Splunk Search

Discussions

Thread Info

Show scheduled search in something like the flashtimeline

Hi all, is there a method to show scheduled search with the result of the last schedule? something like the flashtime...

by Path Finder in

Custom Squid log format

Hi all, I'm trying to modify the SplunkforSquid app to read my squid custom log file format correctly. As per squ...

by Explorer in

rolling near-time results between 5 and 15 minutes?

How do I add a relative time range to a search that will allow me to see data between 15 and 5 minutes ago (read: not...

by Path Finder in

stats. eval and search macros?

I am using a search macro in an eval and it returns all zeros. But, when I expand it, it functions as expected. Is th...

by Contributor in

using source for a field extractions

I seem to be having some problems with extracting fields from the "source" In by props.conf, I have: [my_source...

by Path Finder in

Signed Data Issues with 4.2

Signed index data not showing up correctly with Splunk 4.2. Worked OK on 4.1. Create a new index on indexer (eg. t...

by Path Finder in

View panel does not display all results.

For the life of me I cannot figure out why a panel that is doing an inline search displayed as a chart does not show ...

by New Member in

Large Table Lookup at Index time vs. Search time - Tradeoffs

I have a rather large .csv file (500K rows) gathered from an external source that is used to do lookups in summarizat...

by Communicator in

Splunk 4.2 and Broken Block Signatures

Have anyone else experience busted block signing in 4.2? Every install of 4.2 we have is not executing the block s...

by Explorer in

Parameter passing between two views

How to pass dynamic value from one view to another view?

by Path Finder in

How long will it take to purge the data

We currently have Events indexed Earliest event Latest event 452,254,458 07/23/2000 11:06:54 04/07/2011 11:04:07 ...

by New Member in

WAS on unix and splunk on windows.

Can I install the splunk software on windows and monitor the WAS running on unix ? Where do I configure that ?

by New Member in

Why doesn't this regex work?

Let's say I have these 2 events in my index: 04-06 15:56:03 This is another log line of text 654321 04-06 15:55:03...

by Engager in

Fields from unstructured data (rex help)

Hey everyone, I am trying to get a rex written that will suck out a few key items from data that I'm taking into splu...

by Builder in

Need ideas for lookups

All, I am correlating two non-related data types. Email to ERP Customers. I am going to accomplish this by referen...

by Contributor in

Search Macro error in Stats Command

I have tried creating a Search macro with a stats command and *any* of the stats arguments return with an "Error in '...

by Path Finder in

Changes in timechart useother functionality in 4.2?

We used to have a dashboard driven by a simple query that would show a value per hour for all of our index servers. ...

by Path Finder in

Search head disk space requirements

Hello, please, I would like to know why, for a search head that is on top of two splunk indexers indexing 300 gb/day ...

by Communicator in

substitute a value in results

In windows events on a lot of cases you get a result code from them in hex notation, then you have to look them up an...

by Explorer in

how to display time of event as a table column

I have the following query: host=wps03 mc_getLDAPGroupsTimer | table time host username mc_getLDAPGroupsTimer | s...

by Path Finder in

Timechart and Timepicker?

I am running a search like so: sourcetype="stuff here" | timechart span=1h sum(bytes) as Total by limit=10 usernam...

by Contributor in

how can i concatenate values from separate logs?

i'm trying to generate a search where i can summarize its info into a table. specifically i'm trying to detect link f...

by Path Finder in

Help with collect and searching stash files

Hello, I'm trying to use collect and the subsequent stash file to save time on a large search query. The documenta...

by Path Finder in

multivalue on inline field extraction

i have a longish regex to weed out pertinent fields from some asa output. they generally follow the same format, howe...

by Path Finder in

Is there a character limit for search queries?

... and can I change the character length or is it hard-coded? Thanks

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Show scheduled search in something like the flashtimeline

Custom Squid log format

rolling near-time results between 5 and 15 minutes?

stats. eval and search macros?

using source for a field extractions

Signed Data Issues with 4.2

View panel does not display all results.

Large Table Lookup at Index time vs. Search time - Tradeoffs

Splunk 4.2 and Broken Block Signatures

Parameter passing between two views

How long will it take to purge the data

WAS on unix and splunk on windows.

Why doesn't this regex work?

Fields from unstructured data (rex help)

Need ideas for lookups

Search Macro error in Stats Command

Changes in timechart useother functionality in 4.2?

Search head disk space requirements

substitute a value in results

how to display time of event as a table column

Timechart and Timepicker?

how can i concatenate values from separate logs?

Help with collect and searching stash files

multivalue on inline field extraction

Is there a character limit for search queries?

Splunk Observability Cloud's AI Assistant in Action Series: Auditing Compliance and ...

Splunk Community Badges!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

separate rows from columns with multivalue

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Splunk Search

Are you a member of the Splunk Community?

Discussions