Splunk Search

Discussions

Thread Info

IIS logs and v4.2.4

I have set up a universal forwarder to forward IIS logs from C:\inetpub\logs\LogFiles\W3SVC7 to my splunk server on p...

by Path Finder in

Search head not writing to internal or summary indexes

We recently migrated a search head off an indexer onto a dedicated server. However it would seem that none of the int...

by Contributor in

Index data volume for logs older than a year

Hi, Can someone tell me how to run a query that will return the size (MB) of total index volume for all logs that...

by Contributor in

Need help in lookups

Hi, I am having trouble using lookups. I have four fields in a csv file error_code,criticality, service,service_ty...

by Engager in

SYSLOG - Regex Help needed - selecting second of two IP addresses.

Hi all, I have syslog data coming in - it features a src and dst IP address but how can I write a regex to select ...

by Explorer in

Subsearch to return hostname vs IP

I'm attempting to run a given search to return bandwidth hogs by MBs downloaded. I have a search that will successful...

by Path Finder in

Putting count first in top results

I would like count to be the first field when I use top, rather than the last (one of my fields is very long and so c...

by Path Finder in

Problems with props.conf and regex

I have a tab delimited log file that looks like: #Fields: time Data LoginID ContextID "2011-02-20 21:3...

by New Member in

scripted lookup fails with pooled search heads

I had a scripted lookup working (the dnslookup using external_lookup.py) with a standalone search head. Now that i've...

by Communicator in

Defining a Real time search window

Hello, I would like to set a real time search which counts events occurred starting from the beginning of the day...

by Explorer in

Trouble with MultiValue Fields

Hello community! We're really stuck on a question ... Basically we are trying to do ask the following question ...

by New Member in

Finding fields in more than one list (subsearch? append?)

Hi, I have a list of login events, some which fail, some which succeed. In some cases, the IP address that succeed...

by Contributor in

Parsing custom log names into different indexes. Same folder.

My question has to deal with regex and the inputs.conf. It's new to me so I'm taking it slow. We have all of our cust...

by Explorer in

search history not working

I just did a clean installation of splunk on my windows7 64bit workstation. why is search history not showing up whil...

by Explorer in

kv extract escape keyword

using the opsec lea app and noticed that two of the default kv extract key/value pairs werent working for me. The log...

by Communicator in

Stacked Bar Chart - Disk Usage

Now, I am collecting a disk space log by using a WMI. I want to make a stacked bar chart about disk space. How can I ...

by Explorer in

Regex in Whitelist, in inputs.conf... Help!

Hi... Pls forgive me, I have not used Regular Expressions in quite a while, and the following one really threw me. I'...

by Path Finder in

Combine the count of multiple fields for a common result

Hi all, I am mainly asking this here as it's a little past my knowledge with Splunk. Basically, I'm after a way of...

by Path Finder in

Need Assistance with Search Construction

We have a wireless controller that provides logs. I am trying to construct a search that would provide the number of ...

by Builder in

Question about a search which displays a sudden rise of hits

hi. We are splunking this dhcp service we have and we had a problem id like to narrow down with a smart search : I ha...

by New Member in

Search screens not completing

Env: Windows 2008 R2, Splunk 4.2.2 For the last month or so most of the Splunk search screens have not been comple...

by Engager in

case sensitive dedup?

I have two hosts, one named lower case 'server01', the other named upper case 'SERVER01'. When I do a search such as ...

by Explorer in

Search view that only searches on specified index

Hi, I'm trying to create a Search view that only searches on the index I specify. But I don't seem to figure out h...

by Explorer in

How to calculate time from event beginning and end.

I would like to display the average time Oracle is taking to perform a check point. I have filtered out the following...

by Engager in

Having Problems with timechart's searching

Hi, I am trying to do a timechart which shows the amount of sessions opened/closed. Where the Opened and Closed ar...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

IIS logs and v4.2.4

Search head not writing to internal or summary indexes

Index data volume for logs older than a year

Need help in lookups

SYSLOG - Regex Help needed - selecting second of two IP addresses.

Subsearch to return hostname vs IP

Putting count first in top results

Problems with props.conf and regex

scripted lookup fails with pooled search heads

Defining a Real time search window

Trouble with MultiValue Fields

Finding fields in more than one list (subsearch? append?)

Parsing custom log names into different indexes. Same folder.

search history not working

kv extract escape keyword

Stacked Bar Chart - Disk Usage

Regex in Whitelist, in inputs.conf... Help!

Combine the count of multiple fields for a common result

Need Assistance with Search Construction

Question about a search which displays a sudden rise of hits

Search screens not completing

case sensitive dedup?

Search view that only searches on specified index

How to calculate time from event beginning and end.

Having Problems with timechart's searching

What's New in Splunk Cloud Platform 9.3.2411?

Buttercup Games: Further Dashboarding Techniques (Part 6)

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

ES8 + Mission Control Usage rest API

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...