Splunk Search

Discussions

Thread Info

Max Response Time

In my application the SystemOut logs from the Websphere logs are sent to Splunk Server. In these logs i have a log st...

by New Member in

WindDHCP app returning no result

I have installed the app and faithfully followed the instructions provided but I still see no result when I try to la...

by Explorer in

Finding length of time that a field remains the same.

I've got some logs where a certain field ('randomletter') is normally X, but occasionally changes to Y (or even Z!) ...

by Communicator in

Props.conf and LINE_BREAKER Regex

I have created a regex; (\d+)(:)(\d+)(:)(\d+)(\.)(\d+) To act as my LINE_BREAKER in the props conf file for an...

by Champion in

Transactions/Stats?

I have a log file that contains multiple fields that are time oriented fields. The fields in this instance are the st...

by Explorer in

regex and rex issue advise for extraction of http headers

Trying to do an inline regex on the snip of log below. The item that I am trying to extract is the hostname admin.tes...

by Path Finder in

Permissions for index access

We are running the new splunk universal forwarder on an application server. It has the standard setup to recursively ...

by Path Finder in

limiting the scope of index=* in a metadata search

I am using this search: | metadata index=* type=hosts | eval age = now()-lastTime | where age > (2*86400) | sort a...

by Motivator in

How can I do extract fields through the CLI?

Hi, I'm trying to do this search "sourcetype="MySQL" | multikv fields Variable_name Value | search Variable_name="...

by New Member in

Splunk and Drilling down into Charts

Hi I am using a Pie chart and I want to be able to drill down into see the results, but when I try this, I get the...

by New Member in

Search for events in a specific time range

I have data eg. as follows :- rectype=031 OMD_StrtTime_002="Wed Jul 20 02:59:59 2011" OMD_Endtime_003="Wed Jul 20 ...

by Explorer in

How to write a seach query with 2 searches

I need to know how to write a search query with 2 searches where the second search takes the value of the field, IP a...

by Explorer in

Adding field to results of count querry

How would I add field x to the results of count(y) as z so that the results are x z count(y)? I know it is simple but...

by Explorer in

Reporting the number of events in an index

I want to report the number of events in a given index using a scheduled overnight report and send the PDF output to ...

by Explorer in

Error on saved searches after upgrading to 4.2.1

After I've upgraded splunk from 4.1.5 to 4.2.1,some of the saved searches encountered errors now,while some are ok. ...

by Contributor in

SYS logging an ASA

Hi, I have installed the Cisco Security suite and Cisco Firewall apps. I have setup UDP port 514 and told the ASA ...

by Explorer in

What are the precise Search strings used in the Summary View?

Hello. I am fairly new, and I am studying hard to learn the nuances of Searching and building Dashboards. I thought i...

by Path Finder in

Advanced view using post processing is not displaying a graph

I have followed the documentation to create an advanced view that should utilize post processing to generate multiple...

by New Member in

ideas for reliably bracketing timerange around discrete 'snapshots'

Say that you have a huge volume of events, and they come in big batches. Each batch is a discrete unit, and mixing in...

by SplunkTrust in

Elapsed time

How to get elapsed time? I have the following |eval tnow = now() |convert ctime(tnow) as currtime | eval el_time =(c...

by New Member in

why can't I search metadata via distributed search?

A question regarding the search in the CLI. I need to search the metadata via the CLI - it appears I can not ./...

by New Member in

can i use index time and search time field extraction for a particular source type?

For a particular sourcetype I need to have two fields extracted at index time and also 10+ fields extracted at search...

by Communicator in

Append multiple searches and sort the result set with no repeated rows

I have the following Splunk search query that is working fine: sourcetype="x" "ABC" NOT D| lookup rr_by_dd dd as d...

by Motivator in

Permissions scheduled searches

I have a user that is scheduling a saved search and has results get sent to multiple users. When the users click on t...

by Path Finder in

Incorrect Imail Events

I am trying to have my Imail Logs indexed correctly. Right now there is no order to the events. They should be separa...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Max Response Time

WindDHCP app returning no result

Finding length of time that a field remains the same.

Props.conf and LINE_BREAKER Regex

Transactions/Stats?

regex and rex issue advise for extraction of http headers

Permissions for index access

limiting the scope of index=* in a metadata search

How can I do extract fields through the CLI?

Splunk and Drilling down into Charts

Search for events in a specific time range

How to write a seach query with 2 searches

Adding field to results of count querry

Reporting the number of events in an index

Error on saved searches after upgrading to 4.2.1

SYS logging an ASA

What are the precise Search strings used in the Summary View?

Advanced view using post processing is not displaying a graph

ideas for reliably bracketing timerange around discrete 'snapshots'

Elapsed time

why can't I search metadata via distributed search?

can i use index time and search time field extraction for a particular source type?

Append multiple searches and sort the result set with no repeated rows

Permissions scheduled searches

Incorrect Imail Events

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...