Splunk Search

Discussions

Thread Info

free vs. used visualization ideas?

I'd like to chart free memory vs. used memory over time on the same Splunk dashboard module. I'm trying to figure out...

by Contributor in

buffering and flush time

Hi, Will have a very variable throughput. Some time with a lot of Http request (about 100.000 per seconds during o...

by New Member in

Compare/Diff of two events - probably novice question...q

I have this index called cisco_configs. Data input is of type backup_file. It is actually a Cisco IOS configuration f...

by Explorer in

Appending search results to an existing report

I’d like to run a search once a day and append those search results to the previous day’s results. This way I can gra...

by Engager in

Failed to parse timestamp for event

Splunk appeasrs to be failing to index the server.log for our ATG Joss instances. On the Splunk indexer the following...

by New Member in

Combine results of subsearch into single value

Hello, Right now I have a search that says: source="syslog" minutesago="20" | APPEND [search host="SERVER" Even...

by Communicator in

Search text with regex multi line mode?

Hi, I'm trying to search for some keywords that appear in multiple lines. I tried using regular expression in mult...

by New Member in

Calculating the duration of a transaction fragment vs. the total transaction

I'm reviewing debug logs that have some Enter/Exit values for each step of a process. Currently I can calculate the t...

by Path Finder in

Return recent version of event

We have a csv input which is a daily dump from a ticket DB for the current month. The DB output looks something li...

by Contributor in

Define field order on export

Hi there, I have a saved search that I want to run every day at noon, I am sending the results trough mail and wan...

by Path Finder in

Adding domain name to hostnames

I have multiple LightForwarded, in different domains, who have similar host names (machines inside one domain are the...

by Explorer in

Events per second on a realtime search?

How can I get a count of events per second in a realtime search? I can do something like this to get a rolling co...

by Explorer in

metadata search is restricted to 10000 results

I'm trying to run a metadata search on type=hosts and am being capped in the UI to 10,000 results. I've already incre...

by Champion in

Date / Time stamp translation in search

We have a situation where we'd like to construct a search based on a time/date from a remote Time zone. So for exampl...

by Path Finder in

Stacked Chart totaling all instances of an event.

I'm having a bit of trouble finishing up a report I'm trying to give a report of how long users were logged into a...

by Explorer in

I am very, very new to Splunk

I am testing splunk. When I do what I consider a very simple search I get the wrong results. Let me say this: our fil...

by New Member in

How to extract field with it's value enclosed by square bracket

When parsing some customized log, the format it's like below [timestamps] field name [value] [00:46:38] - Remain ...

by New Member in

how to get the max and min for a combination of multiple fields ?

* | rex "(?<fpc>fpc\d+) (?<ichip>ICHIP\(\d+\)):Packet drop in Ichip pktwr,rate: %\S+: \d+, total: (?<err>\d+)" Ho...

by Path Finder in

Field Extraction

I have a log file that looks like this: Wed Aug 11 14:27:48 GMT 2010 | Inactive Users Last 7 Days---> | 123456789 ...

by Communicator in

Transactions Per Second

What is the best way to determine transactions per second are occurring in our application logs. I attempted using " ...

by Communicator in

comparing values returned by two separate searches

I have two searches. One search returns a field (using stats count) representing the number of users logging into a w...

by Contributor in

Filter syntax options in serverclass.conf

Is it possible to use regular expressions for the whitelist/blacklist filters in serverclass.conf? For example: wh...

by Path Finder in

forwarding - where to define the field extraction : on sender or receiver?

On splunkA I am monitoring an xml log file. It is forwarded to SplunkB in a separate index. Where should I define the...

by Contributor in

Highlighting a field in the events output

I have a search that is looking pipes through a rex. rex fields=_raw "\D(?<big_num>\d{15,16})\D" I want the UI...

by Engager in

Remote and Local CLI search only returns 100 events

Here's my CLI search: SPLUNK_URI=https://splunk_search_head:8089 /opt/splunk/bin/splunk search '|savedsearch "m...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

free vs. used visualization ideas?

buffering and flush time

Compare/Diff of two events - probably novice question...q

Appending search results to an existing report

Failed to parse timestamp for event

Combine results of subsearch into single value

Search text with regex multi line mode?

Calculating the duration of a transaction fragment vs. the total transaction

Return recent version of event

Define field order on export

Adding domain name to hostnames

Events per second on a realtime search?

metadata search is restricted to 10000 results

Date / Time stamp translation in search

Stacked Chart totaling all instances of an event.

I am very, very new to Splunk

How to extract field with it's value enclosed by square bracket

how to get the max and min for a combination of multiple fields ?

Field Extraction

Transactions Per Second

comparing values returned by two separate searches

Filter syntax options in serverclass.conf

forwarding - where to define the field extraction : on sender or receiver?

Highlighting a field in the events output

Remote and Local CLI search only returns 100 events

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

Preparing your Splunk Environment for OpenSSL3

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

How to check MQ reconnects after a connection is d...

I cloned HTTP traffic collection from Splunk Strea...

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown