Splunk Search

Discussions

Thread Info

xferlog query to get top sites

Good Afternoon, I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites acc...

by New Member in

How to get the "splunk" command working with Windows 2008 and UAC?

This may be more of a Windows UAC question than a splunk question, but I'm guessing that others are going to be runni...

by Super Champion in

Field Extraction Mystery

Hey, I would like to use field extraction at search time to do the following: My source field in Splunk contain...

by Motivator in

Cached search results

Hi, I am using time consuming searches and i was wondering if and how is it possible to run the searches in advanc...

by Explorer in

Using search regex fails when the fieldname is a number

So i have this regex: | regex sy="\S{4,10}" which works fine. I'm telling it to match only on non-whitespace c...

by Engager in

Matching events icon

Hey, I have a question about the following icon shown in the image below: This icon is usually shown after ...

by Motivator in

Search with XPath

Hi I am having a problem searching an xml formated event. So basically I have an event that looks like this: <?xml...

by Path Finder in

Splunk duplicating events every time file changes

I have created a directory to store log files that I pull from a remote machine. I use a cronjob to pull every x minu...

by New Member in

Will Splunk index events older than 1970/1/1 ?

as Title , I have many events older than 1970/1/1 , Splunk doesn't index those events (I have modified max_days_ago=1...

by Communicator in

FieldAlias Setup

I'm trying to setup Fieldalias and not getting desire results. Here is what I have put into the props.conf file. ...

by Path Finder in

Rounding Decimal Places

Hi, I have the following | chart eval(sum(Failed)/sum(TotalEvents)*100) AS PercentFailed I would like to round...

by Builder in

Control number of sources with rotated logfiles

I am monitoring a dir with rotating logs, ( fi /depot/logs/ ) how can I control the source name, and avoid zillions o...

by Contributor in

Log data source received but only some of it searchable

I have an odd issue occurring. Essentially I have a high volume log source which is getting picked up by a Splunk for...

by Contributor in

rename error in search

Hi all , i'm working on this query: sourcetype="webseal_access" OR sourcetype="wmi:wineventlog:security" | rename ...

by Path Finder in

Is that possible to use HiddenPostProcess work with SearchBar module ?

As title. I want to design a search page that showing the search results ( like flashtimeline ) and one or two sta...

by Path Finder in

How can I use mvexpand and mvcombine such that they don't crush other multivalued fields too?

I have a situation where I have two multi-valued fields in my data, and i want to call mvexpand on ONE of the fields ...

by SplunkTrust in

Which value does the dedup command keep?

I am running the dedup command for my ip_address field and I want to know the value returned by the command. Is it th...

by Splunk Employee in

comparing files

Hi, I have three files having similar information, namely: First Names, Second Names, Identification number, so I ...

by Explorer in

Search query with the field of a search like the one on another search

Hi all, i need to take the events from this search sourcetype="wmi:wineventlog:security" that have the field S...

by Path Finder in

using a batch file or executable as a source of search information

I would like to execute an .exe or .bat file on a windows box and use the stdout as the results in a search. How can ...

by Engager in

How can I tune the splunk flash chart drawing?

Hi there, I have a chart that takes 15+ sec to draw area graph after loading completed. Loading data can be tuned ...

by Motivator in

Application with tables with parameters for the inline search?

Hello, I am building a small splunk app and I have a dashboard that has many tables with inline searches like this...

by New Member in

Transform to switch source field path separator from "/" to "\"

I am trying to transform the source field from using Unix path separator (/) to Windows path separator (\). For ex...

by Explorer in

Wildcards with inputs.conf

I've read over documentation with inputs.conf and was wondering if I have the correct solution to this issue. On m...

by Builder in

Report all VPN accounts that are being shared by their owners

Splunkers... I have dug thru the Answers Area for quite some time, and have not found what I am looking for. I am thi...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

xferlog query to get top sites

How to get the "splunk" command working with Windows 2008 and UAC?

Field Extraction Mystery

Cached search results

Using search regex fails when the fieldname is a number

Matching events icon

Search with XPath

Splunk duplicating events every time file changes

Will Splunk index events older than 1970/1/1 ?

FieldAlias Setup

Rounding Decimal Places

Control number of sources with rotated logfiles

Log data source received but only some of it searchable

rename error in search

Is that possible to use HiddenPostProcess work with SearchBar module ?

How can I use mvexpand and mvcombine such that they don't crush other multivalued fields too?

Which value does the dedup command keep?

comparing files

Search query with the field of a search like the one on another search

using a batch file or executable as a source of search information

How can I tune the splunk flash chart drawing?

Application with tables with parameters for the inline search?

Transform to switch source field path separator from "/" to "\"

Wildcards with inputs.conf

Report all VPN accounts that are being shared by their owners

Brains, Bytes, and Boston: Learn from the Best at .conf25

Splunk AppDynamics Agents Webinar Series

SplunkTrust Application Period is Officially OPEN!

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

Search for triggered save searches and their actio...

Splunk Search

Are you a member of the Splunk Community?

Discussions