Splunk Search

Discussions

Thread Info

Editable by users X and Y axis ranges

Hello, splunk experts! Can you please advise me a way to make it posssible for the users to change ranges of X and Y ...

by Builder in

Searching for transaction demarked by paired events

I've got a search problem that I've been trying to solve with some combination of transactions and events. Hi all...

by Engager in

Finding entries deleted from log

I'm working with an application that adds an entry to a log file, updates the status of that entry as it progresses a...

by Explorer in

Split 'head' by a field?

I want to limit a search with head, but do that split by a field: i.e. I want to limit my search to one result only ....

by Explorer in

Search same string over multiple days on single chart

i'm trying to create a chart that has something like this computername - 7 days ago - 6 days ago - 5 days ago ... ...

by Path Finder in

Using search fields to compare against custom command

Not the best subject. I'm not sure how to explain it in the title. But I'd like to use the results of an custom searc...

by Contributor in

how to show source after transactions (around the starting event of a transaction)

I did the following search to identify those "A" events that are not paired/ends with "B" events. "A" OR "B" | tra...

by Path Finder in

Increasing lines in view source?

My question is a duplicate of this one, but since I couldn't comment there, I figured I'd ask again: When I c...

by Engager in

Expression is malformed, eval expecting a ")"

Greetings guys. Like my other posts today, I'm trying to find workarounds for splunk's inability to search for a lite...

by Builder in

include jquery into setup.xml

Is there a way to include jquery into setup.xml? A simple example would be to show an alert box that says "Hello W...

by Splunk Employee in

Use a field as time in a chart for a specific search?

Hello, I am creating searches/charts for multiple events in a single log file. For most of events, the default tim...

by New Member in

Table count/dedup

Have a basic report being built and I am having troubles with counts/dedup so to say. Below is my current output. Wha...

by Explorer in

Lookup using multiple parameters

Hi, I'm trying to do a p-value lookup in the Z-Table, for calculating a statistical significant problem. Unfortuna...

by Path Finder in

how to trim the values

id=[ci.fif.3000-67777] id=[fg.hki.4000-88888] this the content of file i am working with from this i want only the...

by Communicator in

Splunk REST API

Does Splunk REST API allow us to update search results when search results are retrieved and then return the updated ...

by Communicator in

WARN: Search auto-finalized after disk usage limit (500MB) reached. WARN: Search auto-finalized after disk usage limit (500MB) reached.

I'm running a cli search via command line in a search server. I've already updated srchDiskQuota = 3000 to the rol...

by Path Finder in

Multiple lines with the same time

I have logs from a custom application being streamed into splunk usinig a unverisal forwarder. The probelem I have th...

by New Member in

How to find a word using last part of the word from a file

exception is java.Exception exception is java.sql.Exception exception is java.sql.SQLException exception is java.sql....

by Communicator in

Event correlation: how to find only events _not_ referenced by others?

Consider the following three events: 1: time=xxxx,sent=Item1,recd="Item0" 2: time=xxxx,sent=Item2,recd="Item1,Item...

by Path Finder in

stats count, only show if 2 or more

I am using the following, but I only want to see events if the number dest_ip are 2 or more. |top 10000 src_ip, de...

by Contributor in

Using a rex value in where statement

Hey everyone. In my data's filename there is an indicator which indicates the type of data that it is. It can either ...

by Builder in

addcoltotals need divide

when addcoltotals some need sum ,and another need divide .eg. addcoltotals total per/count . Could you tell me how to...

by Explorer in

Question regarding Search Jobs

What is meant by creating new search job that runs "search error" ?

by Communicator in

problem in query

I am using this query to get the Percentage CPU Utilization. index=os sourcetype="cpu" minutesago=15 | eval human_...

by New Member in

searching for disk and network commands

Does anyone know how do I perform a search on the "top 10 processes by disk" which consists of the names as well as t...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Editable by users X and Y axis ranges

Searching for transaction demarked by paired events

Finding entries deleted from log

Split 'head' by a field?

Search same string over multiple days on single chart

Using search fields to compare against custom command

how to show source after transactions (around the starting event of a transaction)

Increasing lines in view source?

Expression is malformed, eval expecting a ")"

include jquery into setup.xml

Use a field as time in a chart for a specific search?

Table count/dedup

Lookup using multiple parameters

how to trim the values

Splunk REST API

WARN: Search auto-finalized after disk usage limit (500MB) reached. WARN: Search auto-finalized after disk usage limit (500MB) reached.

Multiple lines with the same time

How to find a word using last part of the word from a file

Event correlation: how to find only events _not_ referenced by others?

stats count, only show if 2 or more

Using a rex value in where statement

addcoltotals need divide

Question regarding Search Jobs

problem in query

searching for disk and network commands

Aligning Observability Costs with Business Value: Practical Strategies

Mastering Data Pipelines: Unlocking Value with Splunk

Splunk Up Your Game: Why It's Time to Embrace Python 3.9+ and OpenSSL 3.0

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions