Splunk Search

Community Activity

Are there any lint type tools for the Splunk SPL? As part of a testing plan, we would like to have a tool check syntax of our block of Splunk queries. Are there any ... by miburo Explorer in Splunk Search 01-06-2020 1 2	1	2
Is there any way to customize the default list of data fields collected by Splunk Mint iOS SDK? We are using Splunk Mint SDK in our iOS app. By default it collects a lot of fields listed here - https://docs.splunk... by gorbikvv New Member in Splunk Search 01-06-2020 0 0	0	0
How can I find out the average run time of a query? Based on Can I see the top skipped searches? I got a couple of offending queries, with a message such as - The maxim... by danielbb Motivator in Splunk Search 01-06-2020 0 3	0	3
Chart not sorting dates the way I would expect Hello everyone, I have a self-service dashboard running in our Splunk Cloud V6.2 environment which displays indexed... by jeck11 Path Finder in Splunk Search 01-06-2020 0 0	0	0
How to optimize a subsearch with a wide range? I have a subsearch that I use to determine the first occurrence of the issue logged. I currently have an earliest=-4d... by lmzheng Explorer in Splunk Search 01-06-2020 0 3	0	3
Exporting search results to Amazon S3 buckets How can I export my search results or send alert results to an AWS S3 bucket? by Vijeta Influencer in Splunk Search 01-06-2020 0 1	0	1
Search '!=' does not work after upgrading to Splunk 8 Anybody else having issues with search operator '!=' after upgrading to Splunk Enterprise 8? My search is index=myi... by girtsgr Explorer in Splunk Search 01-06-2020 2 17	2	17
Charting Assistance I'm having an issue with a visualization. Works fine if I don't try to do the fancy eval but won't plot out in visual... by yepyepyayyooo New Member in Splunk Search 01-06-2020 0 5	0	5
How many concurrent searches are possible in Splunk Cloud? Hello, I am considering migrating an environment to Splunk Cloud. How many concurrent searches are possible in the ... by LWilliamson1 Explorer in Splunk Search 01-06-2020 0 6	0	6
Combine result from 2 queries into same bar chart I see such questions are frequently asked on this forum, but I still don't get a clear picture yet. I have my first ... by hardywang Explorer in Splunk Search 01-06-2020 0 4	0	4
Compare field value from different sourcetypes to list the value of the third field Hi All, i have 2 files indexed as 2 different source types. In Sourcetype1 i created: 1. Field1 presents the value o... by mardix86 New Member in Splunk Search 01-06-2020 0 1	0	1
Using 'by' clause overrides 'limit'? I have used the following source="C:\Users\spali\Downloads\products\*" host="DESKTOP-K35HBNT" \| top product_name pri... by palisetty Communicator in Splunk Search 01-06-2020 0 2	0	2
How to extract the same URL with dynamic values such as Session ID,CategoryID? I want to group all the URL with dynamic values such as sessionid , category id ,etc, and display as 1 URL with count... by raghul1117 New Member in Splunk Search 01-06-2020 0 2	0	2
Can I see the top skipped searches? Is there a way to categorize the skipped searches by volume, by time of invocation, etc? We are trying to understand ... by danielbb Motivator in Splunk Search 01-05-2020 0 5	0	5
How can I find the related search job to an error message in splunkd.log Hi, we have an error message in splunkd.log. Error Message: "Invalid value "*" for time term 'earliest'" It happe... by dietertaucher New Member in Splunk Search 01-05-2020 0 1	0	1
what's max # events I can have timestamped with a particular second? millisecond? If that limit is breached, what will stop working? Is there a way to raise the limit? Merged question: I'm running... by V_at_Splunk Splunk Employee in Splunk Search 01-05-2020 6 15	6	15
Your search did not return any events because you are in Smart Mode. @gcusello @richgalloway @woodcock Your search did not return any events because you are in Smart Mode. In what all s... by palisetty Communicator in Splunk Search 01-04-2020 0 2	0	2
REST vs. Normal Search What is the difference between a normal search in Splunk and a search that incorporates the REST command? by itsmevic Communicator in Splunk Search 01-03-2020 0 4	0	4
timechart and verbose mode Why does when we run timechart, search mode changes to verbose? I ran this with smart mode and suddenly see it in ver... by palisetty Communicator in Splunk Search 01-03-2020 0 1	0	1
How to change color of row after column has a certain value? I'm somewhat new to Splunk. I have a dashboard displaying a table with data. I have code that fills in the columns ... by bmendez0428 Explorer in Splunk Search 01-03-2020 0 2	0	2
Why dedup when we have stats values function @gcusello @woodcock @richgalloway Why do we need two functions for the same functionality? 'dedup' displays unique v... by palisetty Communicator in Splunk Search 01-03-2020 0 2	0	2
Get daily event count with reference to a field called "TIME_CREATED" rather than using index time Tried to use the below query but unfortunately events are grouped with reference to _time index=omi_UAT host=* sour... by anz999 Loves-to-Learn Lots in Splunk Search 01-03-2020 0 3	0	3
Need Regex Hi Please help me with the regex for below 1) Hostname 2) IP address 3) UserID (for eg: vijay_111) 4) mail id by VijaySrrie Builder in Splunk Search 01-03-2020 0 5	0	5
comparing data from index and input table Hi Everyone, Thanks for your support too. I have indexed data of staff events from a source. One field in that da... by 60150134 New Member in Splunk Search 01-03-2020 0 1	0	1
Change value of field at index time based on condition Hi, I am wondering if its possible t change value of field based on condition at index time. For example: If the l... by shayhibah Path Finder in Splunk Search 01-03-2020 0 3	0	3