Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why am I getting "maximum number of historical searches that can be run concurrently. current=10 maximum=10" for real time searches?

I am running Splunk 6.5 , and I have tried many things for hours, but am still getting: The system is approaching ...

by Explorer in

My two individual searches are working, but why am I unable to combine all extracted fields using append, appendcols, or join?

I have 2 jobs running daily (DailyDayJob, DailyNightJob) that logs to a common file. The logs are as given below: ...

by Path Finder in

How to create a report that displays stats count in a table for x days?

Sorry I am new to Splunk and wondering if can have the report that gives results in a table as below, data as : ...

by Explorer in

How to create a response time graph based on two timestamps?

I have a field in my logs that looks like this: Timestamp: 1477292160636560 1217 The first number is time at w...

by New Member in

How to correlate two JSON objects via a key-value pair?

Imagine there are thousands of JSON entries and I want to correlate object pairs via a key/value pair. Entry #44 ...

by Engager in

How to get my lookup search to return FieldC from a mylookup.csv on match of FieldA?

Hello All, I have a lookup called mylookup based on mylookup.csv containing 3 fields FieldA, FieldB and FieldC. I ...

by Path Finder in

Why does my strftime search not work between midnight and 10 am?

I have this real-time query with a 12 week back fill: host="<some host>" OR host="<some other host>" "<some se...

by New Member in

How to change how fields are sorted and displayed when they are extracted from an event?

I have a voice CDR being imported into splunk, i have indexed extractions working perfectly as its ultimately a CSV f...

by Path Finder in

Why does my Hunk search partially completes then displays message "ChunkedOutputStreamReader: Invalid transport header line"?

Hi, When I search for events from the virtual index, I start to receive events but the query only finishes partial...

by Builder in

Why am I unable to search event data for license_usage.log?

Hi Guys, I am unable to search the event data for license_usage.log , whereas I can see the log file getting updated ...

by Path Finder in

How to search and develop a chart for license usage by index over 2 days with column displaying the percent change?

Hi All, Does anyone have a search/report that shows all of your indexes with usage by day vs the previous day with...

by Path Finder in

How to edit my search to get the total count of two search queries?

I have the following query which gives me a Total count of 2 searches but after evaluating, I am not getting the Tota...

by Path Finder in

How can I write a search that shows just the first N characters of each line in my logs?

I have logs including some very long lines. To get overview of activity, I want to write a search that shows just the...

by Engager in

Why are my strftime searches not returning any results?

Simple question: both of these return null. Any idea why? | eval createDt1 = strftime("2013-03-22 11:22:33","%s") ...

by Explorer in

How to find value from lookup table dynamically by matching substring in field value?

Hi, I would like to know how to find value from lookup table dynamically by matching string in field value. For...

by New Member in

Display values inside the chart without mouse pop up

Hi all, Is there any possibility to show values inside the chart without bringing mouse over it. It should always ...

by Path Finder in

help with rex

Trying to evaluate the below: 1min=1;5min=1;60min=1;24hr=1 Below seem to be not working. Anything wrong with t...

by New Member in

rex usage in splunk

Hi, i am trying to create a pie chart with gives %age up and down time of a system. Splunk mines a log file with the ...

by Explorer in

How to calculate the sum of selected values by excluding other values in a multivalue field?

Hello, I would like to know how to calculate sum of selected values by excluding other values in a multivalue fiel...

by New Member in

How to edit my search in order to use the result from one calculation in another calculation?

Hi there, I am trying to calculate the percent of failure types by the total number of transactions (including whe...

by Explorer in

Splunk Search

Discussions

Why am I getting "maximum number of historical searches that can be run concurrently. current=10 maximum=10" for real time searches?

My two individual searches are working, but why am I unable to combine all extracted fields using append, appendcols, or join?

How to create a report that displays stats count in a table for x days?

How to create a response time graph based on two timestamps?

How to correlate two JSON objects via a key-value pair?

How to get my lookup search to return FieldC from a mylookup.csv on match of FieldA?

Why does my strftime search not work between midnight and 10 am?

How to change how fields are sorted and displayed when they are extracted from an event?

Why does my Hunk search partially completes then displays message "ChunkedOutputStreamReader: Invalid transport header line"?

Why am I unable to search event data for license_usage.log?

How to search and develop a chart for license usage by index over 2 days with column displaying the percent change?

How to edit my search to get the total count of two search queries?

How can I write a search that shows just the first N characters of each line in my logs?

Why are my strftime searches not returning any results?

How to find value from lookup table dynamically by matching substring in field value?

Display values inside the chart without mouse pop up

help with rex

rex usage in splunk

How to calculate the sum of selected values by excluding other values in a multivalue field?

How to edit my search in order to use the result from one calculation in another calculation?

finding percentage

Search Marcos

Error - In handler 'savedsearch': Expecting differ...

Windows Servers - High CPU usuage of process that ...

ldapfilter does not return all attributes