Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Can index compression be disabled once an index has already be created and is in use ?

Can we disable index compression in the /opt/splunk/etc/system/default/indexes.conf file once indexes are created ? ...

by Engager in

SysLog based Alert

I am trying to set up an Alert for syslog (udp:514) - and this is the search condition I use: sourcetype="syslog" ...

by Builder in

Source Host instead of Relay Host

Due to network restrictions, I needed to use a server as a relay. This relay server in turn forwards the logs to my S...

by New Member in

How to let Intermediate Forwarder redirect some events to each indexer ?

Hello, I would like to add one intermediate Forwarder between UF(Universal Forwarder) and 2 indexer. For ex: i wan...

by Contributor in

How to add ArcGis data into Splunk?

I want to add ArcGis data into Splunk but I do not know how to add because Arcgis data is different from Splunk data....

by New Member in

data format...

I'm looking at importing TCPDUMP data into Splunk purely for the graph functions and for the TOP functions available ...

by Contributor in

Collecting iPad activity data

Has anyone Splunk'ed data from a iPad? Specifically, user activity data if it exists in the logs or cache? I thin...

by Explorer in

plot numeric value in a field on a google map

Hi I am trying to plot numeric value in a field on a google map. I can show the count of a field, but can not fig...

by Motivator in

How do I exclude everything but certain events at my heavy forwarder?

At my HF I want to exclude everything BUT three websites. I have been playing with this for days now, that's what she...

by Path Finder in

sort and combine multiple lines if there's no pause

Hi, I'm new to Splunk so any help would be greatly appreciated. I'm trying to do two different things, and I'm not qu...

by Observer in

numeric field with thousand separator - stats doesn't interpret as numeric, timechart does

I stumbled on a very strange behavior of stats versus timechart when trying to interpret an extracted numerical field...

by Communicator in

How do I filter a transaction search based on the number of events in each transaction?

I want to group search results by user & src_ip (eg. via "transaction) however I only want to display results where t...

by Explorer in

Regex for host field inputs.conf

Anyone with ideas on how to convert this rex search string into host_regex= input for the Host field, to be a host na...

by Path Finder in

Automatic Lookup not working

I've followed http://docs.splunk.com/Documentation/Splunk/latest/User/CreateAndConfigureFieldLookups and looked at pl...

by Builder in

when I use timechart with "sum" why does the graph only show me a graph of events

When using this query: index=development host=*app.dev.dps "dgs_size" | timechart sum(dgs_size) It doesn't grap...

by Path Finder in

analyzing transactions based on the values in the raw data

Is there anyway to analyze trans data in SplunkStorm? Here is what I have: transaction is defined by beginTour and En...

by Path Finder in

UNC failed to follow files in a directory

Windows: When I point my inputs.conf file to index the contents of a directory of files. The files live on a UNC shar...

by Splunk Employee in

Changes to search configuration (field extractions etc) don't take effect right away in my distributed search environment. Why so? Can it be changed?

I'm adding and modifying settings to my Splunk search-time behavior -- improving extractions, creating lookups, and s...

by Splunk Employee in

Rename values using transforms.conf

I originally asked this question here: http://splunk-base.splunk.com/answers/55254/rename-values-extracted-into-fi...

by Builder in

How to adjust the subsearch auto-finalized time limit

Hello I currently have 3 searches that I am appending together. When I run the search I get the message "[subsearch]:...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Can index compression be disabled once an index has already be created and is in use ?

SysLog based Alert

Source Host instead of Relay Host

How to let Intermediate Forwarder redirect some events to each indexer ?

How to add ArcGis data into Splunk?

data format...

Collecting iPad activity data

plot numeric value in a field on a google map

How do I exclude everything but certain events at my heavy forwarder?

sort and combine multiple lines if there's no pause

numeric field with thousand separator - stats doesn't interpret as numeric, timechart does

How do I filter a transaction search based on the number of events in each transaction?

Regex for host field inputs.conf

Automatic Lookup not working

when I use timechart with "sum" why does the graph only show me a graph of events

analyzing transactions based on the values in the raw data

UNC failed to follow files in a directory

Changes to search configuration (field extractions etc) don't take effect right away in my distributed search environment. Why so? Can it be changed?

Rename values using transforms.conf

How to adjust the subsearch auto-finalized time limit

Observability Highlights | January 2023 Newsletter

Security Highlights | January 2023 Newsletter

Platform Highlights | January 2023 Newsletter

How to reverse a real-time query to it's original ...

How to use MLTK to tune DNS Query Length Outliers ...

Federated Search Questions

Optimizing metrics based searches?

How to use fit command together with foreach?