular event in 10 minutes

Hello, I need your support Splunker !  I would like to set up a search that can show result only if ther...

by Path Finder in

How to limit number of rows by searching for begin date > 12/31/2009

My basic search is : eventtype=FAS Gives the following results: RESP BEGIN DATE FISCAL YEAR PLACE Yes 12/22/2009 20...

by Path Finder in

How do I filter out event based on a value that presents only in specific event?

Hi, I have a search produces the following 4 events, I'd like to filter all events for an IP if any event for that...

by Path Finder in

multiple sourcetype search and scoring

I have been working on a search for a while and I am stumped. I am searching two different source types. One value...

by Path Finder in

DB Query with app Splunk DB Connect inside of Eval Expression

So, I'm trying to run DB queries with the Splunk DB Connect app inside of the eval "case" function. So, something lik...

by Path Finder in

how do I tell how often real-time searches are run?

Hello. I'm considering disabling real-time searches for my app, but first I'd like to know whether they're being used...

by Builder in

Why different results with stats vs sistats command creating a summary index?

I am getting two very different results when I am using the stats command the sistats command. I am wanting to cre...

by Path Finder in

How to configure heavy forwarder created with TCP/UDP 514 input to forward syslog message?

I would like to configure the heavy forwarder to forward the syslog message to indexer. The forwarder is created with...

by Explorer in

Can Splunk check for hosts sending data against a lookup file?

Hi, Is it possible to have Splunk check for hosts sending data against a lookup file? I have a customer that maint...

by Champion in

column totals

Hi, I want to add some totals for a search. The search is below, and it works fine. How would I then add: total...

by Champion in

How to debug a script based lookup?

Hello guys, I have a lookup script, which do not runs in splunk search (doing on the search head). I will only get...

by Path Finder in

Lookup query - What does append=T mean ?

What does the below statement mean ? If 'append' is set to true (false by default), the data from the lookup ...

by Motivator in

How to extract logs for different ip areas?

Hello, I need to extract logs for different ip area(more than 40 area system rooms and datacenter), example : dst=a.b...

by Explorer in

How can I search if an event is not finished?

Hi. We have a scheduled job that outputs log file in following format: 19.06.2014 04:00:00 STARTED 19.06.20...

by New Member in

Help with simple timechart query

I have a list of events that have a specific value associated with each event. I want to create a line graph of those...

by Path Finder in

Extracting data from specific field

hi i tried playing with rex and regex but couldn't figure exact expression. my command field is in 3 different scenar...

by New Member in

Stats Values(x) command is giving unexpected results

Hi Team, Stats values command in pivot(data model) is giving unexpected results. For ex below search | pivot A_pi...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to chart extracted name value pairs across multiple events?

clean eventdata with wildcard

Group By optional fields in splunk

[How to] Build a Seach that can detect particular event in 10 minutes

How to limit number of rows by searching for begin date > 12/31/2009

How do I filter out event based on a value that presents only in specific event?

multiple sourcetype search and scoring

DB Query with app Splunk DB Connect inside of Eval Expression

how do I tell how often real-time searches are run?

Why different results with stats vs sistats command creating a summary index?

How to configure heavy forwarder created with TCP/UDP 514 input to forward syslog message?

Can Splunk check for hosts sending data against a lookup file?

column totals

How to debug a script based lookup?

Lookup query - What does append=T mean ?

How to extract logs for different ip areas?

How can I search if an event is not finished?

Help with simple timechart query

Extracting data from specific field

Stats Values(x) command is giving unexpected results

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Need to add date range to dashboard panel title s...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?