Splunk Search

Ask a Question

Discussions

Thread Info

Field extraction with duplicate values in fields

Splunk 4.0.10 I have a log file that has 5 fields, date, time, account, received, authorized. It looks like this: ...

by Builder in

display average hits per minute for each hour for a time range

how do i show the average number of hits per minute for each hour? basically i have a system that will, on peak ho...

by Path Finder in

Nested inputs (Splunk 4.1)

Hi folks I have a directory structure on my server box (with splunk LWF) like this: /foo/bar/node1/server1/Syst...

by Contributor in

How do you exclude certain days from a time range?

If you have a time range and certain days contain data you'd like to exclude can you drop the days from your search r...

by Communicator in

Detect absence of an event

I would like to be able to see if a user logs in via ssh but doesn't log out within 30 minutes. For example 12:...

by Communicator in

How to map an IP to a hostname in the splunk hosts list?

My understanding is that this is now done via a splunk config file. How?

by Champion in

What is a search head?

I see lots of reference to search heads as a way to improve search performance. I can't find a search head section of...

by Path Finder in

Using host tags (or similar) when searching on fields?

I have a number of hosts that have a certain tag on them (let's say "sensitive"). I want to look for account lockout ...

by Legend in

Subsearch like correlated subquery in SQL

Is it possible with subsearch to pass a list of search results to the outside search? similar to a SQL correlated sub...

by Path Finder in

What is the best way to handle sequential event funnels?

Given a sequence of general to specific events (like product browsing a pages, followed by particular product pages)....

by Engager in

How can find out what search query was executed for a particular search job id?

I'm trying to map search performance to specific searches. I have to discover if its possible to marry up a job ID to...

by Splunk Employee in

The asterisk character is not matching all characters when doing a search, is this a bug?

The asterisk character is not matching all characters. A search for : rectype="bl*query" returns 0 matching...

by Splunk Employee in

When displaying events in a table, can I change the timeformat used to render the times?

In a dashboard we're working with we are displaying a table of events and the times always have 000 as the millisecon...

by SplunkTrust in

What happened to Livetail?

Livetail was around in version 3.x and went away in 4.0. When is it coming back?

by Champion in

The splunk-system-user is hitting a quota limit. How do I increase the quota for this user?

I'm running summary searches and the splunk-system-user keeps hitting a quota limit. 04-12-2010 16:50:28.436 ER...

by Champion in

Comparing events from 2 dates to detect new ones

Hi All... i'll first describe my scenario.. i have logs that contains entries regarding open ports like: 1-1-2...

by New Member in

Does LiveSearch work with a distributed environment?

Can I do a live search over multiple Splunk indexers?

by Communicator in

emit 3-column table from search (like CHART without aggregation)

My search returns 10 fields in each event and I want to create a table with one row per event and columns for 3 of th...

by Contributor in

What are the known/possible ways of drilling down into a result set without re-querying the entire index?

Wanted to see what is/are the possible methods to do so. One way I could think of is to export the results using o...

by Path Finder in

Finding the busiest hour of the day with timespan and ignore hours with zero events

I use the following query against a Cisco as5400 to find the number of calls per hour during a day. 10.200.90.19 C...

by Explorer in

after upgrade to 4.1 unable to get fields from search using python

After upgrading to 4.1 from 4.0.10 I am unable to get fields using a search from python script. The simplified versio...

by Contributor in

Scripted auth and search filters in 4.1

I am trying to get scripted auth working on the new 4.1. I had a configuration on 3.4.x that worked great but after m...

by Path Finder in

how to find all windows systems reporting a partcular event ID, Source, and/or Severity

What are the searches required to search across Windows Event Logs for: most recent events of a particular event I...

by Contributor in

In a Distributed Search environment, how do I restrict my search to a particular peer or peers?

Splunk does such an awesome job with distributed search. It seems like all my data is on one server (my search head) ...

by Champion in

What is the minimum free space value for a search?

After upgrading to Splunk 4.1 from 4.0.10 today, we find that we can no longer run searches. splunkd.log shows: ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Field extraction with duplicate values in fields

display average hits per minute for each hour for a time range

Nested inputs (Splunk 4.1)

How do you exclude certain days from a time range?

Detect absence of an event

How to map an IP to a hostname in the splunk hosts list?

What is a search head?

Using host tags (or similar) when searching on fields?

Subsearch like correlated subquery in SQL

What is the best way to handle sequential event funnels?

How can find out what search query was executed for a particular search job id?

The asterisk character is not matching all characters when doing a search, is this a bug?

When displaying events in a table, can I change the timeformat used to render the times?

What happened to Livetail?

The splunk-system-user is hitting a quota limit. How do I increase the quota for this user?

Comparing events from 2 dates to detect new ones

Does LiveSearch work with a distributed environment?

emit 3-column table from search (like CHART without aggregation)

What are the known/possible ways of drilling down into a result set without re-querying the entire index?

Finding the busiest hour of the day with timespan and ignore hours with zero events

after upgrade to 4.1 unable to get fields from search using python

Scripted auth and search filters in 4.1

how to find all windows systems reporting a partcular event ID, Source, and/or Severity

In a Distributed Search environment, how do I restrict my search to a particular peer or peers?

What is the minimum free space value for a search?

Uncovering Multi-Account Fraud with Splunk Banking Analytics

Secure Your Future: A Deep Dive into the Compliance and Security Enhancements for the ...

New This Month in Splunk Observability Cloud - Synthetic Monitoring updates, UI ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Using Machine Learning Toolkit to detect auth abus...

Proactively stream data to different index after C...