Splunk Search

Ask a Question

Discussions

Thread Info

Sum session value from several servers?

Hi all, I've been trying hard for two days now, but doesn't seem to find how to query to get the following graph: ...

by New Member in

Delete old data from lookupfile

Hi, I have a lookup file which will get update daily(from a scheduled search ), I need keep only last 45 days data...

by Path Finder in

What happens if strptime doesn't see an expected field?

Greetings everyone. Right now I am working with a filetype which contains a compilation of events from 4 different so...

by Builder in

Multiline Multivalue parsing

I need to parse logs (windows events) that look roughly like this: field1=[value1] field2=[value2] field3=[value3]...

by Explorer in

subsearch by ip and then host

I am building a dashboard based on all activity related to an IP. I have one source that generates events, but does n...

by Contributor in

Avoid .csv extension while doing outputlookup / creating lookup file

Hi , How to avoid .csv extension while i am mentioning lookupfile name in outputlookup Ex : ..search | outputlo...

by Path Finder in

Transaction incorrectly grouping results

Splunk command: host="Fleet34" product=MCA AND NOT category=environment | transaction startswith="product=MCA acti...

by Path Finder in

Rename Field created with Interactive Field Extractor

How does one rename a field created with the Interactive Field Extractor?

by Contributor in

fieldformat command giving error

Hi, I am using Splunk 4.1.2. I am trying to use fieldformat to format the _time to avoid converting it to string. ...

by Explorer in

Can I use splunktcp connections without forwarding audit logs?

Hi, I have a splunk feed I want to forward to a customer - it has it's own index which it fills from Windows Event...

by Path Finder in

adding an event to a query

Hello, I have a problem with trying to add a manual event to a query. For example I have a query that produces a list...

by Explorer in

How do I get distinct values for a derived field in a search?

Good afternoon all, I have a datasource that I've used transforms.conf and props.conf to create a "field" derived ...

by Communicator in

_time and transactions

Hello, I've been experimenting with queries that makes use of the transaction command but overrides the _time field. ...

by Explorer in

How do I split a log entry into tags?

Good evening all, I was hoping to get an idea of the best practices in breaking out a custom field. My log reco...

by Communicator in

matching fixed width fields or fields with spaces from scripted input

I'm attempting to pull in data from iisweb.vbs /querv ia a scripted input. On Windows this will show a table of the s...

by Builder in

Events for sourcetype not visible

We've done the following so far. Setup a new App through the webuiSetup a new index through the webui with the sam...

by Engager in

4.3 chart only displays first 40 events

I have a search/report that results in 72 events. Since upgrading to 4.3, only the first 40 events are displayed in t...

by Explorer in

Comparing two fields from different sources, eval and subsearch?

Hello all, brand new to Splunk so please bare with me. I have two csv files as two different sources with the same...

by Splunk Employee in

scheduler of limits.conf question

The number of scheduled search splunk is able to run at same time is 25% of maximum number of concurrent searches on ...

by Builder in

Regex using transforms.conf

I'm not quite sure if I'm doing this right or going in the right direction. I have a log where the results are a bunc...

by Builder in

Change the Fschange indexing date

Is it possible to change the Fschange indexing date, not time? My need is: if a file is added/modified/deleted the...

by Explorer in

Supported browsers

Doc mention http://docs.splunk.com/Documentation/Splunk/4.2.4/Installation/Systemrequirements Safari 3 support. When ...

by Splunk Employee in

Best way to mass and bulk export searched fields and events for data warehousing.

It appears that there are several ways to bulk export data from Splunk. -rest API -search query option: outputcsv -cl...

by Path Finder in

multiple field conversions in a search eg kb to Mb

Hi, I have multiple fields returned in a search that I to plot as separate lines on a line graph. however, both fi...

by Path Finder in

'NOT' not working properly since 4.3

After upgrading to 4.3 I noticed one of my timecharts was not working correctly: searchterm NOT port=16 | timechar...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Sum session value from several servers?

Delete old data from lookupfile

What happens if strptime doesn't see an expected field?

Multiline Multivalue parsing

subsearch by ip and then host

Avoid .csv extension while doing outputlookup / creating lookup file

Transaction incorrectly grouping results

Rename Field created with Interactive Field Extractor

fieldformat command giving error

Can I use splunktcp connections without forwarding audit logs?

adding an event to a query

How do I get distinct values for a derived field in a search?

_time and transactions

How do I split a log entry into tags?

matching fixed width fields or fields with spaces from scripted input

Events for sourcetype not visible

4.3 chart only displays first 40 events

Comparing two fields from different sources, eval and subsearch?

scheduler of limits.conf question

Regex using transforms.conf

Change the Fschange indexing date

Supported browsers

Best way to mass and bulk export searched fields and events for data warehousing.

multiple field conversions in a search eg kb to Mb

'NOT' not working properly since 4.3

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!