Splunk Search

Ask a Question

Discussions

Thread Info

Context Search

Hi, Is there any way to do a contextual search in Splunk? For example, if I issue the command "grep -C 5 failed ...

by Path Finder in

Log Archive

Hi, I am testing automatic Log Archiving for my Splunk Deployment. i am testing this on one of my single index nam...

by Path Finder in

lookup hostname to ip address but output different results?

Hi~there i found that when using external_lookup.py provided in $SPLUNK_HOME/etc/system/bin/, the lookup results s...

by Contributor in

Problem with the diff command

Hi! Every time a user enters my system, I report his userId. I tried using the DIFF operation to find out which us...

by New Member in

compare linecount for files

I am using splunk to compare the output of routes from a list of firewalls. The output contains a listing of routes. ...

by Communicator in

Extracting stats from different fields in the same series of events

I've got a series of events with a timestamp and two numbers, like so: "2011-05-29 22:54:06",68,31 "2011-08-15 10:...

by Communicator in

Possible to achieve eval results per host?

Working with stat log events from DJB's dnscache. These look like: @400000004f3ebb59244cc72c stats 275245265 ...

by Engager in

stats for user internet traffic

I am trying to write a query that filters our users' network traffic. I would like the query to return information on...

by Path Finder in

Add events mid search

Is it possible to recover events that I've filtered out in a search, ie (and I know this is a daft example but it's g...

by Path Finder in

Issue with accessing http://l-156009194:8000/

Hi, I recently installed splunk on Windows. I was able to login into the Splunk webbased UI. ( http://l-156009194:800...

by Engager in

how to search with one variable to pull different types of values back and make another search with those values

I will lay out the scenario, i work in security and I want to look for trending from our VPN users. I want to pass on...

by New Member in

Removing a listener via CLI

Hey everyone, I am just trying to figure out how to remove a specific listener via CLI. I can find the command to cre...

by Builder in

how do I find the different packages installed on two hosts?

I have a scripted input that takes in rpm -qa output and want to find out the difference in packages installed on two...

by Splunk Employee in

total change in a field every time another field changes

I am working on a game, and have been asked to create an interesting dashboard. My superiors want to know how long it...

by Path Finder in

How to pass a value from the outer search to the inner subsearch?

I'm trying to compose a search like this: sourcetype=A | eval param=ceil(SomeField) | join Name [search sourcetype...

by Communicator in

Concurrent searches

It seems that non-admin users are only able to have three searches running simultaneously. Is there a way to increase...

by Path Finder in

Block access to Manager

I have seen several questions about restricting access to "Manager" but all of the answers seem to require coding Jav...

by Communicator in

Wrapping fieldnames in $...$ breaks saved search

I am wrapping numerically names fields in $...$ to force splunk to interpret them as field names. This works great in...

by Path Finder in

Filed extraction assistance

iam trying to extarct the room name fromt eh string below but the automatioc filed extraction does not fined enough e...

by Path Finder in

How do I search for all events occuring 24 hours prior to a variable time?

I'm running Splunk v4.1.5, and I'm trying to specify a time range in my search so that I can find events within a cer...

by New Member in

splunk restful service not working

I am trying to get restful service from splunk curl -k -u username:password -k https:// /services/search/...

by Builder in

Restrict access to "Manager"

Hi, I running Splunk 4.1.6 and I'm trying to create a role which allows the user to only have read access to the S...

by Explorer in

How to extract field in search

I am trying to perform a search and using regx and parameter can summarize the result based on two fields which are f...

by Explorer in

facing issues when querying with cs_uri_stem

I see a different web page mentioned in the body of indexed log and another mentioned in its cs_uri_stem. For example...

by Explorer in

Uncompressed Data

I have just turned on compression and have over 100 GB of uncompressed data. How can I compress it and Splunk still b...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Context Search

Log Archive

lookup hostname to ip address but output different results?

Problem with the diff command

compare linecount for files

Extracting stats from different fields in the same series of events

Possible to achieve eval results per host?

stats for user internet traffic

Add events mid search

Issue with accessing http://l-156009194:8000/

how to search with one variable to pull different types of values back and make another search with those values

Removing a listener via CLI

how do I find the different packages installed on two hosts?

total change in a field every time another field changes

How to pass a value from the outer search to the inner subsearch?

Concurrent searches

Block access to Manager

Wrapping fieldnames in $...$ breaks saved search

Filed extraction assistance

How do I search for all events occuring 24 hours prior to a variable time?

splunk restful service not working

Restrict access to "Manager"

How to extract field in search

facing issues when querying with cs_uri_stem

Uncompressed Data

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions