Splunk Search

Discussions

Thread Info

user_lookup table does't exist

Any new operation I want to perform with splunk app(search,web page monitor,...),I get message "The lookup table 'use...

by Explorer in

websphere missing conf file wsadminCommands.conf

websphere missing conf file wsadminCommands.conf referenced by scripted input file /opt/splunk/etc/apps/SplunkWAS/bin...

by New Member in

Question about Stats and statistical functions available

Hey folks, I have a hopefully silly question about the stdev(), sum(), var() etc... functions within the stats comman...

by Path Finder in

Our server's configured timezone offset (TZ) has been changed from Eastern to UTC. Do we need to take any steps?

Is there a way to update the timestamp of the legacy data to reflect the new UTC time change without reindexing?

by Splunk Employee in

Transaction with multiple sourcetype

Hello, please, I would like to know if it is possible to use multiple and different sourcetypes with the splunk "tran...

by Communicator in

Does the GoogleMap apps only work if Lat and Long has IP Information?

Hi, Just wondering if anyone here knows if the GoogleMap apps can take in longitude and latitude data without any ...

by New Member in

Search Head and LDAP

Does Search Head servers have anything more in common than which Indexer they are connected to? If I want two Search ...

by Path Finder in

Seconds un-accounted for in job/search inspection

Hi Guys, I have two systems running splunk, and for some as-yet unknown reason the exact same search on both syste...

by Explorer in

combine search bar and search results from other searches

I would like to create a dashboard that consists of 2 main parts: 1 - open search bar allowing any search 2 - resu...

by Path Finder in

How to calculate the total CPU by top result

Hi, all, I am a newbie in splunk. I have encounter a problem when play around with *NIX app in Splunk. I am going to ...

by New Member in

auto-finalized after time limit reached

Hello, I have a saved search set up that uses the append command. The subsearch of the append command give me the ...

by Builder in

need to search keyword in specified sourcetype via CLI

Im not sure what i am doing wrong... I read the documentation and googled and cannot seem to figure it out. Im us...

by New Member in

how to call a macro from the CLI

how to call a macro from the CLI ? I tried splunk search " * | mymacro | table *" and got Error in 'SearchParser': Mi...

by Communicator in

Chart values extracted from search

Hi, I have created a saved search that removes all text but the value I want to chart, ie. host="machine" "uniquesear...

by Path Finder in

How do I set the owner on a saved search?

I need to set the owner and permissions on saved searches after upgrading to 4.1.5 - where can I set these?

by Explorer in

under what situations will the head command intelligently finalize searches?

In some conditions the head command knows that the search has completed all the information that the user asked for, ...

by SplunkTrust in

Host name extraction via regex on indexing - Only indexing a single file?

Greetings fellow Splunkers, I'm having some issues with extracting the correct host name from log file names on in...

by Builder in

Precedence of explicit vs wildcard in props.conf

I'm setting the timezone for hundreds of forwarders at once by using props.conf wildcards on host: [host::DN*] # D...

by Motivator in

How does Active Directory Monitoring Work?

Hello, I set up Active Directory monitoring with Splunk a couple weeks ago. I am running a search that searches fo...

by Communicator in

How to search all reference log entries?

Hi All, Here are some log entries from cisco ironport email security appliance: Feb 21 10:16:55 212.167.24.57 F...

by Path Finder in

Matching nulls in LINE_BREAKER removing first letter x?

Hopefully this is just a stupid regex error: I'm using SplunkLightForwarder on AIX to send a few .sh_history logs ...

by Explorer in

Grouping similar fields using search syntax?

I have a ton of useragent type fields, like MacOutlook/some_version_x_os_version_etc and Entourage/other_version_x_os...

by Champion in

Start Search in a new window

Is it possible to start a new search in a new window or tab just by clicking on part of an entry in my current result...

by Path Finder in

Combine output of 2 logs with only 1 key

Hey, I try to figure out if it is possible to have splunk to build a result for my special needings: I have 2 d...

by Explorer in

Build Event Type search char limitation

I am creating several event types and have found when adding searches longer than 98 char it trims the rest off. Is t...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

user_lookup table does't exist

websphere missing conf file wsadminCommands.conf

Question about Stats and statistical functions available

Our server's configured timezone offset (TZ) has been changed from Eastern to UTC. Do we need to take any steps?

Transaction with multiple sourcetype

Does the GoogleMap apps only work if Lat and Long has IP Information?

Search Head and LDAP

Seconds un-accounted for in job/search inspection

combine search bar and search results from other searches

How to calculate the total CPU by top result

auto-finalized after time limit reached

need to search keyword in specified sourcetype via CLI

how to call a macro from the CLI

Chart values extracted from search

How do I set the owner on a saved search?

under what situations will the head command intelligently finalize searches?

Host name extraction via regex on indexing - Only indexing a single file?

Precedence of explicit vs wildcard in props.conf

How does Active Directory Monitoring Work?

How to search all reference log entries?

Matching nulls in LINE_BREAKER removing first letter x?

Grouping similar fields using search syntax?

Start Search in a new window

Combine output of 2 logs with only 1 key

Build Event Type search char limitation

Can’t make it to .conf25? Join us online!

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!