Splunk Search

Ask a Question

Discussions

Thread Info

Find user saved searches

Given a splunk username how do i search for the following. The roles that the user has - The last 15 searches perf...

by Communicator in

Problems Comparing Multivalue Fields

I am trying to compare two multivalue fields using the below search: index="weblogic" "Dynamic Server List" | rex ...

by Engager in

Find size (in bytes?) of search results

I'm running a search that compiles its results in a table by source and displays the number of logs per source. I'm t...

by Path Finder in

Backslash escape problem

Hi! I have a view, with this structure: <ExtendedFieldSearch> <HiddenSearch> <HiddenPostProcess/> ...

by Path Finder in

list "top" command question

Hi, My mail server logs display recipient info like that: Feb 14 16:04:25 224.67.24.175 Feb 14 16:04:25 mail_logs...

by Path Finder in

Is there any way to selectively avoid automatic field extraction?

I have multiline events where there's a fair bit of auto-kv extraction that is good, but then there's a lot of noise ...

by SplunkTrust in

timechart percentage data - not working

Hi, I am trying to plot the percentage data over a period of span 1h. host="abc" sourcetype="xyz" ("Eurl" ) | e...

by Explorer in

Chart displaying UNIX timestamp on x axis. How to change to human readable date?

Hi All, I'll start with the data we are dealing with. It deals with predictions of a price into the future. We rec...

by Builder in

Need something like addtotals(sum across columns) for calculating average across columns

I want to compute average across columns for a table(that I get as a result from stats command). I am trying to do so...

by Path Finder in

Can't figure out how to get Syslog data to chart

Hi, I am having ADSL line problems as a result I am using splunk to monitor my syslog, especially interested in lines...

by New Member in

how to centralized the splunk login account?

Dear Sir, We will have two indexer servers for our account login to manage they account founctions, so how to cent...

by Path Finder in

How to calculate time elapsed since now from IIS logs

I need to be able to show how long it has been since a user uploaded or downloaded a specific type of data based on t...

by Contributor in

Can't disable remote web browsing

My Enterprise Trial license was just about to expire, so I applied the "free" license. Since there is no authenticati...

by Engager in

Can I add text to return value of eval/case?

I'm writing a search that performs a simple eval: eval changed = case (NOT address="-",address,NOT city="-",city,N...

by Communicator in

Multiple values, same field -- how?

I'm not sure how to workaround an issue where my field extraction is working on multiple values of the same field. Fo...

by Champion in

Can't manage field extractions from manager

I'm doing some field extractions for a sourcetype and Splunk is saying the field has already been extracted. I went t...

by Communicator in

How do I extract useful information into fields from Oracle WebLogic Application Server logs?

I want to extract fields from WebLogic logs to use in reports.

by Explorer in

How can I index config files and text documents as individual events?

When I configure Splunk to index a folder containing config files and text documents, it indexes each line of the fil...

by Splunk Employee in

Match substring in list to event

I am using lookup to "house" this long list of keywords. Now, I want to run a query against field A (eg. ABC-DEF-ZYL)...

by New Member in

Is it possible to use outputlookup to append results to a lookup table?

I want to create a single lookup table based on the results of three different searches. I've tried using subsearches...

by Communicator in

How to search a Multiline event using rex at searchtime?

Hey Splunkers, I cannot get the following rex statement to match in Splunk. I read that using (?m) in the transfor...

by Communicator in

Log Volume Indexed.

I would like to display the volume indexed from several indexed into following chart. Past 24hrs log volume by ti...

by Communicator in

Quick Question: Field Lookups

http://www.splunk.com/base/Documentation/latest/User/Fieldlookupstutorial Error 'Could not find all of the sp...

by Path Finder in

How to create a menu item in the search app ?

Hi, I am trying to create an arborescence of saved search but I have some problems. I would like to have something li...

by New Member in

stats generate distinct counts by a field, and also overall

I am parsing through a lot of data, so I want to do this preferably in one search command. 1) I want to generate d...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Find user saved searches

Problems Comparing Multivalue Fields

Find size (in bytes?) of search results

Backslash escape problem

list "top" command question

Is there any way to selectively avoid automatic field extraction?

timechart percentage data - not working

Chart displaying UNIX timestamp on x axis. How to change to human readable date?

Need something like addtotals(sum across columns) for calculating average across columns

Can't figure out how to get Syslog data to chart

how to centralized the splunk login account?

How to calculate time elapsed since now from IIS logs

Can't disable remote web browsing

Can I add text to return value of eval/case?

Multiple values, same field -- how?

Can't manage field extractions from manager

How do I extract useful information into fields from Oracle WebLogic Application Server logs?

How can I index config files and text documents as individual events?

Match substring in list to event

Is it possible to use outputlookup to append results to a lookup table?

How to search a Multiline event using rex at searchtime?

Log Volume Indexed.

Quick Question: Field Lookups

How to create a menu item in the search app ?

stats generate distinct counts by a field, and also overall

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions