Splunk Search

Discussions

Thread Info

Summarizing results of a search by system

We have a batch search that looks for password changes on Windows boxes that happened "yesterday" and sorts the resul...

by Engager in

Relative time using date_mday and date_wday in search syntax

I am trying to trend some metrics for the first Wednesday of each month, over a time range of 6 months. I have someth...

by Path Finder in

How Can I customize Time

Hello Gurus! Here is what I am trying to do. I am trying using Simplified XML, Form to select a certain host and t...

by Communicator in

How to extract several fields?

Hello we need to extract a lot of fields from the following log: Example deleted. What would be the best way...

by Contributor in

keys with many values

Suppose my log entries resembled: Rick ate a cheeseburger Tony ate a grape Rick ate a frenchfry Tony a...

by Communicator in

Calculate the difference between the event time and that in a field

I am trying to calculate the difference between the time of an event and the time as it exists in a field of the even...

by Path Finder in

Search command to track file deletion in Windows?

Hi, I am trying to generate a search command to track file deletions by user.The current command that I have is: ...

by Contributor in

How can I find out the length of a line in a log file?

We have a CSV file that we import into splunk daily. We have at least one line that is too long and is possibly corru...

by Path Finder in

Fieldpicker is killing me

When using distributed search across a number of hosts, the difference in performance between flashtimeline and advan...

by Path Finder in

will splunk do this for me?

I am planning on installing snort of my network to gather ip traffic. I would like to use splunk to show me graphical...

by New Member in

How to configure search-time fields

I cannot find in the manual how to configure search-time field extraction. I would like to define some fields that ap...

by Explorer in

How do I remove negative numbers from an eval?

I have a search which runs an eval statement. The problem is every couple of times a day the numbers its pulling (the...

by Splunk Employee in

error in timechart command and too many bins

I am getting the following error Error in 'timechart' command: Span value '1m' results in too many (> 50000) bins....

by New Member in

Can lookups be made conditional on the value of a field?

Is it possible to make a lookup run only when the value of a field is null or some other value? Thx. Craig

by Communicator in

90th percentile search results

I need to get average 90th percentile of my results from response time. let say if there are 200 data points; I ne...

by Path Finder in

Dispatch limited to 10000 when outputting a CSV via Python

If dispatch is used via Python rather than any saved search for a query and that query uses outputcsv the results are...

by Path Finder in

How do I make wildcard search work for begins with or ends with searches?

I have a defined field that I'm trying to perform searches against with wild cards, so given the texts: text2searc...

by Engager in

Nested transforms and extractions

I am struggling to figure this out. Here is my situation: 1) I have a tab delimited data file. I have defined a tr...

by Path Finder in

n-level nested transform and extraction

I am trying to do the following: Define a transform 1 in ./apps/search/local/transforms.conf. This creates 4 field...

by Path Finder in

Help with extracting fields using numeric range

I am trying to create a field extraction for events where a plugin_id field matches a range of numbers. This searc...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Summarizing results of a search by system

Relative time using date_mday and date_wday in search syntax

How Can I customize Time

How to extract several fields?

keys with many values

Calculate the difference between the event time and that in a field

Search command to track file deletion in Windows?

How can I find out the length of a line in a log file?

Fieldpicker is killing me

will splunk do this for me?

How to configure search-time fields

How do I remove negative numbers from an eval?

error in timechart command and too many bins

Can lookups be made conditional on the value of a field?

90th percentile search results

Dispatch limited to 10000 when outputting a CSV via Python

How do I make wildcard search work for begins with or ends with searches?

Nested transforms and extractions

n-level nested transform and extraction

Help with extracting fields using numeric range

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

How to Add Datamodel Fields in Search and Reportin...

Check lookup table for old/expired entries

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats

splunk search statement using keyword from input b...