Splunk Search

Ask a Question

Discussions

Thread Info

Index time SEDCMD not applying when indexer is split from search head

I have a configuration working perfectly in development in an environment with a single Splunk instance. This is t...

by Path Finder in

Using AND in case() function

Hi all, I'm currently trying to get the case() function working so that for each .csv file I have (which has infor...

by Explorer in

Need help creating alerts using regular expressions

I am new to Splunk logging and I have a host name and source that I would like to create an alert for. I want to crea...

by New Member in

how to set x-axis and y-axis

Now i select two fields A and B , it default set A as x-axis and B as y-axis. But now i want set B as x-axis and A as...

by Explorer in

Obtaining the search time range in a custom search command

I have a custom command that takes in the input from a search command and I would like to make available in that comm...

by New Member in

Help with rex

We are looking to create a multi field rex command to capture the following: 1. Firstname Lastname 2. OrgUnit I am...

by Path Finder in

field alias limit?

Hi, Are there any limitations in amount of alias fields or is it a bug in 4.3.2 that fields are randomly aliased? ...

by Explorer in

Using now() in real-time

Hello everyone. I want to track in real-time the time since the last event occurred. When I do this currently the tim...

by Communicator in

Multivalue XML extraction not working

I'm trying to add several lines of XML to a multi-valued field. The data looks like: <EXPLT> <REF><![CDATA[CVE-20...

by Builder in

how to set the retention policy of index

Hi,I'm also confusing about the retention policy. I want to keep some indexes for 90 days. Now I'm doing some test,wh...

by Explorer in

Regex help! (easy one)

I need to extract fields from a set of results with inconsistent formatting. I think this would be easy for a regex p...

by Communicator in

retrieve earliest and latest boundaries of a search

Hi, I've a search where I need to know the time boundaries of the search and use it to further filter results of the ...

by Path Finder in

Not getting any data

index="Server" (CategoryString="Account Management" OR TaskCategory="Security Group Management" ) (Message="Security ...

by Contributor in

Search Help: Last time Windows Systems checked in by sourcetype

Hello, I currently have a search that runs to show me the last time all my hosts checked in with Splunk. Howeve...

by Communicator in

Calculating weighted concurrency

I am trying to calculate a weighted concurrency across 3 different event types. Each of these event types has a singl...

by Path Finder in

Splunk and localization of numbers

I'm currently loading some localized CSV-files into Splunk which contains numbers formatted in a localized format (co...

by Engager in

Realtime search with offset

Hi, Does anyone know if it is possible to do a realtime search with an offset? The data that comes in has a delay ...

by Explorer in

Custom Searches - 'Out of Hours' timeframe

Hi All, I am currently trying to perform some monitoring, and am having a bit of trouble with the Splunk search en...

by New Member in

Stats sum function

index=hig `sourcetype="MainframeApps" |stats sum(count)|top limit=0 app_id app_name | fields + count, total_count, ...

by Contributor in

Sourcefire Syslog Regex Query

Hello, I am trying to pull out some information from a syslog. We don't have the money to purchase a Defense Center f...

by Path Finder in

IIS log comment removal not removing

Splunk is not removing commented out fields beginning with a "#" in indexed IIS logs. Any assistance would be greatly...

by Path Finder in

have to add wildcard to end of field value to search.. strange...

I have a field defined in a transform. The field appears to work fine in a chart, whatever, but to put it in a field ...

by Path Finder in

Large eventtypes reccomendations

I am in the process of making individual event types for about 175 types of log events from routers/firewall devices....

by Contributor in

"In the last 30 Days" VS "Last 30 Days"

When I have an inline search on a dashboard where the time range is set to -30d or -30d@d, my last time on my timecha...

by Explorer in

Splunk reading data from Microsoft SQL database

Hi, Can splunk read data from Microsoft SQL Server 2008? We have an application which logs business exceptions to SQL...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Index time SEDCMD not applying when indexer is split from search head

Using AND in case() function

Need help creating alerts using regular expressions

how to set x-axis and y-axis

Obtaining the search time range in a custom search command

Help with rex

field alias limit?

Using now() in real-time

Multivalue XML extraction not working

how to set the retention policy of index

Regex help! (easy one)

retrieve earliest and latest boundaries of a search

Not getting any data

Search Help: Last time Windows Systems checked in by sourcetype

Calculating weighted concurrency

Splunk and localization of numbers

Realtime search with offset

Custom Searches - 'Out of Hours' timeframe

Stats sum function

Sourcefire Syslog Regex Query

IIS log comment removal not removing

have to add wildcard to end of field value to search.. strange...

Large eventtypes reccomendations

"In the last 30 Days" VS "Last 30 Days"

Splunk reading data from Microsoft SQL database

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions