Splunk Search

Discussions

Thread Info

How to use command "splunk resurrect".

Hi, question about restoration of indexed data. I know how to restore(or search old) indexes data by putting neces...

by Motivator in

How can I get CLI searches to appear in the Job Manager?

It looks like the Job Manager currently does not allow me to track CLI searches. Is there some way I can get a jobid ...

by Champion in

Incomplete data returned after subsearch or join

Hello, I found that when I use subsearch or join command to join data, I can't make splunk to return the compl...

by Explorer in

eval expression usage

Greetings. I am trying to use an expression in the search string that will not display certain IP addresses. I hav...

by Explorer in

Extracting number of fields from a multi line event

Hello, I am trying to extract fields from an event which looks like this (I have multiple events) total time (m...

by Explorer in

Custom Field Extractions not visible in search head...

Hey guys, We are monitoring 2 specific CSV Log files on one indexer. I setup the appropriate custom field extract...

by Contributor in

Compare 2 fields

Basically I have a line of data that looks like this: Jun 28 14:15:10 sc4-app04.mcafeesecure.com portal: ACCESS Cl...

by Explorer in

I'm being audited. Can i give my auditor a list of hosts and the indexes their data is in?

An auditor is requesting that we furnish them with a list of all servers logging to splunk and the index they are bei...

by Splunk Employee in

Editing logs at index time

I have splunk indexing a local file that is being continuously written to and I need the first word in each event to ...

by Explorer in

How to collapse unneeded lines in the search result for a very long event?

Search string "mismatch". The single event is about 2-3K lines or more. In the lines of text there are 5 lines wit...

by Splunk Employee in

Windows security event log regex help

I need a regex that can process all security events with eventid 540 that don't contain $, SYSTEM, or ANONYMOUS LOGON...

by Explorer in

Help on Errror stats - The argument '>' is invalid

I am scheduling this search(Daily Indexed Volume): index=_internal source=*metrics.log splunk_server="*" | eval MB...

by Path Finder in

Making a lookup optional? (Or, how to build a multi-level lookup?)

I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against a...

by Super Champion in

Create field names automatically from line in file

Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ...

by Explorer in

Metadata filtered by eventtype

Can I use eventtype=myevent with |metadata? example: | metadata type=hosts | eventtype=group_A I know tags wor...

by Communicator in

find total unique sources over the last 30 days?

I have what I think should be a simple search, but I'm not quite able to come up with a way to do it. Ultimately I gu...

by Builder in

Correlating a start and stop event with transaction

I'm trying to correlate start and stop events and having a much harder time than what the documentation implies in or...

by Explorer in

How to omit categories of log entries

When we are browsing log files for problems, we often don't know exactly what we're looking for. But in a short perio...

by Engager in

What is the syntax for finding top value of some field and increasing the limit?

index="whatever" INFECTION | top limit="15" misc by src When I attempt this search, the limit qualifier seems to ...

by Champion in

Restricting search results to or excluding Extracted Fields

Hello, I would like to filter a search result, of irrelevant data, to display less information so its easier to sp...

by New Member in

metadata search for distributed environment

I have 4 servers in a distributed environment. I use server a to login and do the search. When I use the search | ...

by Communicator in

Debugging Custom Splunk Search Commands

I have taken iplocation.py as a skeleton for a simple custom search command that adds another column to the search re...

by Explorer in

REST calling last scheduled search

Is there a way to have REST look up the latest results from a scheduled search and return them, not re-running the se...

by Motivator in

How do I get the diff.py command to work?

I moved my Splunk instance to another machine and I'm getting the following error message: 2010-06-15 16:20:24,739 ER...

by Splunk Employee in

Cannot use auto_finalize_ec in search

I find the document about auto finalize in this page http://zh-hant.splunk.com/base/Documentation/latest/Developer/RE...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use command "splunk resurrect".

How can I get CLI searches to appear in the Job Manager?

Incomplete data returned after subsearch or join

eval expression usage

Extracting number of fields from a multi line event

Custom Field Extractions not visible in search head...

Compare 2 fields

I'm being audited. Can i give my auditor a list of hosts and the indexes their data is in?

Editing logs at index time

How to collapse unneeded lines in the search result for a very long event?

Windows security event log regex help

Help on Errror stats - The argument '>' is invalid

Making a lookup optional? (Or, how to build a multi-level lookup?)

Create field names automatically from line in file

Metadata filtered by eventtype

find total unique sources over the last 30 days?

Correlating a start and stop event with transaction

How to omit categories of log entries

What is the syntax for finding top value of some field and increasing the limit?

Restricting search results to or excluding Extracted Fields

metadata search for distributed environment

Debugging Custom Splunk Search Commands

REST calling last scheduled search

How do I get the diff.py command to work?

Cannot use auto_finalize_ec in search

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!