Splunk Search

Discussions

Thread Info

Automatic hostname configuration?

In regard to > http://answers.splunk.com/questions/794/how-to-change-hostname-of-a-splunk-server My question is wh...

by Engager in

Multiple events returned in a single transaction - possible to create a single row in a table/csv file?

I've got a transaction that returns 2 events. Originally these are 3 events but the transaction has combined 2 of the...

by Champion in

Two earliest queries - want search to pick based upon newest

I have a query where I need to determine the earliest time I want events from.. It is either (1) The last time jboss ...

by Path Finder in

What is the best way to show sparse concurrent transaction counts?

I'm trying to report on concurrent SSL VPN sessions over time on an F5 APM device. I've defined the fields and the tr...

by New Member in

Is it possible to extract a field from a transaction event?

My field extraction doesn't appear to work in my transaction event. Does Splunk just combine all the various fields f...

by Champion in

Lookup table Limits

Is there a row or column limit for a lookup table. I currently have a lookup that has 25 columns, and 350k rows, whic...

by Communicator in

How do you change the legend value

Outside of renaming(aliasing) the actual field, can you also rename the entire content of the history for charting? (...

by Contributor in

Pie chart drilldown help

Hi all, i need to change the search query when clicking on a slice of the pie chart. I need to add "| where " to the ...

by Path Finder in

Need a search string to find MB indexed per 24 hour by a specific host

Need a search string to find MB indexed per 24 hour by a specific host. Can someone send an example?

by Explorer in

How to get to a working example of the Map Command?

I am trying: name=foo minutesago=1 | head 1000 | dedup host | stats list(host) as list | map search="search host=$...

by SplunkTrust in

Searches Require Wildcards

I have two Splunk 4.1.3 instances that index the same data. Some searches work on one instance but not the other. The...

by Path Finder in

Splunk indexes some events several times?

In some of our indexed logs, I'll see several log entries for the same log at the same time. I thought this may be an...

by Explorer in

Need non-Flash version of charting

An HTML5 alternative to chart rendering is needed. Monitoring from an iPad, for example, is impossible without it. ...

by Engager in

xferlog query to get top sites

Good Afternoon, I have indexed my xferlogs from my FTP server and I would like to run a query of the top sites acc...

by New Member in

How to get the "splunk" command working with Windows 2008 and UAC?

This may be more of a Windows UAC question than a splunk question, but I'm guessing that others are going to be runni...

by Super Champion in

Field Extraction Mystery

Hey, I would like to use field extraction at search time to do the following: My source field in Splunk contain...

by Motivator in

Cached search results

Hi, I am using time consuming searches and i was wondering if and how is it possible to run the searches in advanc...

by Explorer in

Using search regex fails when the fieldname is a number

So i have this regex: | regex sy="\S{4,10}" which works fine. I'm telling it to match only on non-whitespace c...

by Engager in

Matching events icon

Hey, I have a question about the following icon shown in the image below: This icon is usually shown after ...

by Motivator in

Search with XPath

Hi I am having a problem searching an xml formated event. So basically I have an event that looks like this: <?xml...

by Path Finder in

Splunk duplicating events every time file changes

I have created a directory to store log files that I pull from a remote machine. I use a cronjob to pull every x minu...

by New Member in

Will Splunk index events older than 1970/1/1 ?

as Title , I have many events older than 1970/1/1 , Splunk doesn't index those events (I have modified max_days_ago=1...

by Communicator in

FieldAlias Setup

I'm trying to setup Fieldalias and not getting desire results. Here is what I have put into the props.conf file. ...

by Path Finder in

Rounding Decimal Places

Hi, I have the following | chart eval(sum(Failed)/sum(TotalEvents)*100) AS PercentFailed I would like to round...

by Builder in

Control number of sources with rotated logfiles

I am monitoring a dir with rotating logs, ( fi /depot/logs/ ) how can I control the source name, and avoid zillions o...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Automatic hostname configuration?

Multiple events returned in a single transaction - possible to create a single row in a table/csv file?

Two earliest queries - want search to pick based upon newest

What is the best way to show sparse concurrent transaction counts?

Is it possible to extract a field from a transaction event?

Lookup table Limits

How do you change the legend value

Pie chart drilldown help

Need a search string to find MB indexed per 24 hour by a specific host

How to get to a working example of the Map Command?

Searches Require Wildcards

Splunk indexes some events several times?

Need non-Flash version of charting

xferlog query to get top sites

How to get the "splunk" command working with Windows 2008 and UAC?

Field Extraction Mystery

Cached search results

Using search regex fails when the fieldname is a number

Matching events icon

Search with XPath

Splunk duplicating events every time file changes

Will Splunk index events older than 1970/1/1 ?

FieldAlias Setup

Rounding Decimal Places

Control number of sources with rotated logfiles

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, October Edition

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions