Splunk Search

Discussions

Thread Info

Using indexed DHCPD logs to find MAC address for IP

I'm trying to leverage my indexed DHCPD logs to provide additional information about internal IP's that show up in ot...

by Explorer in

Splunk Regex Expression

Below is the raw data that am getting. I want to extract the events where category is Error. For this am doing this i...

by Path Finder in

Using a lookup to search values that are NOT in logs

I've tried using info from the following 2 KB posts, but I am still having trouble: http://splunk-base.splunk.com/...

by Builder in

Auto Group Result

Hi, I would like to group my product based on weight. Sample logs are: Product ID | Weight 00368001a1 | 1...

by Explorer in

Iterative fields with spaces in values

I'm having trouble with the way Splunk parses some of my logs which has field=value pairs that have values with unquo...

by New Member in

add device dynamiclly

what is the best way to add these devices dynamically ? We are using autoscale servers, how should we introduce new d...

by New Member in

multivalue fields and fields.conf

With the following data: mac_addr=01-02-03-04-05-06, 01-02-03-04-05-07, 01-02-03-04-05-08 Using this search will p...

by Splunk Employee in

mvfind for the last value

It seems that mvfind will only return the index of the first matching value. I would like to return the index of the ...

by Explorer in

two different time modifiers in one search?

The problem I'm facing is that I want a search that comes up with the possibility to set different time modifiers for...

by Engager in

how to convert oracle function

hello . i want to convert oracle function to splunk search. but i don't know this conversion . here's oracle func...

by New Member in

Keeping field of subsearch

How can I keep fields of a subsearch so I can add them to a table with the end result? I tried with no success ......

by Explorer in

do we have commad to trim new lines ??

HI.. I have seen the functions ltrim and rtrim to spaces ..do we have functions to trim new lines.. actually in...

by Motivator in

Field Extraction identification

Is there a way to determine which field extraction (transforms or search rex) was used for a specific sourcetype?

by Communicator in

Setting a line in chart to represent as warning

Hi, I want to draw two lines as warning boundaries in a line chart. The string goes "index="ong_poc_index" sourcetyp...

by Engager in

Discarding specific event and keeping the rest

Below is the raw data that am getting. I want to extract the events where category is Error. For this am doing this i...

by Path Finder in

Display peak usage over time

Hi  We are using Splunk 5.0.2 and have a requirement to show peak bandwidth usage over time. Here is the searc...

by Contributor in

Not a question, but tip for all those running 5.0.1 or 5.0.2

There is a configuration file default setting error that was made (and confirmed by Splunk support today when I calle...

by Contributor in

How to escape the first line having ‘null’ char

I have a log file ( generated from the WAS server) having the first line like that : null null null null... Please he...

by New Member in

I need help filtering search results by milliseconds - values are in a string

New splunk user here so I'm not very familiar with how some of the commands work, so I apologize in advance. My se...

by New Member in

Top 10 values from 10 different columns?

I want top 10 values from the below query: Problem is , we have applied stats average on multiple column, so simply w...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Using indexed DHCPD logs to find MAC address for IP

Splunk Regex Expression

Using a lookup to search values that are NOT in logs

Auto Group Result

Iterative fields with spaces in values

add device dynamiclly

multivalue fields and fields.conf

mvfind for the last value

two different time modifiers in one search?

how to convert oracle function

Keeping field of subsearch

do we have commad to trim new lines ??

Field Extraction identification

Setting a line in chart to represent as warning

Discarding specific event and keeping the rest

Display peak usage over time

Not a question, but tip for all those running 5.0.1 or 5.0.2

How to escape the first line having ‘null’ char

I need help filtering search results by milliseconds - values are in a string

Top 10 values from 10 different columns?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Can fromjson be used in props.conf or transforms.c...

How to Add Datamodel Fields in Search and Reportin...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...