Splunk Search

Ask a Question

Discussions

Thread Info

Error on saved searches after upgrading to 4.2.1

After I've upgraded splunk from 4.1.5 to 4.2.1,some of the saved searches encountered errors now,while some are ok. ...

by Contributor in

SYS logging an ASA

Hi, I have installed the Cisco Security suite and Cisco Firewall apps. I have setup UDP port 514 and told the ASA ...

by Explorer in

What are the precise Search strings used in the Summary View?

Hello. I am fairly new, and I am studying hard to learn the nuances of Searching and building Dashboards. I thought i...

by Path Finder in

Advanced view using post processing is not displaying a graph

I have followed the documentation to create an advanced view that should utilize post processing to generate multiple...

by New Member in

ideas for reliably bracketing timerange around discrete 'snapshots'

Say that you have a huge volume of events, and they come in big batches. Each batch is a discrete unit, and mixing in...

by SplunkTrust in

Elapsed time

How to get elapsed time? I have the following |eval tnow = now() |convert ctime(tnow) as currtime | eval el_time =(c...

by New Member in

why can't I search metadata via distributed search?

A question regarding the search in the CLI. I need to search the metadata via the CLI - it appears I can not ./...

by New Member in

can i use index time and search time field extraction for a particular source type?

For a particular sourcetype I need to have two fields extracted at index time and also 10+ fields extracted at search...

by Communicator in

Append multiple searches and sort the result set with no repeated rows

I have the following Splunk search query that is working fine: sourcetype="x" "ABC" NOT D| lookup rr_by_dd dd as d...

by Motivator in

Permissions scheduled searches

I have a user that is scheduling a saved search and has results get sent to multiple users. When the users click on t...

by Path Finder in

Incorrect Imail Events

I am trying to have my Imail Logs indexed correctly. Right now there is no order to the events. They should be separa...

by Engager in

Group By in search

I have the following search : index="efept" source=/var/log/efe/server.log host=efeprodapp13 FilingTypeId: AND Rou...

by New Member in

Concatenate fields into string on form

I want a form that will allow a user to "build" the appropriate "source" (or log file name) based on selecting variou...

by Communicator in

How do you disable search assistant?

Disabling search assistant under the search app

by Splunk Employee in

How can I get rid of thousands of automatically created sourcetypes

I've had the misfortune of feeding 30K input files from Amazon S3 Cloudfront logs into my live Splunk instance, witho...

by Engager in

How to schedule a search to run every minute, starting from 00:40, to 02:20 (unequal hour boundaries)?

I need to monitor for unscheduled downtime while avoiding scheduled downtime that happens at unequal hour boundary. ...

by New Member in

Avoiding duplicate text in eventtype

Hi folks, I'm trying to create an eventtype to match ERROR in my tomcat logs. The log messages for a single servi...

by Engager in

Search Pooling on *nix - alternatives to NFS

Hi Is it possible to get search head pooling to work on *nix with a remote fs (shared storage) other than NFS - pe...

by Path Finder in

Strange character escaping in eval and rex

I am breaking my head over this. Sometimes our users login to our web application using username: "myuser" or "my...

by Path Finder in

How to do this search?

Hi~there, The first search is quite simple, just extract top 10 stats count by src, so i use my search | stats ...

by Contributor in

How can I upload & Replace lookup files on a weekly basis?

Hi guys, I'm using a lookup table that is subject to the occasionally change. I've been trying to setup a weekly j...

by Path Finder in

How to search for script creating an “outbound denial of service attack (DOS)”

I’ve just been told by my hosting company that my server is creating an “outbound denial of service attack (DOS)”. ...

by New Member in

Convert Hexadecimal IP(v4) addresses to decimal?

Logged output is like: ... ip: 0xAABBCCDD, ... I'd like to convert the AABBCCDD to 170.187.204.221, and map the lo...

by Path Finder in

Intermitettent Failures of search using timechart

I have a splunk 4.2.2 installation where I am doing the following search and plotting the results . Search works some...

by Path Finder in

day by day comparison

I'm trying to build a graph in Splunk to provide a day-by-day comparison of particular response codes. For exampl...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Error on saved searches after upgrading to 4.2.1

SYS logging an ASA

What are the precise Search strings used in the Summary View?

Advanced view using post processing is not displaying a graph

ideas for reliably bracketing timerange around discrete 'snapshots'

Elapsed time

why can't I search metadata via distributed search?

can i use index time and search time field extraction for a particular source type?

Append multiple searches and sort the result set with no repeated rows

Permissions scheduled searches

Incorrect Imail Events

Group By in search

Concatenate fields into string on form

How do you disable search assistant?

How can I get rid of thousands of automatically created sourcetypes

How to schedule a search to run every minute, starting from 00:40, to 02:20 (unequal hour boundaries)?

Avoiding duplicate text in eventtype

Search Pooling on *nix - alternatives to NFS

Strange character escaping in eval and rex

How to do this search?

How can I upload & Replace lookup files on a weekly basis?

How to search for script creating an “outbound denial of service attack (DOS)”

Convert Hexadecimal IP(v4) addresses to decimal?

Intermitettent Failures of search using timechart

day by day comparison

SOC4Kafka - New Kafka Connector Powered by OpenTelemetry

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

Building Momentum: Splunk Developer Program at .conf25

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions