Splunk Search

Discussions

Thread Info

Group IP addresses (integer)

Problem: Huge list of IP addresses across multiple subnets, how to group and list in order of subnets. This is wha...

by Explorer in

Lookup table does not exist from indexer but everything is global

I've configured a CSV lookup and an automatic lookup on Splunk 5.0.4 that work on one of my search heads (let's call ...

by Explorer in

One file with two sourcetype Need Regex

I have my DNS and DHCP logs in one file and I would like to set "TZ = UTC" on the sourcetype. My problem is what woul...

by Motivator in

Use of NOT operator

Hello Splunkers, I'm trying to run a search against some logs that include a wild carded hostname, two error messages...

by Contributor in

Alternative to stats dc(*)

Hello, I have a dashboard for windows event viewer. There are two pulldowns which populates the relevant fields. But ...

by Champion in

DB Connect does not work when enableSplunkdSSL=false

Hi. For some reasons, I turned off SSL for Splunk REST API. Everything is fine, except the Splunk DB Connect app. ...

by Path Finder in

streamstats multiple moving averages

My current Splunk search looks like this: sourcetype="ContributionWebApiUat" DbResponseTime=* | chart values(DbRes...

by Path Finder in

Is this a Join, subsearch, or something else?

In my search I am at a stage where I have something like below. USERID EVENT STATUS 1 HELLO PASS 2 HELLO FAIL 3 HE...

by Explorer in

How to remove "received event for unconfigured/disabled/deleted index" messages

Due to some mistake, I am getting this messages: received event for unconfigured/disabled/deleted index='2013-03-1...

by Path Finder in

Regex remove quotes from log file field

Hi, I have a transform like this - it works fine except when I need to look up a field [specialLogFile] REGEX = ^...

by Path Finder in

extracting year from directory name & date/time from file

I have syslog files that are in the directory structure of system/Hosts/year/month/day I've been able to get the i...

by New Member in

Values function separator

My query is the following index="_internal" | table host | stats values(host) output: values(host) host1 host2 ...

by Explorer in

Running tscollect on a search head pool

We have a dashboard that I would like to use tstats to generate the data, and run a search ever 2 minutes using tscol...

by Path Finder in

inputlookup with database lookup

Is there a way to use a database lookup in the way you would using inputlookup? If I wanted to just dump the contents...

by Communicator in

Can I use environemnt variable as host in inputs.conf of forwarder ?

Is it possible in inputs.conf in windows machine to use host=$ I tried using: host=$computername b...

by Path Finder in

Difference between last(X) and latest(X)

Hi, What is the difference between last(X) and latest(X) functions for stats. I tried both in searches and i get s...

by Influencer in

SavedSplunker - Max alive instance count=1 reached for saved search_id

Splunk Version : 4.3.4 OS : Redhat Message : SavedSplunker - Max alive instance count=1 reached for saved search_...

by Path Finder in

search time range

I need to have a search that uses: index="pt_app_siebel" SWEMethod="ReconfigureCXProd" starttime=9/6/2013:00:00:00...

by Path Finder in

Sorting of Columns in Saved Search

Hello everyone, I have a table like the below example: || Protocol || Count || || TCP || 500 || || UDP ||...

by Path Finder in

Regex to return which includes a specific text

Hi, I am planning to capture all the URIs with word chaser (case in sensitive). I have used this | regex uri="(...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Group IP addresses (integer)

Lookup table does not exist from indexer but everything is global

One file with two sourcetype Need Regex

Use of NOT operator

Alternative to stats dc(*)

DB Connect does not work when enableSplunkdSSL=false

streamstats multiple moving averages

Is this a Join, subsearch, or something else?

How to remove "received event for unconfigured/disabled/deleted index" messages

Regex remove quotes from log file field

extracting year from directory name & date/time from file

Values function separator

Running tscollect on a search head pool

inputlookup with database lookup

Can I use environemnt variable as host in inputs.conf of forwarder ?

Difference between last(X) and latest(X)

SavedSplunker - Max alive instance count=1 reached for saved search_id

search time range

Sorting of Columns in Saved Search

Regex to return which includes a specific text

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Migration Qradar data to Splunk

Running multiple query based on condition

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...