Splunk Search

Discussions

Thread Info

Single inputs.conf across multiple fowarder - How to

Hi there, My Splunk environment is made up from 1 Deployment Server, 1 Indexer and 20+ light forwarders. How c...

by Path Finder in

Getting useful information from a multiline event

In one of our log files, we see two lines that follow eachother when a user logs in. The first line has the user's IP...

by New Member in

Eval and Workflows...

So I've created a couple workflow actions for interfacing with service-now. One of which is looking up the host in ou...

by Path Finder in

Changing number of fields in transforms.conf but keeping original configuration for old data?

We currently have a scripted input that we originally configured using props.conf and transforms.conf stanzas like th...

by Engager in

Teaching Splunk the fields in a custom log format

I'm new to Splunk and may have a question that's a bit out of my depth. I've got Splunk configured now to aggregate a...

by Communicator in

Error in 'lookup' command: The lookup table 'namelookup' does not exist.

Below is the props.conf at $SPLUNK_HOME/etc/system/default: [SPLUNK_SERVICE_Log] lookup_table = namelookup Id OUTP...

by Path Finder in

Lookup files with foreign characters

I am setting up an app for a financial customer in Korea. They are using a standardized business reporting language t...

by Splunk Employee in

Search And Global Replace Like Function in Splunk ???

I have XML log file in following format <ContractId>true</ContractId><Name name-type="Name">true</Name><IncurredDa...

by Path Finder in

wierd hosts: "recover-padding-#" listed?

Since this weekend I suddenly have a bunch of hosts that don't exist. A script that is meant to alert if any host has...

by Explorer in

getting errors when using geoip

I get a NoneType is not iterable while piping to geoip on version 4.1.5, build 85165. I am able to run the same comma...

by Explorer in

Is it possible to prepopulate search text via URL?

http://mysplunkserver:8000/splunk/en-US/app/myapp/flashtimeline?query=index=foo Is something similar possible?

by Contributor in

SMTP authentication and SPLUNK database separate

Dear sir, I am evaluating the SPLUNK with windows version. I want to clarify the following questions: How to co...

by New Member in

How to show only Certain Fields of the Events in the Search Results?

How do I search and then show only show certain fields for each event? I tried: remoteaccess host="ny-vpn" | field...

by Path Finder in

How to detect message rate drop off using real-time queries

In the context of heartbeat message detection, I would like to detect when these heartbeats stop. ex. t0: 12/...

by Path Finder in

matching events across different logs

Hi, I need to match events across different logs. I believe that this should be done using transactions, but I'm not ...

by New Member in

Need help on REGEX to filter off events

I'm trying to filter off events based on the following command: CMD for example. Heres the sample event and my con...

by Contributor in

Certain Number of Results from a Certain Section of Results

I am working on creating queries to pull a specific number of results from a certain index in the resultset. An ex...

by Path Finder in

Does splunk support parameterized queries

I am curious if parametrized queries are possible within within splunk dashboards or searches: ex. query: foo=bar ...

by Path Finder in

Group Java Exceptions, even though there is no KV pair

I have all types of Java Exceptions within my logs, that have no real form to them, except that they all start with "...

by Path Finder in

Counting averages

I have data for users running in two modes: Online, and Cached. I want to get the average number of connections fo...

by Path Finder in

Most efficient: alot of smaller searches or one large one

Trying to find out what is most efficient in this scenario resource/time wise. We want to do a search across the l...

by Communicator in

snare running windows sending data to linux splunk server

guys I want to capture the windows event logs running on my windows servers from a linux server running linux. ...

by New Member in

Applying backreferences followed by numerics within rex

I'm trying to do some data massaging on a field "volume" that has values like "91456789", "83234512", "30124231" to s...

by Explorer in

Why is index-time field extraction not searchable?

I'm double posting, original issue posted here: http://www.splunk.com/support/forum:SplunkGeneral/4378 When I use ...

by Path Finder in

Creating new fields based on a list of keys and a list of values

My data set is web server access logs that include two custom values we insert. The values are lists of keys and list...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Single inputs.conf across multiple fowarder - How to

Getting useful information from a multiline event

Eval and Workflows...

Changing number of fields in transforms.conf but keeping original configuration for old data?

Teaching Splunk the fields in a custom log format

Error in 'lookup' command: The lookup table 'namelookup' does not exist.

Lookup files with foreign characters

Search And Global Replace Like Function in Splunk ???

wierd hosts: "recover-padding-#" listed?

getting errors when using geoip

Is it possible to prepopulate search text via URL?

SMTP authentication and SPLUNK database separate

How to show only Certain Fields of the Events in the Search Results?

How to detect message rate drop off using real-time queries

matching events across different logs

Need help on REGEX to filter off events

Certain Number of Results from a Certain Section of Results

Does splunk support parameterized queries

Group Java Exceptions, even though there is no KV pair

Counting averages

Most efficient: alot of smaller searches or one large one

snare running windows sending data to linux splunk server

Applying backreferences followed by numerics within rex

Why is index-time field extraction not searchable?

Creating new fields based on a list of keys and a list of values

What the End of Support for Splunk Add-on Builder Means for You

Solve, Learn, Repeat: New Puzzle Channel Now Live

Building Reliable Asset and Identity Frameworks in Splunk ES

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Splunk Search

Are you a member of the Splunk Community?

Discussions