Splunk Search

Ask a Question

Discussions

Thread Info

What does it mean for a custom search command to be streamable?

The commands.conf parameters are not super well-documented online or in the spec file. From the spec file: streami...

by Splunk Employee in

What are the OS requirements

Let's say for 2 management servers for redundancy indexing 1gb a day. choices are Linux RH 5.4 Solaris 10 Windo...

by Explorer in

How do you organize searches in Splunk?

Hello, We have been creating a lot of searches lately, and would like a way to organize them into submenus. I trie...

by Path Finder in

Sort Fields in Charts

by Path Finder in

Lookups - How to limit/eliminate multiple matches

Hi We have a automatic csv lookup for a specific source, for the host field. Some hosts will have the lookup f...

by Motivator in

Form vs. View for Multiple Result Sets

Hi, My event data consists of HTTP requests. My goal is to build a view that includes: 1) A drop down to choose a ...

by Explorer in

chart over query string

Hi guys, I have an apache log. I want to be able to chart the count of occurances of a particular query string in ...

by New Member in

How to move uploaded file to directory splunk is monitoring?

My splunk instance monitored the directory where proxy server upload compressed access log to via ftp. However my spl...

by Builder in

Problem with Stacked Area Chart

I have a stacked area chart set up with advanced XML that is giving me an issue with mouseovers. The displayed chart,...

by Communicator in

Splunk Configuration that you Would Like to Do, but Haven't had the Time?

Splunk is very flexible... maybe too flexible? What is that one thing that you have been wanting to do, maybe have be...

by SplunkTrust in

Timechart already bucketed logs

I have a query in which I use bucket to remove some duplicates at certain intervals. I am now trying to timechart thi...

by Path Finder in

Are lookup tables indexed?

So how does splunk handle static lookup tables, are they indexed? max_memtable_bytes = * maximum size of static l...

by Communicator in

match data from 2 queries

I have some log entries that look like this: (note the brackets ARE in my logs) [10/25/2010] [10:25:31.817] [SC...

by Explorer in

When posting setup.xml data to a custom endpoint, is it possible to make EAI calls that are properly authenticated and namespaced?

My problem seems very similar to http://answers.splunk.com/questions/4175/redirects-before-and-after-our-apps-setup-x...

by SplunkTrust in

Automatic hostname configuration?

In regard to > http://answers.splunk.com/questions/794/how-to-change-hostname-of-a-splunk-server My question is wh...

by Engager in

Multiple events returned in a single transaction - possible to create a single row in a table/csv file?

I've got a transaction that returns 2 events. Originally these are 3 events but the transaction has combined 2 of the...

by Champion in

Two earliest queries - want search to pick based upon newest

I have a query where I need to determine the earliest time I want events from.. It is either (1) The last time jboss ...

by Path Finder in

What is the best way to show sparse concurrent transaction counts?

I'm trying to report on concurrent SSL VPN sessions over time on an F5 APM device. I've defined the fields and the tr...

by New Member in

Is it possible to extract a field from a transaction event?

My field extraction doesn't appear to work in my transaction event. Does Splunk just combine all the various fields f...

by Champion in

Lookup table Limits

Is there a row or column limit for a lookup table. I currently have a lookup that has 25 columns, and 350k rows, whic...

by Communicator in

How do you change the legend value

Outside of renaming(aliasing) the actual field, can you also rename the entire content of the history for charting? (...

by Contributor in

Pie chart drilldown help

Hi all, i need to change the search query when clicking on a slice of the pie chart. I need to add "| where " to the ...

by Path Finder in

Need a search string to find MB indexed per 24 hour by a specific host

Need a search string to find MB indexed per 24 hour by a specific host. Can someone send an example?

by Explorer in

How to get to a working example of the Map Command?

I am trying: name=foo minutesago=1 | head 1000 | dedup host | stats list(host) as list | map search="search host=$...

by SplunkTrust in

Searches Require Wildcards

I have two Splunk 4.1.3 instances that index the same data. Some searches work on one instance but not the other. The...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What does it mean for a custom search command to be streamable?

What are the OS requirements

How do you organize searches in Splunk?

Sort Fields in Charts

Lookups - How to limit/eliminate multiple matches

Form vs. View for Multiple Result Sets

chart over query string

How to move uploaded file to directory splunk is monitoring?

Problem with Stacked Area Chart

Splunk Configuration that you Would Like to Do, but Haven't had the Time?

Timechart already bucketed logs

Are lookup tables indexed?

match data from 2 queries

When posting setup.xml data to a custom endpoint, is it possible to make EAI calls that are properly authenticated and namespaced?

Automatic hostname configuration?

Multiple events returned in a single transaction - possible to create a single row in a table/csv file?

Two earliest queries - want search to pick based upon newest

What is the best way to show sparse concurrent transaction counts?

Is it possible to extract a field from a transaction event?

Lookup table Limits

How do you change the legend value

Pie chart drilldown help

Need a search string to find MB indexed per 24 hour by a specific host

How to get to a working example of the Map Command?

Searches Require Wildcards

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions