Splunk Search

Discussions

Thread Info

Speeding up XML searches

It seems I need to use 'xmlkvrecursive' to properly parse XML log files where the tags may contain many attributes. H...

by Explorer in

how to extract fields from one event in a log file and append them to other events in same log?

My log files: ============= 2011-06-05 05:11:23.234 Program Version 10.02.2345 2011-06-05 05:11:23.239 event...

by Explorer in

How do I get the amount of time between event A and B into a field?

Say you have a stream of events, such as web page accesses. There is no field for amount of time on a certain page, s...

by Motivator in

Calculate availability as percent per month

I have following search which calculates seconds UNavailablity: host=psdkxp* FMT=IOSTAT* APP=TMA PRJ=IPSMON RCD=0 ...

by Communicator in

How to set Default Time Range for View in viewstates.conf

I have Screen 1 for which I have set default time range in viewstates.conf for a user as follows: [Screen_1:_curre...

by Path Finder in

Search query on page load and after selecting particular host?

Hello, I have following query. $HostSelectBoxValue$ is drop down field name. I have to run this query on page load...

by Path Finder in

why is my search not returning any output ?

Hi There, I'm pretty new to the splunk. we have 3 physical splunk servers and all the forweders are forwarding to ...

by New Member in

Is it possible to send a search to the background from the search string?

I would like to build a dashboard that contains form fields for the start time/date and end time/date of a series of ...

by Communicator in

Filtering Chart data after transaction function

Consider log entries such as the following: 20110605.132223 CONNECT misc.data 10.10.10.2 ID=12345 20110605.132298...

by Communicator in

Transaction Oddities (comparison, field splitting, click vs. type)

Yodas, I'm getting odd returns for a transaction in which the final search operator works one way for exact match...

by Communicator in

Fields through REST API

When using the REST API through a Java application I only receive fields that I explicitly search for (e.g. "51094833...

by Engager in

tracking hosts through a state diagram

I need to track hosts as they move through a state diagram. Specifically, show only events that indicate state change...

by Path Finder in

IPV6 address field extraction issue

Hi everybody, I am trying to use splunk> to extract some information from a set of IIS log files. Basically, I am ...

by Engager in

How to set access rights for view according to user

Hello, I want to set access rights according to users. I have three user as of now admin,user1 and user2, and h...

by Path Finder in

How to extract a field based on character count?

I have a field name X with the following value: 0123456789. I want to create another field that is based on the firs...

by Explorer in

How does splunk decide Time Interval for Time range Picker

How does splunk decide time interval for Time Range selected in Time Range Picker. For Ex- When we select "Last 7 Day...

by Path Finder in

index-time extractions

Hi, I am trying to configure some index-time field extractions on a SplunkForwarder, so that I can tag all events ...

by Explorer in

named field for indexed data

I am looking to setup a dashboard that displays data from various indexes. I was looking to just use a data table or ...

by Communicator in

Multline searches.

I'd like to get a bunch of data from disk configuration but its all multi-line stuff. Data Sample below but this ...

by Contributor in

Pie Chart report with two field counts

Hi Cloud of wisdom  I am starting with splunk> , and I am stucked trying to create a simple report. Basically...

by Engager in

Inability to Write to Lookup FIle

The PCI app is producing errors indicating that the lookup files could not be written. Below is an example of the err...

by Champion in

add additional fields to lookup

I have a data set that I am running a search on. From this data set I am creating a lookup of domains. I want to take...

by Path Finder in

How to See Pervious Screen with all Graphs Loaded without searching again

I have Screen A. Screen A has 2 Graphs.Data for Screen A is very High hence it takes a lot of time to Load graphs on ...

by Path Finder in

How to set default value in query

Hello, Thanks for your valuable time and help. I have one view with host drop down and one time chart. I am wri...

by Path Finder in

How to set radialGauge text value?

How can I set a static value on a radial Gauge instead of the event count? I have tried: <module name="HiddenCha...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Speeding up XML searches

how to extract fields from one event in a log file and append them to other events in same log?

How do I get the amount of time between event A and B into a field?

Calculate availability as percent per month

How to set Default Time Range for View in viewstates.conf

Search query on page load and after selecting particular host?

why is my search not returning any output ?

Is it possible to send a search to the background from the search string?

Filtering Chart data after transaction function

Transaction Oddities (comparison, field splitting, click vs. type)

Fields through REST API

tracking hosts through a state diagram

IPV6 address field extraction issue

How to set access rights for view according to user

How to extract a field based on character count?

How does splunk decide Time Interval for Time range Picker

index-time extractions

named field for indexed data

Multline searches.

Pie Chart report with two field counts

Inability to Write to Lookup FIle

add additional fields to lookup

How to See Pervious Screen with all Graphs Loaded without searching again

How to set default value in query

How to set radialGauge text value?

Fastest way to demo Observability

September Community Champions: A Shoutout to Our Contributors!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions