Splunk Search

Discussions

Thread Info

What does the following "red bar" message mean "Reached end-of-stream while waiting for more data from peer [INDEXER HOST NAME]. Search results might be incomplete"

This error has started showing up when searching back across larger data sets. we have several indexers and only one ...

by Communicator in

external_lookup.py fails when one input field missed

Hello, I use external_lookup (dnslookup) for a host source info. I have configured this automatic lookup: dnslooku...

by Path Finder in

table for two dimentional distribution

Hello, I am trying to create a bubble chart (this is not very much documented, hopefully this example will help) f...

by Communicator in

Index Time VS Actual Occurs Time

Hi all, I have a month (2010-Nov) SAR reports (30 copies) for my host which I want to import them to the Splunk s...

by Explorer in

Searching subnets

I noticed with splunk you can search subnets now. However I would like to search for all communications via my intern...

by New Member in

hide the duplicate events

Hello, I have 2 sources of events with "almost" the same framework and some of them reference the same event with ...

by Communicator in

How do I extract fields in line separated data without key-value pair?

Hi, I have a logfile containing data that looks like the below: Nov 21 13:59:41 hostname1 data1 data2 data3 Nov...

by Motivator in

timechart calculated grouped value

I have a query in the form eventtype="search" | stats count as search_count by host | appendcols [search applicati...

by New Member in

Combine search and sub search without losing records?

I am performing a search and sub search and would like to combine the results into a single result set. I have run th...

by Path Finder in

Cloudmark Gateway

Im sorry I am a little newbie with splunk, I would like to ask how to get cloudmark MTA logs to splunk?

by New Member in

SHOULD_LINEMERGE break

Hi all, I would like to break some lines into mutliple events. The break condition is the time, as you can see bel...

by Engager in

Ploting A line graph with Status as to be 0 or 1

Hi, I have to plot a graph from 0 to 1 for different clients but didn't finding any exact queries to do so. My ...

by Explorer in

Break into multiple events by time

Hi all, I would like to break a line in multiple events in my log files, you can see the break condition in bold: ...

by Engager in

Searching with some time slots excluded

I have some saved searches which should not trigger during certain window. For example, everyday from 12:00 AM to 2:0...

by Explorer in

Reporting on or displaying local PerfMon data

Hello I just setup a trial install of Splunk (running with an Enterprise license at the moment). My version is 4.2.5,...

by Path Finder in

Simple regex problem

Hi all I have hit a problem with Splunk which I am hoping someone might be able to offer some help with. I've just...

by New Member in

external_lookup example: Could not find all of the specified lookup fields in the lookup table

I got this error when I configure an automathic lookup: Could not find all of the specified lookup fields in the look...

by Path Finder in

Automatic search-time field extraction: Need equals sign??

I recently received a request/complaint from one of our users that a certain field ("Trace ID") was being extracted f...

by Path Finder in

Combining Multiple series

Hi, I'm pretty new to Splunk reporting, so maybe this is an easy one  I've build up a query joining 3 dat...

by Engager in

Problem with iplocation showing multiple City and Country fields

I'm getting unusual results when invoking the iplocation command (listed below). When the table is displayed it marks...

by Explorer in

Query to get admin group log-in events

Is there is any splunk query to get all login events for all users from administrators group.

by Path Finder in

Help with CASE

How do I assign the value "Informational" to the field Severity when the AV Version contains NULL values byu using th...

by Communicator in

Simple stats conditional for alert

I've set up a simple search for flapping interfaces on our switches, looks like so: LINEPROTO-5-UPDOWN: Line prot...

by Path Finder in

How does SPLUNK learn and correlate ?

I'm interested in intelligent analytics applications i.e. learning about data behaviour in order to alert on non-norm...

by Engager in

field extraction in splunk

I have a field called: Message which contain below type of data. MESSAGE Special privileges assigned to new...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What does the following "red bar" message mean "Reached end-of-stream while waiting for more data from peer [INDEXER HOST NAME]. Search results might be incomplete"

external_lookup.py fails when one input field missed

table for two dimentional distribution

Index Time VS Actual Occurs Time

Searching subnets

hide the duplicate events

How do I extract fields in line separated data without key-value pair?

timechart calculated grouped value

Combine search and sub search without losing records?

Cloudmark Gateway

SHOULD_LINEMERGE break

Ploting A line graph with Status as to be 0 or 1

Break into multiple events by time

Searching with some time slots excluded

Reporting on or displaying local PerfMon data

Simple regex problem

external_lookup example: Could not find all of the specified lookup fields in the lookup table

Automatic search-time field extraction: Need equals sign??

Combining Multiple series

Problem with iplocation showing multiple City and Country fields

Query to get admin group log-in events

Help with CASE

Simple stats conditional for alert

How does SPLUNK learn and correlate ?

field extraction in splunk

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions