Splunk Search

Discussions

Thread Info

stacked column chart of success/failures split by URL over time

I'd like to have a stacked column chart showing the number of successful and failed requests to URLs over time. Follo...

by New Member in

list of searches

Is it possible to view the most recent list of searches and queries executed in Splunk? If so, how?

by Path Finder in

list of searches

Is it possible to view the most recent list of searches and queries executed in Splunk? If so, how?

by Path Finder in

Multiple sourcetypes per source

Hi, I have a novice question, but is it possible to have more than one sourcetype for a given source?

by Explorer in

No date_wday from U.F. collecting windows event logs

I was collecting windows event logs using agent less Splunk server through remote WMI calls and the "sourcetype=WMI:W...

by Motivator in

Real-Time Search and Alerting

Hello, I've figured out how to start a real-time search job. I'm wondering if there's any way to trigger a shell c...

by Engager in

select query based on unique id

Hi, I have a log where the, app logs the various steps for a unique opertaion id (id below) -> ...... ts=13188618399...

by New Member in

Matching the last instance of "endswith" in a transaction?

The transaction command matches only the first instance of the specified endswith, however it's possible and likely t...

by Explorer in

Combining two search stats

Hi, I have 2 search queries. sourcetype="zzz" Accepted | stats count as SuccessCases sourcetype="zzz" Reject...

by Contributor in

using transforms,conf to filter events with two conditions

I have this regex expresion: REGEX = (?m)^EventCode=(4674)|(ServerName\$) This works great to identify the two ...

by Motivator in

How to create a table with time showing in the horizontal direction

I tried the following: host=A earliest=10/01/2011:0:0:0 latest=10/01/2011:11:0:0 | timechart span=1h count by msg ...

by Path Finder in

post-process not delivering all events to chart?

I have the following xml <module name="HiddenSearch" layoutPanel="panel_row2_col1" group="XXX" autoRun="True"> <pa...

by Path Finder in

Filtering lookups based on dates

Hi, I have some events, and a User lookup. The Lookup holds the UserID, User Name, a WorkGroup, and dates when the...

by Path Finder in

How can I get a connected account at present?

In a dashboard, calling a csv file query. Then I want to insert a present login account*(UserAccount)*. How can I ge...

by Explorer in

Formatting data to be parsed by splunk.

This seems like it should be such a straightforward thing, but having a hard time nailing down an answer we're happy ...

by Engager in

Time Latency calculation from log files for an application transaction across time lines

Hi, I have a set of logs in the following format 2011-10-17 14:16:11,117 [main] : DEBUG - <Application Id [...

by New Member in

Search not updating

I can check the DB size and it continues to grow but nothing new shows up in the search. I have 2 that are updating a...

by New Member in

Seem to have broken dedup (showing oldest rather than newest)

We have a search that someone from Splunk helped us put together a few years ago that we altered a bit: index="Fir...

by Path Finder in

Change partition of where the search data is queued up

Hi, I am sure the answer is out there but I am not exactly sure how to ask the question. My Splunk server has t...

by Communicator in

http status lookup fields are not listed under pickup fields

I have a simple configuration for few forwarders and an indexer. I have configured the field look-up on Splunk indexe...

by New Member in

If you have multiple search heads do lookup tables need to be copied to all of them or does bundle replication take care of this?

I was under the impression that this was taken care of automatically by the bundle replication however when trying to...

by Communicator in

Need string minus last 2 characters

I am trying to set a field to the value of a string without the last 2 digits. For example: Hotel=297654 from 2976...

by Path Finder in

Misconfigured view error after upgrade to 4.2.3

I upgraded from 4.2.2 to 4.2.3 (Windows). After the upgrade, this message appears in the top of my browser: M...

by Engager in

Need help defining fields

I want to use dedup to reduce occurrences of the same event like the following: %IP-4-DUPADDR: Duplicate address 1...

by Explorer in

stats count only showing 10 results

This is my search.... index=network source="/u01/noc/log/internetCisco.log" denied |top 100 src_ip | lookup geoip ...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

stacked column chart of success/failures split by URL over time

list of searches

list of searches

Multiple sourcetypes per source

No date_wday from U.F. collecting windows event logs

Real-Time Search and Alerting

select query based on unique id

Matching the last instance of "endswith" in a transaction?

Combining two search stats

using transforms,conf to filter events with two conditions

How to create a table with time showing in the horizontal direction

post-process not delivering all events to chart?

Filtering lookups based on dates

How can I get a connected account at present?

Formatting data to be parsed by splunk.

Time Latency calculation from log files for an application transaction across time lines

Search not updating

Seem to have broken dedup (showing oldest rather than newest)

Change partition of where the search data is queued up

http status lookup fields are not listed under pickup fields

If you have multiple search heads do lookup tables need to be copied to all of them or does bundle replication take care of this?

Need string minus last 2 characters

Misconfigured view error after upgrade to 4.2.3

Need help defining fields

stats count only showing 10 results

Splunk Enterprise Security 8.0.2 Availability: On cloud and On-premise!

Logs to Metrics

Developer Spotlight with Paul Stout

Search result evaluates to true when it is false

dashboard time token with multiple ealiest/latest ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...