Splunk Search

Discussions

Thread Info

What does "yesterday" mean when data is spanning multiple timezones?

What is the expected outcome of the "Yesterday" time function when applied to data from multiple timezones. I have a ...

by Splunk Employee in

search question

In the search field, I entered: source=/logs/*/*.log it matches /logs/*/*.log and /logs/*/*/*.log. I need to see only...

by New Member in

lookup setup for regex extracted value

I have a extracted value from log, puserid. now I have map that Id to a user in lookup table. now when I am applying ...

by Path Finder in

how to modify a existing "search" ?

I create a search called: "poral_app_server", I made a modification to the search string, click "save search" and typ...

by New Member in

Field discovery with multi-value containing space

Hi, I'm trying to understand how the Field Discovery part works by default while dealing with a multi-value string c...

by New Member in

How to convert binary ms word doc into text so I can splunk it?

I currently have some medical records in doc form that are binary text created in ms office word. I want to create...

by Splunk Employee in

url search and chart

I have a bunch of uris to extract and categorize. And after that i need to timechart it by category. so say the lo...

by Path Finder in

Questions on Variable Manipulation.

I've got a chart that works great but just wanting to re-arrange the result. timechart eval(sum(Logical_Capacity_...

by Contributor in

Splunk Indexer giving lookup missing error

Hi All, I have the following setup in my environment: 1) light forwarder installed on the machine where logs are g...

by Explorer in

Drilldown problem

I have a problem where I have a table that has a _time column and two other columns, I have a search that sorts that ...

by Builder in

Add Data: A text file is being interpreted as a binary file

I do realize there is another thread where someone asks the same question, but he solved his problem when he checked ...

by Communicator in

comparing files

We have a flat file that contains user data. Changes made to this file are not audited. I'd like Splunk to report on ...

by Path Finder in

Search results don't show extracted field

I created a search time that works as expected when I do a search on only the sourcetype that I created the extractio...

by Path Finder in

Transactions with different field names

Hi, Hoping this is something simple that I'm not understanding. Example Data: Sourcetype=A Sport1=baseball S...

by Builder in

Search Field Extraction help

I have an _raw event with data that I would like to break out into key value pairs. I was wondering if anyone had any...

by Path Finder in

Creating usage reports from logfiles

Hi, I am new to splunk and heard it can do nearly every type of reporting. I have an ADSL router creating logs in ...

by Explorer in

error piping commands

I'm getting error an on piping one command into another. The result is a "Search operation 'earliest' is unknown. You...

by Contributor in

Custom fields

How can I check if my custom fields work ? How can I list the content of custom fields ? Thank you Markus

by Explorer in

addtotal/addcoltotals issue

Hello fellow Splunkers! ipc=ipc1-r6c10 Intake-Temperature=70 Exhaust-Temperature=82 Humidity=44% Amps=6 Volta...

by Path Finder in

Reinventing the wheel

I just setup my test forefront proxy server to forward logs to my test Splunk indexer. Is there a stash of existing q...

by Communicator in

Received event for unconfigured/disabled index... : When was this event received?

I have blue bar notification in each view informing me that an event was received "for unconfigured/disabled index='s...

by SplunkTrust in

make extract command overwrite fields

I have a field that looks like this: key1=value1*key2=value2*key3=value3 I put in a stanza in transforms that look...

by Path Finder in

how to calculate multiple stats count?

i have following data playdate, adid, store, 2011-08-23, 1 , s1 2011-08-23, 2, s2 2011-08-23, 1, s2 2011-08-25, 2...

by New Member in

Quadruple backslash required... bug or feature?

I'm encountering something that seemed non-intuitive to me in my Search app through the web interface. I'm trying to ...

by Explorer in

Exporting views and searches.

Hello. I have a set of advanced views, dashboards, searches, etc for the search app, which i have developed using ...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What does "yesterday" mean when data is spanning multiple timezones?

search question

lookup setup for regex extracted value

how to modify a existing "search" ?

Field discovery with multi-value containing space

How to convert binary ms word doc into text so I can splunk it?

url search and chart

Questions on Variable Manipulation.

Splunk Indexer giving lookup missing error

Drilldown problem

Add Data: A text file is being interpreted as a binary file

comparing files

Search results don't show extracted field

Transactions with different field names

Search Field Extraction help

Creating usage reports from logfiles

error piping commands

Custom fields

addtotal/addcoltotals issue

Reinventing the wheel

Received event for unconfigured/disabled index... : When was this event received?

make extract command overwrite fields

how to calculate multiple stats count?

Quadruple backslash required... bug or feature?

Exporting views and searches.

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions