Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

how to classify events by source when they have the same sourcetpye?

Hi I'm indexing a file which is being written by a syslog process (therefore I defined the sourcetype=syslog) and ...

by Communicator in

How to find earliest event based on Event code for once server?

Hi, I am trging to find the first time the event ID 4656 was indexed for particular server. the below search gi...

by Explorer in

Deploying across multiple OS

Hi there, I have a network with Windows and Linux Systems mixed. It is not possible to seperate them or create IP...

by Communicator in

Save jobs/searches using Java SDK

How can we save a job or search after creating it. I further need to create an alert out of the job. I understand ...

by New Member in

Show search result in a readonly textbox

I want to display search result value in a readonly textbox.Iam using advanced Xml.Please help

by Communicator in

Extract field from event with repeated information

Hi, ive asked my qn below after my event logs shown: Example logs: part of event A: ... ... (other details o...

by Communicator in

Defining variables or constants

I would like to be able to have a predefined variable or constant to run queries with by example source="syslog" l...

by Explorer in

Splunk 4.3 showing flash

I upgraded Splunk version 4.2.4 to Splunk 4.3 in linux (using .rpm file) but in my IPAD it looks like the graphs are ...

by Builder in

Search returning too much

Hi, I want to query on eventtype, and my query is returning items that I don't want. My search is: source="/var...

by Champion in

How do convert a field and report on the average response time?

I have a field in my Apache logs that's defined as "MicroSeconds". This is the response time in microseconds for a sp...

by Builder in

Customize splunk search app to index

I want to customize splunk search app such that particular users have access to a particular index. at login one shou...

by Path Finder in

How to alert when an "error" happens once every 10 min, but not until 3 consecutive hits?

I have an "error-string" and need to alert when I find it not only in the first 10 minute check; not only in the seco...

by Communicator in

Find rate from total

I want to take a totals field. And display the rate on a chart. For example: Total = 0, 1, 2, 3, 4, 5, 6, 7, 9,...

by Communicator in

How to Extract Mac Address Field from Cisco Mac Address Notification Traps

Hello, I am trying to extract the mac address from the following snmp trap. The mac address is embedded in the Hex...

by New Member in

How to determine amount of data from a given host

Been poking around and trying to figure out how to pull up how much data has been sent from a specific host. For e...

by Explorer in

Search for active hosts over a period of time

I'm trying to check for hosts that were sending data last week and now are not, or newly added hosts. I don't think t...

by Communicator in

Filter Input data from universalforwarder port_9514

First, thanks for taking the time to look at this. Hopefully I'll be able to provide all the information you need to ...

by Path Finder in

avg cpu usage

Trying to create a report for avg CPU usage and failing. current search is splunk_server=red counter="% Proce...

by Explorer in

Why can't I index my wtmp, lastlog, etc files?

I have a text file that I cannot index, I KNOW it's text, I can vi the file with :set list and there are no hidden ch...

by Splunk Employee in

Export list of files being indexed into Splunk

Is there a way (Splunk feature or search cmd) to export a list of files that were indexed and then create a report?

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to classify events by source when they have the same sourcetpye?

How to find earliest event based on Event code for once server?

Deploying across multiple OS

Save jobs/searches using Java SDK

Show search result in a readonly textbox

Extract field from event with repeated information

Defining variables or constants

Splunk 4.3 showing flash

Search returning too much

How do convert a field and report on the average response time?

Customize splunk search app to index

How to alert when an "error" happens once every 10 min, but not until 3 consecutive hits?

Find rate from total

How to Extract Mac Address Field from Cisco Mac Address Notification Traps

How to determine amount of data from a given host

Search for active hosts over a period of time

Filter Input data from universalforwarder port_9514

avg cpu usage

Why can't I index my wtmp, lastlog, etc files?

Export list of files being indexed into Splunk

Last Chance to Submit Your Paper For BSides Splunk - Deadline is August 12th!

Ready, Set, SOAR: How Utility Apps Can Up Level Your Playbooks!

DevSecOps: Why You Should Care and How To Get Started

Why are events duplicating when running | collect ...

Help with SNMP Modular Input- Why am I not seeing ...

email alerts

How to combine count from two different mstats in...

Where is the Splunk API documentation for search j...