Splunk Search

Discussions

Thread Info

Are transitive lookups supported?

I am looking to take the results of one lookup and use that as input to another lookup for the same data source. Is t...

by Splunk Employee in

Goal Funnel Analysis in Splunk

How would I query for transactions that first went to page A, and then page B? For one use case, I'm looking at go...

by Engager in

How to extract multiple records from 1 log message

I am having trouble extract the data from an apache log. Below is one message from the log, there is some header info...

by New Member in

Quality differences between distributions when usind pdfserver in Splunk.

Hi I have installed the pdfserver 1.2 on a SLES10 SP2 box and an Ubuntu 10.04 box. Both installations are running ...

by Explorer in

Lookup Table - only send email if the Event is NOT on the Lookup Table list

If I have a lookup table with the following information in it (see below), how do I send an email if the "event" foun...

by Communicator in

Splunk says lookup table doesn't exist, but it does

Here is my transforms.conf for the lookup table in question: [ossim_plugins] filename = ossim_plugins.csv max_matc...

by Communicator in

Looking at AFP logs

So, question relating to pulling useful data out of AFP (Apple File Protocol) logs on the server. A line in the l...

by Path Finder in

How do I index a value thats not in the message?

I'm currently collecting logs on a lightweight forwarder. I'm adding a special field to the messages which I'd like t...

by Communicator in

Time chart - Multiple specific field values possible?

Hello all, I'm trying to create a report that compares the number of transactions (from the same system) between d...

by Path Finder in

Help creating a specific kind of table layout

I'm trying to generate a table that is a count of things by the 12 months of the year. For instance, the chart might ...

by Explorer in

Problems extracting field with multiple values

I am trying to parse a bunch of Nessus vulnerability plugin files and extract the CVE and OSVDB reference IDs from ea...

by Communicator in

What would cause the "date_*" fields to be missing from an event?

Can anyone tell me the reasons why timestartpos, timeendpos, and all the date_* fields would be missing from an event...

by Super Champion in

Extracting field values from a single line inside a multi-line transaction group

Hello, to begin here is a sample of the data I am working with, they are events grouped using the transaction command...

by Builder in

Difficult SMTP log search. Help!

I'm trying to come up with a search that would help me find emails that share the same subject line but the IP addres...

by Communicator in

How to count the difference in a rolling number in events across multiple hosts?

The following example events are indexed by Splunk: Dec 1 00:47:58 serverName data-collector[1234]: #A_RECV# 1234,...

by Splunk Employee in

Is it possible for an external lookup to match on either of two fields rather than both?

I'm trying to create a dashboard that will add vulnerability data from OSVDB to the results of a Nessus scan. I've cr...

by Communicator in

Question about analyzefields search command

The analyzefields seems to be interesting in its ability to correlate across multiple fields, but I cannot determine ...

by Communicator in

Is it possible to use lookup tables that don't have a header row?

I'm working with a number of files in a CSV comma delimited format that don't contain header rows. Is it possible to ...

by Communicator in

Lookup table performance question

I am experimenting with some searches that will need to do lookups on some fairly big tables (30 MB or more). I'm won...

by Communicator in

Search using Stats, String Dates, Counts and Sorting

What I am trying to do is to get a listing of the last 7 days (that logs were entered - not necessarily the last 7 ca...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Are transitive lookups supported?

Goal Funnel Analysis in Splunk

How to extract multiple records from 1 log message

Quality differences between distributions when usind pdfserver in Splunk.

Lookup Table - only send email if the Event is NOT on the Lookup Table list

Splunk says lookup table doesn't exist, but it does

Looking at AFP logs

How do I index a value thats not in the message?

Time chart - Multiple specific field values possible?

Help creating a specific kind of table layout

Problems extracting field with multiple values

What would cause the "date_*" fields to be missing from an event?

Extracting field values from a single line inside a multi-line transaction group

Difficult SMTP log search. Help!

How to count the difference in a rolling number in events across multiple hosts?

Is it possible for an external lookup to match on either of two fields rather than both?

Question about analyzefields search command

Is it possible to use lookup tables that don't have a header row?

Lookup table performance question

Search using Stats, String Dates, Counts and Sorting

Splunk Observability Cloud | Customer Survey!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

Starting With Observability: OpenTelemetry Best Practices

Check lookup table for old/expired entries

search event even in achive data (cold etc.)

Exclude unwanted apps from web-logs

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats