Splunk Search

Discussions

Thread Info

Newbee and blacklistng

I am getting killed on licensing with the amount of useless data from my IronPort WSA. At this point Splunk is being ...

by New Member in

How can you do OR statements in rex?

I'm trying to write a regex expression that extracts a field that ends in either a new line or a ":". I am trying to ...

by Communicator in

Missing columns when searching

I seem to be encounting some sort of limit on the number of columns that are being displayed. Here is the gist of wha...

by Path Finder in

Scripted Lookup Script doesn't output to a CSV file

Below is the props.conf at $SPLUNK_HOME/etc/system/local: [Test_Log] lookup_table = namelookup memberId OUTPUT ...

by Path Finder in

Transform or extraction to explicitly set value based on regexp match

I woudl like to categorize some useragent patterns into several discrete groups. That is, there are a number of di...

by Path Finder in

Nested Searches Part 2

There is a post regarding Nested searches which got me thinking about a problem i've been having. I have a very heter...

by Path Finder in

Counting results with versus without a term and graphing number as percentage for each day

I have 2,894 events when I do a search for everything in my index. When a do a search for a subset of things with...

by Explorer in

How to extract data?

Hello, i am trying to extract from a search some data, and split the data into two fields with values. So far i...

by Contributor in

Linecount issue when searching logs

I have a question regarding a search I am trying to compose. Here is a snipped from the logs: Tue Jan 18 13:50:...

by Builder in

How do I increase the limit on events returned when using cli search?

When running a splunk search from the cli, the maximum number of events returned is 100. How do I increase this limit...

by Path Finder in

Correlation of two files with different field and make graph

Hi everybody, I tried to find solution with questions who has ever asked but I don't find my answers :=/ I want to...

by New Member in

Summarizing results of a search by system

We have a batch search that looks for password changes on Windows boxes that happened "yesterday" and sorts the resul...

by Engager in

Relative time using date_mday and date_wday in search syntax

I am trying to trend some metrics for the first Wednesday of each month, over a time range of 6 months. I have someth...

by Path Finder in

How Can I customize Time

Hello Gurus! Here is what I am trying to do. I am trying using Simplified XML, Form to select a certain host and t...

by Communicator in

How to extract several fields?

Hello we need to extract a lot of fields from the following log: Example deleted. What would be the best way...

by Contributor in

keys with many values

Suppose my log entries resembled: Rick ate a cheeseburger Tony ate a grape Rick ate a frenchfry Tony a...

by Communicator in

Calculate the difference between the event time and that in a field

I am trying to calculate the difference between the time of an event and the time as it exists in a field of the even...

by Path Finder in

Search command to track file deletion in Windows?

Hi, I am trying to generate a search command to track file deletions by user.The current command that I have is: ...

by Contributor in

How can I find out the length of a line in a log file?

We have a CSV file that we import into splunk daily. We have at least one line that is too long and is possibly corru...

by Path Finder in

Fieldpicker is killing me

When using distributed search across a number of hosts, the difference in performance between flashtimeline and advan...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Newbee and blacklistng

How can you do OR statements in rex?

Missing columns when searching

Scripted Lookup Script doesn't output to a CSV file

Transform or extraction to explicitly set value based on regexp match

Nested Searches Part 2

Counting results with versus without a term and graphing number as percentage for each day

How to extract data?

Linecount issue when searching logs

How do I increase the limit on events returned when using cli search?

Correlation of two files with different field and make graph

Summarizing results of a search by system

Relative time using date_mday and date_wday in search syntax

How Can I customize Time

How to extract several fields?

keys with many values

Calculate the difference between the event time and that in a field

Search command to track file deletion in Windows?

How can I find out the length of a line in a log file?

Fieldpicker is killing me

Build Scalable Security While Moving to Cloud - Guide From Clayton Homes

Mission Control | Explore the latest release of Splunk Mission Control (2.3)

Cloud Platform | Migrating your Splunk Cloud deployment to Python 3.7

Ex Cisco - run a report for all DFS users who logg...

Splunk query to list all the queries that time out

How to perform time series analysis and anomaly de...

How to find events that were sent to HEC?

Total spend per field per month