Splunk Search

Discussions

Thread Info

Making a lookup optional? (Or, how to build a multi-level lookup?)

I have a scenario where I would like to do a two-layered lookup. I'm essentially doing an IP address lookup against a...

by Super Champion in

Create field names automatically from line in file

Below are the first 7 lines of a file that I want to index. The additional lines all look like line 7. Can I have it ...

by Explorer in

Metadata filtered by eventtype

Can I use eventtype=myevent with |metadata? example: | metadata type=hosts | eventtype=group_A I know tags wor...

by Communicator in

find total unique sources over the last 30 days?

I have what I think should be a simple search, but I'm not quite able to come up with a way to do it. Ultimately I gu...

by Builder in

Correlating a start and stop event with transaction

I'm trying to correlate start and stop events and having a much harder time than what the documentation implies in or...

by Explorer in

How to omit categories of log entries

When we are browsing log files for problems, we often don't know exactly what we're looking for. But in a short perio...

by Engager in

What is the syntax for finding top value of some field and increasing the limit?

index="whatever" INFECTION | top limit="15" misc by src When I attempt this search, the limit qualifier seems to ...

by Champion in

Restricting search results to or excluding Extracted Fields

Hello, I would like to filter a search result, of irrelevant data, to display less information so its easier to sp...

by New Member in

metadata search for distributed environment

I have 4 servers in a distributed environment. I use server a to login and do the search. When I use the search | ...

by Communicator in

Debugging Custom Splunk Search Commands

I have taken iplocation.py as a skeleton for a simple custom search command that adds another column to the search re...

by Explorer in

REST calling last scheduled search

Is there a way to have REST look up the latest results from a scheduled search and return them, not re-running the se...

by Motivator in

How do I get the diff.py command to work?

I moved my Splunk instance to another machine and I'm getting the following error message: 2010-06-15 16:20:24,739 ER...

by Splunk Employee in

Cannot use auto_finalize_ec in search

I find the document about auto finalize in this page http://zh-hant.splunk.com/base/Documentation/latest/Developer/RE...

by Splunk Employee in

Multivalue Regex capture

If I have an event with more than one IP addres in it, how can I write a regex that will capture all of the IP's? ...

by Path Finder in

Working with eventtypes: how to solve duplicated rows into results

Good morning, I'm developing for a customer a very simple search. tag=mysourcetype tag=myeventtype startdaysag...

by Path Finder in

Pros and Cons: External lookup script vs custom search command?

What are the pros and cons to using an external lookup script vs a custom search command when the purpose is simply t...

by Super Champion in

Calculate diff between two entries in a transaction?

I'm trying to calculate the amount of time between two events and I'm having a lot of trouble. Because of some requir...

by Explorer in

one-way distributed searches

Given servers A and B, how do you search both A AND B from server A, but disallow B from searching against A?

by Splunk Employee in

How do I display percentage of 500 errors on a per-URI basis?

So, I have a big set of web stats for a given time in a search. Basically, I want it broken down by uri_path and for ...

by Engager in

Comparing two data sets from the same timeframe and index?

I am trying to compare the results of two searches that share a common timeframe and index, with a negation. The comm...

by Explorer in

flashtimeline: Results and events sorted in same time order?

In a view like the flashtimeline, there is a selector to choose between the results of the search and the log events ...

by Path Finder in

Searching for all events before a specific date specified in the search string

I have a search where I have been using "latesttime=-2d@d" to specify the time range, like so: ... latesttime=-2d@...

by Splunk Employee in

Output of search to another search

I am doing a search which gives me two fields and say parent1 and child1...n so with parent and child I have 1 to n r...

by Explorer in

Question about MVfields

Hello there, Is it possible to chart a multivalued field against another multivalued field of the same size? Fo...

by Communicator in

Search help - reporting backup status

We have many hosts running backups every night and report back if they are successful or not. I would like to simplif...

by Splunk Employee in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Making a lookup optional? (Or, how to build a multi-level lookup?)

Create field names automatically from line in file

Metadata filtered by eventtype

find total unique sources over the last 30 days?

Correlating a start and stop event with transaction

How to omit categories of log entries

What is the syntax for finding top value of some field and increasing the limit?

Restricting search results to or excluding Extracted Fields

metadata search for distributed environment

Debugging Custom Splunk Search Commands

REST calling last scheduled search

How do I get the diff.py command to work?

Cannot use auto_finalize_ec in search

Multivalue Regex capture

Working with eventtypes: how to solve duplicated rows into results

Pros and Cons: External lookup script vs custom search command?

Calculate diff between two entries in a transaction?

one-way distributed searches

How do I display percentage of 500 errors on a per-URI basis?

Comparing two data sets from the same timeframe and index?

flashtimeline: Results and events sorted in same time order?

Searching for all events before a specific date specified in the search string

Output of search to another search

Question about MVfields

Search help - reporting backup status

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

Index This | When is October more than just the tenth month?

Observe and Secure All Apps with Splunk

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions