Splunk Search

Ask a Question

Discussions

Thread Info

Unable to search for extracted substring if didn't start+end with word boundary in the string it was extracted from

Eaxmple: Sourcetype "test" contains only one event. The event's _raw is "The quick brown fox jumps over the lazy ...

by Path Finder in

max index size value

How do I search for and return the max index size as defined by the indexes.conf file? I want to get the same valu...

by Communicator in

Convert search value to field name for input to another search

Is there a way to take a value from one lookup or search and make it the field name for the other. Example: | eval...

by Path Finder in

Perform searches for computer system process

Can anyone provide for me apart from CPU and memory, what else can I search for under system process?

by Explorer in

Working with multiple rows of results?

Hey folks: I'd like to do a little looping/grouping of search results but aren't familiar enough with Splunk comma...

by Engager in

How to plot number of users based on start and stop time?

Hi allknowing Splunkbase! I have events that have the value x_duration and start time - With this value we can cal...

by Engager in

setup and search matters

What are the configuration/setup I have to do in order to use Splunk in Redhat Enterprise Linux? What is the reason o...

by Explorer in

changing the existing dashboard reports to show real-time alert

How can I show and update the real-time alert whenever I have created the dashboard previously?

by Explorer in

Issue with inputlookup, regex and domain csv file

I have a CSV file (test.csv) that contains malicious domains and want to use that to see via Squid logs if anyone has...

by New Member in

Splunk receiver metadata

How does a receiving Splunk know what's being sent - or do I have to refer to the forwarding Splunk to know about the...

by Explorer in

Getting multivalued field values that are truncated by auto field extraction

Excuse me, I have a data like this: index=test, product=a, category="1";"3";"6",..... how do I set the multi fiel...

by Explorer in

extracting search fields using regexp in transforms.conf not working

I refered to the following documentation to try and get this working: http://www.splunk.com/base/Documentation/3.0...

by Path Finder in

which props.conf do i modify for search-time field extraction?

I am new to splunk so forgive my ignorance. My set up is that I have splunk forwarders sending data to two load balan...

by Path Finder in

Paused searches available after a restart?

We have a long search running, and need to restart Splunk. Will a job that is "paused" be able to be restarted after ...

by Motivator in

Alert on user with different src address

Hello, I'm trying to setup an alert that fires when a user tries to log in from more than one src ip address within t...

by Builder in

Multi-line event field extraction

I have logs being indexed that look like: /some/filesystem/path 1234567890 1500 /some/filesystem/path2 1256320145 ...

by Path Finder in

Most efficient to find most recent eventtype by host

It is easy and fast to get the last event logged by a particular host using metadata, but has anyone concocted an eff...

by Contributor in

Is it possible to refer to externally-hosted CSS, images, etc in view XML?

I'm trying to create a customized view by building my own XML, and I see that it's possible to refer to CSS and image...

by Engager in

multivalues in field

I have a data like this: NUM=001,Rules="Food Water" NUM=002,Rules="Water Product" NUM=003,Rules="Water" N...

by Explorer in

ossec_agent_management.xml

Hi Paul, This is only a remark. I had to change this line in the ossec_agent_management.xml to have my OSSEC Se...

by New Member in

Getting the wrong list of OSSEC server when rebuilding lookup table?

Hi, I have only one the OSSEC server (manager) where I install Splunk. When I access OSSEC Agent Status from the D...

by New Member in

Multi-Line event

Sorry complete newbie, having trouble getting my head around splitting this log into distinct event. The default proc...

by Engager in

Per-app field name prefixes?

We're building an app for WebSphere and trying to come up with a naming convention for field names. I'm nervous a...

by Contributor in

Jobs Page Show Owner as Logged in User and Status Running

Is it possible to set this up? Upon landing on the jobs page to have the 'Owner' as myself (currently logged in) w...

by Contributor in

Subsearch does not work

What is wrong with following search: sourcetype="security" ip=[search sourcetype=access_combined status=401 client...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Unable to search for extracted substring if didn't start+end with word boundary in the string it was extracted from

max index size value

Convert search value to field name for input to another search

Perform searches for computer system process

Working with multiple rows of results?

How to plot number of users based on start and stop time?

setup and search matters

changing the existing dashboard reports to show real-time alert

Issue with inputlookup, regex and domain csv file

Splunk receiver metadata

Getting multivalued field values that are truncated by auto field extraction

extracting search fields using regexp in transforms.conf not working

which props.conf do i modify for search-time field extraction?

Paused searches available after a restart?

Alert on user with different src address

Multi-line event field extraction

Most efficient to find most recent eventtype by host

Is it possible to refer to externally-hosted CSS, images, etc in view XML?

multivalues in field

ossec_agent_management.xml

Getting the wrong list of OSSEC server when rebuilding lookup table?

Multi-Line event

Per-app field name prefixes?

Jobs Page Show Owner as Logged in User and Status Running

Subsearch does not work

Building Reliable Asset and Identity Frameworks in Splunk ES

Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting

Automatic Discovery Part 3: Practical Use Cases

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions