Splunk Search

Ask a Question

Discussions

Thread Info

One TimeRangePicker for all charts - modules

Hey, The answer to this question will be very useful to know  I have an advanced dashboard with a few charts (...

by Motivator in

Troubleshooting inputs.conf

In Windows I have the following in the Inputs.conf: [monitor://C:\Program Files\Microsoft SQL Server\MSSQL10_50.MS...

by Path Finder in

How do I turn off highlighting?

I have a search that pipes to another search, and this search is highlighting the results. I do not want the highligh...

by Path Finder in

Given two fields, how can i create a third field whose name is the first value and whose value is the second?

I have a dataset where the rows in my search results all have a 'value' field, and there's another field that specifi...

by SplunkTrust in

Reporting on zero results?

In order to identify web content that hasn't been pulled in a while, I thought I would use Splunk since a) my Apache ...

by Builder in

Dynamic Sourcetype Extraction

We're trying to set up a dynamic sourcetype extraction at index time. The reason for this is that we have about 40-50...

by Explorer in

Splunking traditional IT + Telco devices/systems/infrastructure

I don’t have any background in Telco world, I’m so blank about it, Telco people asked this many times, is it po...

by Explorer in

Manipulate results without re-running search

I just ran a search that returned approximately 1 million results. Only after it completed (which took a bit longer t...

by Path Finder in

postfix_syslog time extraction inaccuracies

We seem to be having an issue with the postfix_syslog sourcetype (that came as a default sourcetype in Splunk) and it...

by Communicator in

complicated subsearches

I have jboss logs that print a message size everytime jboss restarts. The message size is different everytime jboss s...

by Path Finder in

Subsearch on completed (finalized) results

If I do a search for something such as: uri="/this/or/that.html" over, say, an hour. Once the search completes (fi...

by Explorer in

multikv field extraction

Hello, How do i use multikv to extract fields that have % or / in them ? I'm unable to extract if it has those charac...

by Explorer in

Custom fields not always showing up

I have a Splunk app that parses some Snort files and assigns some fields to the content. The app works fine from the ...

by Engager in

Why is the "diff" search command not reliable for large events containing several hundred lines?

When I use the "diff" search command to compare events that contain several hundred lines, I notice that differences ...

by Splunk Employee in

How to use "Intention" to add search clauses after the "base search string"

I have read the this page about the concept of "Intention" : http://www.splunk.com/base/Splexicon:Intention It say...

by Path Finder in

Is there a bug in dedup?

I have the following query which almost does what I want: sourcetype="cisco_wsa_squid" | lookup teamlookup cs_user...

by Contributor in

How can I get the "Splunk for use with AMMAP" to work?

For the AMMAP application for the map, I followed the instruction and installed MAXMIND and the AMMAP app, but I can'...

by Communicator in

Graph only showing partial results

I have a chart in a dashboard that shows a graph of paging space usage across all of our hosts. Or at least that's wh...

by Builder in

Regex data from its position in string?

Hi, I have just installed Splunk as want to get some reports out of a Barracuda Spam firewall we have installed th...

by New Member in

Tar'ing index so that it is distributable to other Splunk instance

[1] I would like to know if I can tar an index from a Splunk instance and then untar it into other Splunk instance? ...

by Splunk Employee in

Averaging Out Count In Graph

Every 5 minutes, one of our systems dumps out data on connected users. There is one line per connected user as follow...

by Path Finder in

timechart vs. streamstats

If I do this: index="foo" sourcetype="bar" | sort _time | streamstats dc(userid) as dcusers | delta dcusers as del...

by Communicator in

AccountBar mode options

Is there any way to get popup or lite mode AccountBar WITH the logo clickable? This would be very useful for turning ...

by Contributor in

Change column color if over a range

Hi all, i need to change the color of a bar of the column chart if the value is higher than a number. How can i do th...

by Path Finder in

Unix Time Math for a Field

Hello, I currently am doing a search that uses a unix time as a field. What I want to do, is do something like thi...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

One TimeRangePicker for all charts - modules

Troubleshooting inputs.conf

How do I turn off highlighting?

Given two fields, how can i create a third field whose name is the first value and whose value is the second?

Reporting on zero results?

Dynamic Sourcetype Extraction

Splunking traditional IT + Telco devices/systems/infrastructure

Manipulate results without re-running search

postfix_syslog time extraction inaccuracies

complicated subsearches

Subsearch on completed (finalized) results

multikv field extraction

Custom fields not always showing up

Why is the "diff" search command not reliable for large events containing several hundred lines?

How to use "Intention" to add search clauses after the "base search string"

Is there a bug in dedup?

How can I get the "Splunk for use with AMMAP" to work?

Graph only showing partial results

Regex data from its position in string?

Tar'ing index so that it is distributable to other Splunk instance

Averaging Out Count In Graph

timechart vs. streamstats

AccountBar mode options

Change column color if over a range

Unix Time Math for a Field

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!