Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Community Activity
dinh

Error on using eval in a subsearch

What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<ReqI...
by dinh Path Finder in Splunk Search 01-27-2010
0 5
0
5
Johnvey

How do I search for a single specific event?

Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by Johnvey Contributor in Splunk Search 01-25-2010
1 3
1
3
Mick

I know the data is in the index, why didn't my scheduled search find all of the events?

I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search bac...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-22-2010
2 1
2
1
Justin_Grant

suppressing adjacent events with duplicate field values

I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by Justin_Grant Contributor in Splunk Search 01-22-2010
0 2
0
2
Mick

Will having lots of extracted fields increase my index size?

I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 1
2
1
matt

How do I share all of the field extractions defined in a given app with all other apps?

I need to share all of the field extractions in my app with all of the other apps on the system. What is the most ef...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 5
2
5
matt

What is the format of the Sources.data file?

$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this: ...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
1 2
1
2
Justin_Grant

Feature Request: troubleshooting/debugging for field extraction config files

[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by Justin_Grant Contributor in Splunk Search 01-20-2010
18 2
18
2
jrodman

Finalize action for searchscript?

I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operatio...
by jrodman Splunk Employee Splunk Employee in Splunk Search 01-15-2010
2 2
2
2
V_at_Splunk

how to tell if I have multiline events?

Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.
by V_at_Splunk Splunk Employee Splunk Employee in Splunk Search 01-14-2010
1 2
1
2
Top Labels
Get Updates on the Splunk Community!

Print, Leak, Repeat: UEBA Insider Threats You Can't Ignore

Are you ready to uncover the threats hiding in plain sight? Join us for "Print, Leak, Repeat: UEBA Insider ...

Splunk MCP & Agentic AI: Machine Data Without Limits

  Discover how the Splunk Model Context Protocol (MCP) Server can revolutionize the way your organization ...

See Splunk Platform & Observability Innovations at Cisco Live EMEA

Hi Splunkers, Learn about what’s next for Splunk Platform at Cisco Live EMEA.  Data silos are a big challenge ...
Top Solution Authors
View All