Splunk Search

Discussions

Thread Info

Complicated (to me anyways) query.

I have an Apache Access log which I'm searching for any .cgi or .pl file hit with the latest date it's been hit. S...

by Builder in

Relationship between Splunkweb Manager config and .conf files?

I have a saved search that I modified in the Splunkweb Manager. I look at the same search in the savedsearch.conf fil...

by SplunkTrust in

compare the number of events from 2 subsearches in different indexes

I would like to create an alert if the number on events is different in two subsearches. subsearch1 = "index=index...

by Contributor in

Stop recurring alerts

I have setup alerts based on a scheduled search in the logs. The application writes a log messages every minute while...

by Explorer in

Changing timechart field name

I could renamed the field of timechart. For example: Changed count to 'YYY' . But,I couldn't renamed the '_time' fiel...

by New Member in

Find a misconfigured host time?

I'm seeing this in my splunkd.log: 07-09-2010 12:53:21.299 WARN DateParserVerbose - Time parsed (Fri Jul 9 12:53:1...

by Explorer in

inclusion of .csv file in search

I remember being able to include a standard text file, perhaps a .csv, in the 3.x branch. The search would then itera...

by Explorer in

Can a search be terminated prematurely based on a condition established within that search?

Is there a kind of conditional search command that can be used to stop or prematurely terminate a search based on a g...

by Super Champion in

Help with subsearches

We are required to produce monthly audits of access to files that are covered by SOX. There are 8 groups of folders t...

by Communicator in

Can alert condition be set in command line search

Hi. How would I run a search command in command line. The problem is that I would also like to set an alert condition...

by Path Finder in

Informix Audit Regular Expression

I have the following content in the log file ==== ONLN|2010-07-06 13:53:52.000|test.tester.com|1068|db_server_n...

by Explorer in

Howto Chart Fields by Host

I am indexing results from facter which logs information about each host. I can get the most up to date list of these...

by SplunkTrust in

Comparing two fields with > operator

Hello, I am trying to compare two fields with a simple operator but it does not seem to perform as expected. I am ...

by Path Finder in

Searching for the empty string

In a datasource that uses single quotes as the event delimiter, like so: field1='value1' field2='value2' field3=''...

by Splunk Employee in

Can splunk help me further analyze/refine the durations of my transactions?

Hi, We've created two transactions to correlate logs spanning several components. We needed to define alias terms...

by Explorer in

WMI kv field extraction is very slow... (How to make your WMI searches 20x faster)

I'm running into some really slow performance searching on WMI sources. In this case I'm just trying to get some gene...

by Super Champion in

Frequency of events - how often an event was logged

Does anyone have a good way (or am I missing the something obvious?) of calculating for a defined time range the aver...

by Path Finder in

Regarding Splunk's eval random() function

Since it does not appear that you can pass a number into the random() function, I'm curious to know what is being use...

by Splunk Employee in

Different field value result - props.conf versus rex - using same regular expression

I have an event that is coming from a Windows forwarder. When you view the event in the log file on the server it loo...

by Path Finder in

Repeating regex to fill multivalue field

Ok. Not having a spectacular regex day... I have this: Recipients: joe.smith@mig.mydomain.com, jane.smith@mig.m...

by Path Finder in

Saved Searches not emailing out

I have saved searches and all of a sudden with no changes they are returning this error to the python.log file. ER...

by New Member in

Unable to get the open transactions whose events match the startsWith clause only

I'm unable to list the transactions that have events matching with startWith clause but no events for endsWith clause...

by Path Finder in

simple field extraction not working

I've been breaking my head over this very simple field extraction. My extraction (see eg., below) has problems be...

by Explorer in

is * supported?

Is the wildcard search star * supported by logs in splunk? Im trying to see if splunk is seeing changes being made in...

by Explorer in

How to use command "splunk resurrect".

Hi, question about restoration of indexed data. I know how to restore(or search old) indexes data by putting neces...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Complicated (to me anyways) query.

Relationship between Splunkweb Manager config and .conf files?

compare the number of events from 2 subsearches in different indexes

Stop recurring alerts

Changing timechart field name

Find a misconfigured host time?

inclusion of .csv file in search

Can a search be terminated prematurely based on a condition established within that search?

Help with subsearches

Can alert condition be set in command line search

Informix Audit Regular Expression

Howto Chart Fields by Host

Comparing two fields with > operator

Searching for the empty string

Can splunk help me further analyze/refine the durations of my transactions?

WMI kv field extraction is very slow... (How to make your WMI searches 20x faster)

Frequency of events - how often an event was logged

Regarding Splunk's eval random() function

Different field value result - props.conf versus rex - using same regular expression

Repeating regex to fill multivalue field

Saved Searches not emailing out

Unable to get the open transactions whose events match the startsWith clause only

simple field extraction not working

is * supported?

How to use command "splunk resurrect".

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

SignalFlow: What? Why? How?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...