Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
dinh

Error on using eval in a subsearch

What is wrong with the way I'm using eval here? source="/some.audit.log" "End" "/foo/baz" | rex field=_raw "(?P<ReqI...
by dinh Path Finder in Splunk Search 01-27-2010
0 5
0
5
Johnvey

How do I search for a single specific event?

Sometimes I come across an event in my index that I'd like to refer to later, either as part of an investigation or t...
by Johnvey Contributor in Splunk Search 01-25-2010
1 3
1
3
Mick

I know the data is in the index, why didn't my scheduled search find all of the events?

I have a saved seach setup to check every minute for file changes. I have the start time set for [-1m] to search bac...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-22-2010
2 1
2
1
Justin_Grant

suppressing adjacent events with duplicate field values

I have a log which often has redundant events, where "redundant" is defined as 2+ events, on subsequent lines, where ...
by Justin_Grant Contributor in Splunk Search 01-22-2010
0 2
0
2
Mick

Will having lots of extracted fields increase my index size?

I need to understand how adding fields to raw data will increase our index size growth. We are in the process of addi...
by Mick Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 1
2
1
matt

How do I share all of the field extractions defined in a given app with all other apps?

I need to share all of the field extractions in my app with all of the other apps on the system. What is the most ef...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
2 5
2
5
matt

What is the format of the Sources.data file?

$SPLUNK_HOME/var/lib/splunk/defaultdb/db/Sources.data On a fresh install I see this file has something like this: ...
by matt Splunk Employee Splunk Employee in Splunk Search 01-21-2010
1 2
1
2
Justin_Grant

Feature Request: troubleshooting/debugging for field extraction config files

[UPDATE: from the answer below, it sounds like what I'm looking for is not supported in the product today. I'm tackin...
by Justin_Grant Contributor in Splunk Search 01-20-2010
18 2
18
2
jrodman

Finalize action for searchscript?

I wrote a search operator that takes actions external to splunk. It has to take an action to 'complete' its operatio...
by jrodman Splunk Employee Splunk Employee in Splunk Search 01-15-2010
2 2
2
2
V_at_Splunk

how to tell if I have multiline events?

Because wc -l of the input doesn't match my event count, and I'm trying to troubleshoot.
by V_at_Splunk Splunk Employee Splunk Employee in Splunk Search 01-14-2010
1 2
1
2
Top Labels
Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Guide: Isolated OpenTelemetry Tracing for Multiple WARs in WildFly

Isolating Telemetry Boundaries: How to Trace Multiple WARs as Separate Services in One WildFly JVM   Executive ...

Painting a Clearer Picture: Creating Cross-Domain Visibility with AI Canvas

    Thursday, June 25, 2026  |  11AM PDT / 2PM EDT  Duration: 1 Hour (Includes live Q&A) Register to ...