Splunk Search

Discussions

Thread Info

Calculate averages from 3rd Tuesday of Month to the 3rd Monday of following month

I am trying to create a table or timechart that tracks averages for an event from the 3rd Tuesday of every month to t...

by New Member in

Postfix Queue ID

I've been able to extract Postfix Queue ID's out of sourcetype="postfix_syslog" however often logs have multiple Queu...

by Path Finder in

how to search information

how to search information on splunk?

by New Member in

Cant nest functions ??

v4.3.1 linux so apparently Splunk will not execute nested functions. example | stats count,values(src),count(va...

by Contributor in

hostname regex path help

I have files in a directory like this: /home/user/files/servername_01020304050607.log How can I get the servername o...

by New Member in

Forward log to two Splunk indexers - different indexes on each.

Scenario: Project Splunk Deployment: 1 indexer with ~250 Windows forwarders, a few Linux, and various other sw...

by Communicator in

stats sum?

From my list of field in Splunk, I have three fields with numeric values that I would like to add together and assign...

by Communicator in

How can i exclude search peers by default in distributed search?

We have multiple splunk servers accessed by two central search heads, and some of these splunk servers are spread out...

by Contributor in

group IP by CIDR range in results

I am trying to find a way to turn an IP address into CIDR format to group by reports. Ideally, I'd be able to do some...

by Contributor in

Splunk Tailing Errors

ok, my sources use syntax like \dir\dir\...\log so that it recursively finds all of my log files. but now i see th...

by Contributor in

multikv not extracting fields

Hi, I have created a scripted source which genereates the following output: idx_size_kB idx 24 aaa 24 aaa...

by Path Finder in

choose chart type

I have a search but I want to be able to choose either a bar chart or a line chart, through either using radio button...

by Explorer in

How do I search using field components?

I'm a newbie to Splunk, and I'm having difficulty with field definitions and searches. My input data (from syslog)...

by Explorer in

Combining these multiple queries into one

I have a list of channels that I want to query, and for each one, I'd like to retrieve the latest value. For example ...

by New Member in

How can I catch the both the first and last occurance of an event?

Scenario: figure out what user is using a given IP at a given point in time by using proxy logs, which captures the u...

by Explorer in

TCP Dump Splunk question, please Help!

I have noticed that reading an output of a TCP dump is as follows: The requesting Host sends a synchronization fla...

by Builder in

duration in each state for specific time range

Hi, What would be the best approach for building a query that for a given time-range gives for each device the amount...

by New Member in

Data from HP-UX seems to be missing

Hello, We installed universal forwarders on a few HP-UX systems and they seem to connect to the splunk indexers fi...

by Path Finder in

Determine users on the same server within a time window

Hi, I'm attempting to obtain a unique list of users who where on a server within a small time window (1 second). I...

by New Member in

Free License Violation - How to Fix and Prevent Recurrence

My enterprise trial ended last week and I am now Free license. I cant search because it said I have too many violatio...

by Engager in

How to search for users accessing files/paths they shouldn't

Hello, In our environment, our users all have a personal folder assigned to them. IT personnel and other users hav...

by Explorer in

JOIN in multi indexes(OR)

SPlunk version 4.3 in the Pulldown host_select : ALL * WEBSERVER1 WEBSERVER1 WEBSERVER2 ...

by Path Finder in

How do I extract xml tag using regex?

I tried to extract xml tagNames as fields fieldNameStartTag and fieldNameEndTag using the following. rex field=_ra...

by Engager in

rex and transforms.conf not giving the same result

I am trying to parse MySQL slowlogs and get the query extract from the log. I have the following format in the lo...

by Engager in

Extracting fields from logs

I have a log file with below content 20120316.051652 Fr I perf Thread-9807784[10.xx.xx.x]/xxxxxx xxxxxxx xxxxxxx 7...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculate averages from 3rd Tuesday of Month to the 3rd Monday of following month

Postfix Queue ID

how to search information

Cant nest functions ??

hostname regex path help

Forward log to two Splunk indexers - different indexes on each.

stats sum?

How can i exclude search peers by default in distributed search?

group IP by CIDR range in results

Splunk Tailing Errors

multikv not extracting fields

choose chart type

How do I search using field components?

Combining these multiple queries into one

How can I catch the both the first and last occurance of an event?

TCP Dump Splunk question, please Help!

duration in each state for specific time range

Data from HP-UX seems to be missing

Determine users on the same server within a time window

Free License Violation - How to Fix and Prevent Recurrence

How to search for users accessing files/paths they shouldn't

JOIN in multi indexes(OR)

How do I extract xml tag using regex?

rex and transforms.conf not giving the same result

Extracting fields from logs

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions