Splunk Search

Discussions

Thread Info

better field discovery with SUF

I was under the impression that using SUF to forward events would some hope provide more automatically discovered fie...

by Communicator in

rex - matching everything until a tab

Hello, I am trying to parse a log from a Tipping Point IPS. An example of the log I get is (the log is cut for cla...

by Communicator in

Search - Fields function

Hello, I want to display only the specify field(s) of the logs in the results display. Using: *|fields + ProductNa...

by Explorer in

Count Consecutive Errors and alert

Hi, We have some transaction logs which log business event transactions. I have a requirement to alert when a particu...

by Communicator in

How I can make rows in red color of a table of a view if some condition meets

How I can make rows in red color of a table of a view if some condition meets for example in table output of this vie...

by Builder in

Retirement and archiving period for one file

We have a file which will be updated very rarely(may be once a year or so that too may be a line will be added or del...

by Path Finder in

How do I get TimeRangePicker to revert to the default?

The dropdown box for the search time-range doesn't revert to the default value after I run a search, can I make this ...

by Communicator in

Merge results of two searches with transactions

Hi there Is there a way to merge the results of two different searches, where I'm grouping the events with the tra...

by Contributor in

Polling Interval

Will changing the polling interval of my remote data help in reducing the amount of data indexed in a day? I am hopin...

by Path Finder in

Field Extraction for REST API Logs

The content of the log is basically API REST calls. I am facing the issue of not being able to extract the fields of ...

by Motivator in

Sum of call_duration

I have a field called "call_duration" expressed as 00:00:17, and another field called "Party1Name" which is simply a ...

by Explorer in

Certain REGEX strings in transforms.conf will fail

I have requierement where i need to route data from certain sources to a specific index. The index name will be extra...

by Splunk Employee in

conditional event to display different static picture

is there any ways to display different static picture on dashboard depends on different search result. this is sort o...

by Path Finder in

Windows Security Logs: Regex Filtering Search time

I have a windows security event that I am trying to extract a custom field for failed logon events. The problem I hav...

by Path Finder in

How to chaining queries that update lookup tables?

Hi great knowledgeable splunkers! I have a number of queries that I need to chain in specific order so that static...

by Explorer in

I'm currently getting a pool warnings message, can someone explain what this means?

Pool warnings (1) License alerts notify you of excessive indexing warnings and licensing misconfigurations. If yo...

by New Member in

How do you use a field defined in the search as a search parameter?

Hello Splunk people, I'm trying to do something that seems simple but I'm having a lot of trouble figuring it out....

by Engager in

Search help: remove intersection of two sets from the first set

A customer asked this search question a few days ago. I thought it was a good one for answers. Assume you have two da...

by Splunk Employee in

How to re-use search query using HiddenPostProcess

So I'm attempting to re-use the same search query results multiple times in the same advanced view for performance re...

by Explorer in

Simulating SQL functions

I am trying to simulate this type of date filter in splunk. Please help... In SQL I use select * from table whe...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

better field discovery with SUF

rex - matching everything until a tab

Search - Fields function

Count Consecutive Errors and alert

How I can make rows in red color of a table of a view if some condition meets

Retirement and archiving period for one file

How do I get TimeRangePicker to revert to the default?

Merge results of two searches with transactions

Polling Interval

Field Extraction for REST API Logs

Sum of call_duration

Certain REGEX strings in transforms.conf will fail

conditional event to display different static picture

Windows Security Logs: Regex Filtering Search time

How to chaining queries that update lookup tables?

I'm currently getting a pool warnings message, can someone explain what this means?

How do you use a field defined in the search as a search parameter?

Search help: remove intersection of two sets from the first set

How to re-use search query using HiddenPostProcess

Simulating SQL functions

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

splunk search statement using keyword from input b...

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?