Splunk Search

Discussions

Thread Info

looking for unknown but equal field values across single search

I'm doing a search for invalid logons for our vpn logs. But I want the search results to return when the invalid atte...

by New Member in

CSV files with variable fields

I want to gobble in CSV files containing numeric data. Each file will have between 500 and 150,000 fields. (Yes that'...

by New Member in

Populating a summary index with transactions while preserving fields.

I have the following search which I would like to use to populate a summary index for reporting (run every 30 minutes...

by Path Finder in

One TimeRangePicker for all charts - modules

Hey, The answer to this question will be very useful to know  I have an advanced dashboard with a few charts (...

by Motivator in

Troubleshooting inputs.conf

In Windows I have the following in the Inputs.conf: [monitor://C:\Program Files\Microsoft SQL Server\MSSQL10_50.MS...

by Path Finder in

How do I turn off highlighting?

I have a search that pipes to another search, and this search is highlighting the results. I do not want the highligh...

by Path Finder in

Given two fields, how can i create a third field whose name is the first value and whose value is the second?

I have a dataset where the rows in my search results all have a 'value' field, and there's another field that specifi...

by SplunkTrust in

Reporting on zero results?

In order to identify web content that hasn't been pulled in a while, I thought I would use Splunk since a) my Apache ...

by Builder in

Dynamic Sourcetype Extraction

We're trying to set up a dynamic sourcetype extraction at index time. The reason for this is that we have about 40-50...

by Explorer in

Splunking traditional IT + Telco devices/systems/infrastructure

I don’t have any background in Telco world, I’m so blank about it, Telco people asked this many times, is it po...

by Explorer in

Manipulate results without re-running search

I just ran a search that returned approximately 1 million results. Only after it completed (which took a bit longer t...

by Path Finder in

postfix_syslog time extraction inaccuracies

We seem to be having an issue with the postfix_syslog sourcetype (that came as a default sourcetype in Splunk) and it...

by Communicator in

complicated subsearches

I have jboss logs that print a message size everytime jboss restarts. The message size is different everytime jboss s...

by Path Finder in

Subsearch on completed (finalized) results

If I do a search for something such as: uri="/this/or/that.html" over, say, an hour. Once the search completes (fi...

by Explorer in

multikv field extraction

Hello, How do i use multikv to extract fields that have % or / in them ? I'm unable to extract if it has those charac...

by Explorer in

Custom fields not always showing up

I have a Splunk app that parses some Snort files and assigns some fields to the content. The app works fine from the ...

by Engager in

Why is the "diff" search command not reliable for large events containing several hundred lines?

When I use the "diff" search command to compare events that contain several hundred lines, I notice that differences ...

by Splunk Employee in

How to use "Intention" to add search clauses after the "base search string"

I have read the this page about the concept of "Intention" : http://www.splunk.com/base/Splexicon:Intention It say...

by Path Finder in

Is there a bug in dedup?

I have the following query which almost does what I want: sourcetype="cisco_wsa_squid" | lookup teamlookup cs_user...

by Contributor in

How can I get the "Splunk for use with AMMAP" to work?

For the AMMAP application for the map, I followed the instruction and installed MAXMIND and the AMMAP app, but I can'...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

looking for unknown but equal field values across single search

CSV files with variable fields

Populating a summary index with transactions while preserving fields.

One TimeRangePicker for all charts - modules

Troubleshooting inputs.conf

How do I turn off highlighting?

Given two fields, how can i create a third field whose name is the first value and whose value is the second?

Reporting on zero results?

Dynamic Sourcetype Extraction

Splunking traditional IT + Telco devices/systems/infrastructure

Manipulate results without re-running search

postfix_syslog time extraction inaccuracies

complicated subsearches

Subsearch on completed (finalized) results

multikv field extraction

Custom fields not always showing up

Why is the "diff" search command not reliable for large events containing several hundred lines?

How to use "Intention" to add search clauses after the "base search string"

Is there a bug in dedup?

How can I get the "Splunk for use with AMMAP" to work?

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

Splunk Security Content for Threat Detection & Response, Q1 Roundup

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex

How to combine results of inputlookup and a search...