Splunk Search

Discussions

Thread Info

Finding fields in more than one list (subsearch? append?)

Hi, I have a list of login events, some which fail, some which succeed. In some cases, the IP address that succeed...

by Contributor in

Parsing custom log names into different indexes. Same folder.

My question has to deal with regex and the inputs.conf. It's new to me so I'm taking it slow. We have all of our cust...

by Explorer in

search history not working

I just did a clean installation of splunk on my windows7 64bit workstation. why is search history not showing up whil...

by Explorer in

kv extract escape keyword

using the opsec lea app and noticed that two of the default kv extract key/value pairs werent working for me. The log...

by Communicator in

Stacked Bar Chart - Disk Usage

Now, I am collecting a disk space log by using a WMI. I want to make a stacked bar chart about disk space. How can I ...

by Explorer in

Regex in Whitelist, in inputs.conf... Help!

Hi... Pls forgive me, I have not used Regular Expressions in quite a while, and the following one really threw me. I'...

by Path Finder in

Combine the count of multiple fields for a common result

Hi all, I am mainly asking this here as it's a little past my knowledge with Splunk. Basically, I'm after a way of...

by Path Finder in

Need Assistance with Search Construction

We have a wireless controller that provides logs. I am trying to construct a search that would provide the number of ...

by Builder in

Question about a search which displays a sudden rise of hits

hi. We are splunking this dhcp service we have and we had a problem id like to narrow down with a smart search : I ha...

by New Member in

Search screens not completing

Env: Windows 2008 R2, Splunk 4.2.2 For the last month or so most of the Splunk search screens have not been comple...

by Engager in

case sensitive dedup?

I have two hosts, one named lower case 'server01', the other named upper case 'SERVER01'. When I do a search such as ...

by Explorer in

Search view that only searches on specified index

Hi, I'm trying to create a Search view that only searches on the index I specify. But I don't seem to figure out h...

by Explorer in

How to calculate time from event beginning and end.

I would like to display the average time Oracle is taking to perform a check point. I have filtered out the following...

by Engager in

Having Problems with timechart's searching

Hi, I am trying to do a timechart which shows the amount of sessions opened/closed. Where the Opened and Closed ar...

by Engager in

How do you dynamically change the legend labels

We have some timecharts that display information collected by Server_IP, using searches similar to this ... | time...

by Communicator in

Lookup Tables and Comments

I currently am using a lookup table to match Host Names with a "grouping" category. However, there are a ton of entri...

by Communicator in

Join Three data sources where one data source has a Multivalue field

I have 3 data sources. Data source 1 "Request": the Format of this data source is XML. The Fields are: id, MAC, ti...

by Motivator in

stacked column chart of success/failures split by URL over time

I'd like to have a stacked column chart showing the number of successful and failed requests to URLs over time. Follo...

by New Member in

list of searches

Is it possible to view the most recent list of searches and queries executed in Splunk? If so, how?

by Path Finder in

list of searches

Is it possible to view the most recent list of searches and queries executed in Splunk? If so, how?

by Path Finder in

Multiple sourcetypes per source

Hi, I have a novice question, but is it possible to have more than one sourcetype for a given source?

by Explorer in

No date_wday from U.F. collecting windows event logs

I was collecting windows event logs using agent less Splunk server through remote WMI calls and the "sourcetype=WMI:W...

by Motivator in

Real-Time Search and Alerting

Hello, I've figured out how to start a real-time search job. I'm wondering if there's any way to trigger a shell c...

by Engager in

select query based on unique id

Hi, I have a log where the, app logs the various steps for a unique opertaion id (id below) -> ...... ts=13188618399...

by New Member in

Matching the last instance of "endswith" in a transaction?

The transaction command matches only the first instance of the specified endswith, however it's possible and likely t...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Finding fields in more than one list (subsearch? append?)

Parsing custom log names into different indexes. Same folder.

search history not working

kv extract escape keyword

Stacked Bar Chart - Disk Usage

Regex in Whitelist, in inputs.conf... Help!

Combine the count of multiple fields for a common result

Need Assistance with Search Construction

Question about a search which displays a sudden rise of hits

Search screens not completing

case sensitive dedup?

Search view that only searches on specified index

How to calculate time from event beginning and end.

Having Problems with timechart's searching

How do you dynamically change the legend labels

Lookup Tables and Comments

Join Three data sources where one data source has a Multivalue field

stacked column chart of success/failures split by URL over time

list of searches

list of searches

Multiple sourcetypes per source

No date_wday from U.F. collecting windows event logs

Real-Time Search and Alerting

select query based on unique id

Matching the last instance of "endswith" in a transaction?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!