Splunk Search

Discussions

Thread Info

dedup in real time window is not working

I am using dedup in my search and my time criteria is real time. The events are coming every minute but the results a...

by Communicator in

Regex in transforms only matches parts of the data.

in inputs.conf: [tcp://:9995] connection_host = dns sourcetype = tcp:9995 source = tcp:9995 in props.conf: ...

by Engager in

Organising user defined searches into subfolders

I would like to organise my saved searches into subfolders in the drop down on the search app. I noticed that the ...

by New Member in

Lookup table to a lookup table. Examples please.....

Pardon my newbie'ness  Does anyone have an example where Search results are matched to table entries (simple CSV ...

by Explorer in

Tags VS lookup tables? - performance wise

Hi, I'd like to add knowledge to our splunk data and divide ips or computers to different groups like test/production...

by Communicator in

Searching the log pattern

2011-11-07 13:25:35,145 FE (Exe 45) (pid 11788) destroyed 2011-11-07 13:25:35,152 PNG.exe ...

by Path Finder in

splunk can't get wmi(wsql) query logs on windows 2008 64bit, windows 2003 64bit

Hi All, I have Windows 2008 64bit & Windows 2003 64bit server. I've installed splunk 4.2.4 64bit(via administrator...

by New Member in

Saved "search components"?

From what I've been reading, I don't see that this is possible, but... Is there any way to create a saved search that...

by Engager in

Performance Expectations

I'm running a search against about 1.2 million log records. Each record contains some geo tags and numeric values rep...

by Explorer in

failed logins locking accounts.

a bit of background info - we use sophos av software, and all machines use a local account on the sophos management s...

by New Member in

can't sort table results from a form search

Hi I wrote a simple form search dashboard using <table> module . I found if the number of results over 50,000 ...

by Communicator in

Error 500 when trying to create a report

Hello, I'm running a saved search which runs perfectly fine, but when I'm trying to use Report Builder I'm gettin...

by Explorer in

Issue w/ 'timechart' and 'transactions'

I've set up a transaction to determine successful login using the following: index=main sourcetype=TELEM | transac...

by New Member in

Extracting multiple field values from a comma seperated list

Hello All, What is the best way to extract into a single field mutiple values from a comma-seperated list: Exam...

by Path Finder in

Merging two log line

I have two log line with the same information. How can I do search so that it displays just one log?? For e.g. ...

by Path Finder in

Calculating battery lifespan

We are logging data from a number of devices which send a periodic heartbeat back to us, which among other things inc...

by Ultra Champion in

How to calculate length of session

I have ssh events in the following log format: sshd[31922]: pam_unix(sshd:session): session closed for user root ...

by Explorer in

Train dates fails to recognize any date format

I have tried to get Splunk to recognize a new format of dates but im unable even to get the train date to understand ...

by Explorer in

Time range search

I have splunk indexed log for 6 months but I want to search log for 20 days only(from current date till 20 days ago) ...

by Path Finder in

What is this Backfilling script??

What's the difference between daily, fivemin, and all backfilling python script? What does this script actually d...

by Path Finder in

how often do charts update? f5 ltm irule

I have the splunk irule working and I'm seeing information in the dashboards. However, the Top User Agents charts...

by Explorer in

SingleValue - Click through to search

I am trying to implement similar functionality to that seen in the Deployment monitor whereby there is a single value...

by Champion in

Chart Legend Drilldown

Hi, I would like to disable legend drilldown but in doing so, I want chart cell drilldown to not be disabled. Exam...

by Motivator in

Field Extraction - Extraction does and doesn't work

I have a search; host=127.0.0.1 type=* notification_level=Warning device_ip=192.168.0.1 If I add earliest=-12h...

by Champion in

Why enabling real time search does not display data immediately?

I am receiving events every 15 seconds. But when I enable real time search in default splunk search app for query sou...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

dedup in real time window is not working

Regex in transforms only matches parts of the data.

Organising user defined searches into subfolders

Lookup table to a lookup table. Examples please.....

Tags VS lookup tables? - performance wise

Searching the log pattern

splunk can't get wmi(wsql) query logs on windows 2008 64bit, windows 2003 64bit

Saved "search components"?

Performance Expectations

failed logins locking accounts.

can't sort table results from a form search

Error 500 when trying to create a report

Issue w/ 'timechart' and 'transactions'

Extracting multiple field values from a comma seperated list

Merging two log line

Calculating battery lifespan

How to calculate length of session

Train dates fails to recognize any date format

Time range search

What is this Backfilling script??

how often do charts update? f5 ltm irule

SingleValue - Click through to search

Chart Legend Drilldown

Field Extraction - Extraction does and doesn't work

Why enabling real time search does not display data immediately?

New This Month - Splunk Observability updates and improvements for faster ...

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Multiple results

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static