Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
matt

Can I alert when the value of a field changes?

I've got an application that logs status events. The values in these events generally will not change. Is there a s...
by matt Splunk Employee Splunk Employee in Splunk Search 01-27-2010
1 1
1
1
dinh

Error on using eval in a subsearch

What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<ReqI...
by dinh Path Finder in Splunk Search 01-27-2010
0 5
0
5
Johnvey

How do I search for a single specific event?

Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by Johnvey Contributor in Splunk Search 01-25-2010
1 3
1
3
Mick

I know the data is in the index, why didn't my scheduled search find all of the events?

I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search bac...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-22-2010
2 1
2
1
Justin_Grant

suppressing adjacent events with duplicate field values

I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by Justin_Grant Contributor in Splunk Search 01-22-2010
0 2
0
2
Mick

Will having lots of extracted fields increase my index size?

I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 1
2
1
matt

How do I share all of the field extractions defined in a given app with all other apps?

I need to share all of the field extractions in my app with all of the other apps on the system. What is the most ef...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 5
2
5
matt

What is the format of the Sources.data file?

$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this: ...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
1 2
1
2
Justin_Grant

Feature Request: troubleshooting/debugging for field extraction config files

[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by Justin_Grant Contributor in Splunk Search 01-20-2010
18 2
18
2
jrodman

Finalize action for searchscript?

I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operatio...
by jrodman Splunk Employee Splunk Employee in Splunk Search 01-15-2010
2 2
2
2
V_at_Splunk

how to tell if I have multiline events?

Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.
by V_at_Splunk Splunk Employee Splunk Employee in Splunk Search 01-14-2010
1 2
1
2
Top Labels
Get Updates on the Splunk Community!

Finding Based Detections General Availability

Overview  We’ve come a long way, folks, but here in Enterprise Security 8.4 I’m happy to announce Finding ...

Get Your Hands Dirty (and Your Shoes Comfy): The Splunk Experience

Hands-On Learning and Technical Seminars  Sometimes, you just need to see the code. For those looking for a ...

What’s New in Splunk Observability Cloud: January Feature Highlights & Deep Dives

Splunk Observability Cloud continues to evolve, empowering engineering and operations teams with advanced ...
Top Solution Authors
View All