Splunk Search

Ask a Question

Discussions

Thread Info

Multiple Records - one file

Is it possible for splunk to be able to index a file with this kind of formatting: host=hostname sourcetype=source...

by Contributor in

Using regex to drop specific events

i have an event that looks like this 03/01/2012 03:05:43 PM LogName=Security SourceName=Security EventCode=562 Eve...

by Path Finder in

Format of configuration files

Which of the following is the preferred syntax for setting values in configuration files? disabled = [true|false] or ...

by Communicator in

return search with common fields

I need to run two sub searches. Each of these sub-searches will return a set of fields, one of them is called transac...

by Path Finder in

Pass parameters from one search to another

Hi all, We have a system which always logs two lines, Eg: 1) Operation | Status | Time 2) Operation | Type I...

by Path Finder in

How to print xpath results?

Hi, I have added a directory full of following xml files into Splunk: <?xml version="1.0"?> <?xml-stylesheet ty...

by New Member in

Search Help: Syslog and Matching Security Event Log

Hello, I am hoping to be able to right a search that does the following: searches syslog data from a router. If...

by Communicator in

Multi-line, Multi-value Key Extraction Issue

Hello Splunkers  I'm trying to perform some field extractions in a log similar to the one below: 29/02/2012 16...

by Builder in

A list of common regular expressions for field extractions?

Splunk isn't extracting certain fields from my logs. This includes basic things such as IP addresses. It seems tha...

by Contributor in

append and max results (50000)

i'm trying to merge results from two searches to join various values from the search field. i see that the latter ...

by Path Finder in

Index violation maximum?

Let's say I have a 5GB license. I understand that if I exceed 5GB in a day, I will incur a violation. The violation w...

by Engager in

Combining multiple searches

I have three different (unique) searches which sends out alerts in case certain conditions are met. I want to send an...

by Explorer in

Break out search results by host

I'm currently searching all of my jboss.out logs for SQLState. How can I break out the results with number of errors ...

by Path Finder in

problem with transaction and inputlookup

i think i am stuck on this certain for some reason that my head isn't working right when thinking about this problem ...

by Path Finder in

Strategy for deploying splunk on a custom application

I've been evaluating Splunk against a custom application which consists of a cluster of tomcat instances running two ...

by Engager in

Return First user and _time from ACS syslog

Firstly, my data is formatted like this: Dec 15 13:58:12 gthou-nsacs01p CisACS_01_PassedAuth ne8yfimc 1 0 Message-...

by New Member in

How do I display the largest value of multiple fields in an event?

I have a search which results in an event which has multiple instances of the field eltime. Does anyone know h...

by Path Finder in

Parsing Redis logs

Hi, I'm having trouble getting my Redis logs parsed correctly by Splunk, it gets the timestamps messed up. I have the...

by Communicator in

Creating a render time field

Hi, was wondering if what I am trying to do is possible. I have a program that spits out the amount of time it takes ...

by New Member in

How to use isint(X)?

How to use isint(X) function with eval? Please give me an example. I tried the command like this but not working. ......

by Path Finder in

Add a row to end of table

Hi, I am running a scheduled search to output some logs to a file. Now I would like to add an extra line to the en...

by Path Finder in

most critical Events

Hello together For my doctrinal statements, i have to configure a Splunk, with 50 server from our Company. one of...

by Explorer in

Which platforms does Splunk support?

Hi all, As my title, Im going to install splunk on windows server, but i wonder that can it collect all log from diff...

by New Member in

date_month issue

"source="jun_jan.csv" | stats count by date_month" lists all months, but if I want to include another field like stat...

by Explorer in

subsearch passing info

I perform a serach that gives me a host name, but within the returned data the event does not contain the host_ip. Wi...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Multiple Records - one file

Using regex to drop specific events

Format of configuration files

return search with common fields

Pass parameters from one search to another

How to print xpath results?

Search Help: Syslog and Matching Security Event Log

Multi-line, Multi-value Key Extraction Issue

A list of common regular expressions for field extractions?

append and max results (50000)

Index violation maximum?

Combining multiple searches

Break out search results by host

problem with transaction and inputlookup

Strategy for deploying splunk on a custom application

Return First user and _time from ACS syslog

How do I display the largest value of multiple fields in an event?

Parsing Redis logs

Creating a render time field

How to use isint(X)?

Add a row to end of table

most critical Events

Which platforms does Splunk support?

date_month issue

subsearch passing info

Fall Into Learning with New Splunk Education Courses

Super Optimize your Splunk Stats Searches: Unlocking the Power of tstats, TERM, and ...

How Splunk Observability Cloud Prevented a Major Payment Crisis in Minutes

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions