Splunk Search

Discussions

Thread Info

Calculate diff between two entries in a transaction?

I'm trying to calculate the amount of time between two events and I'm having a lot of trouble. Because of some requir...

by Explorer in

one-way distributed searches

Given servers A and B, how do you search both A AND B from server A, but disallow B from searching against A?

by Splunk Employee in

How do I display percentage of 500 errors on a per-URI basis?

So, I have a big set of web stats for a given time in a search. Basically, I want it broken down by uri_path and for ...

by Engager in

Comparing two data sets from the same timeframe and index?

I am trying to compare the results of two searches that share a common timeframe and index, with a negation. The comm...

by Explorer in

flashtimeline: Results and events sorted in same time order?

In a view like the flashtimeline, there is a selector to choose between the results of the search and the log events ...

by Path Finder in

Searching for all events before a specific date specified in the search string

I have a search where I have been using "latesttime=-2d@d" to specify the time range, like so: ... latesttime=-2d@...

by Splunk Employee in

Output of search to another search

I am doing a search which gives me two fields and say parent1 and child1...n so with parent and child I have 1 to n r...

by Explorer in

Question about MVfields

Hello there, Is it possible to chart a multivalued field against another multivalued field of the same size? Fo...

by Communicator in

Search help - reporting backup status

We have many hosts running backups every night and report back if they are successful or not. I would like to simplif...

by Splunk Employee in

Is it possible to do an index-only search without loading the raw event?

I have a summary index search that does some simple stats (count) by host and sourcetype for WMI events. The problem ...

by Super Champion in

Regex for Sudo.log extractions

Hello folks, I am having a difficult time extracting fields properly from the sudo.log file on several of our servers...

by New Member in

After upgrade to splunk 4.1, I try to access the field extractions page in manager, and it doesn't work.

After upgrading, when accessing field extraction page in manager in 4.1, it doesn't work. This appears in splunkd.log...

by Splunk Employee in

How does Splunk handle data with comma separated fields containing zero values

For example DATA test1, test2, test3 so just add the DELIMS = "," in transforms and REPORT-test entry in props....

by Contributor in

Using Splunk to count within a search - users to ip addresses

Hi all, I have logs in the following format 2010-06-17 02:04:55 user1 ip.add.ress.here GET /mysite/mypage.html ...

by Path Finder in

Summary Index & sistats

Hi I am seeing some weirdness with one of the saved-searches that we have. One of these searches is of the form: ...

by Path Finder in

search results displaying events not associated with search

I have Splunk set up to monitor syslog on udp 514. Splunk is receiving event logs from several servers. When se...

by Explorer in

Event correlation question

I am evaluating SPLUNK for my client. Reading previous questions tells me I can do this, but want to confirm. have...

by Explorer in

Search results that do not contain a word

I tried for an hour but couldn't find the answer. I need to search my syslogs from a specific host for entries that d...

by Engager in

Transaction failures

Trying to get a transaction search to work. The transaction is logged in 2 different log sources, with the matching f...

by Influencer in

What does MetaDataCache "not all cwpairs were found" mean?

Anyone familiar with the following message? I found this in search.log. WARN MetaDataCache - not all cwpairs ...

by Super Champion in

Distrubuted search across specific data

Hello, We currently have a Splunk setup as follows UAT: Three indexers (NY, LDN, SGP), each collect data from f...

by Communicator in

Can multiple values be extracted for a single field for a single event?

If I have one event such as: 2010-06-10 15:01:16,882 .main INFO :: x=1 x=12 x=154 x=123 x=123 will it be able t...

by Splunk Employee in

Compare the count events from one source to a count of events from another over time.

I would like to create a report that counts the number of times I see an error log in one file with a count of events...

by Explorer in

What does SearchResults "Corrupt csv header" mean?

Does anyone know what this message means? 06-14-2010 15:45:14.859 WARN SearchResults - Corrupt csv header, 2 ...

by Super Champion in

Finding uncompleted transactions

I have application logs that will create a log when a user makes a request like: 2010-02-17 16:13:28.515 host...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Calculate diff between two entries in a transaction?

one-way distributed searches

How do I display percentage of 500 errors on a per-URI basis?

Comparing two data sets from the same timeframe and index?

flashtimeline: Results and events sorted in same time order?

Searching for all events before a specific date specified in the search string

Output of search to another search

Question about MVfields

Search help - reporting backup status

Is it possible to do an index-only search without loading the raw event?

Regex for Sudo.log extractions

After upgrade to splunk 4.1, I try to access the field extractions page in manager, and it doesn't work.

How does Splunk handle data with comma separated fields containing zero values

Using Splunk to count within a search - users to ip addresses

Summary Index & sistats

search results displaying events not associated with search

Event correlation question

Search results that do not contain a word

Transaction failures

What does MetaDataCache "not all cwpairs were found" mean?

Distrubuted search across specific data

Can multiple values be extracted for a single field for a single event?

Compare the count events from one source to a count of events from another over time.

What does SearchResults "Corrupt csv header" mean?

Finding uncompleted transactions

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions