Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to use a lookup to validate hosts against metadata

Hi, Is it possible to create a lookup, and then validate that data has been received from each host in the lookup ...

by Champion in

How do I get 3 fields on a timechart?

Hi, I have data that looks like this: REBOOTREASON,EVENTSUB_TYPE uc-keypad,etherLoss uc-keypad,etherLossRes uc-...

by Motivator in

How can I generate a search to find hosts which are missing a certain sourcetype?

I have a sourcetype which is a log created by the AV application on the host. I would like to find hosts which are mi...

by Path Finder in

Why Splunk is telling me that my eval expression is malformed?

I'm trying to evaluate the normal distribuiton's PDF into my search as follows: ... | eval prob=(1/sqrt(2*pi()*sig...

by Explorer in

Why is Regular Expression (Regex) grabbing digits in multiple cases?

I am trying to grab this response time **** info[[Path::/rest/motService][corRID::NAID-iOS-DFA65777-2339-4A0802F42...

by Contributor in

How to sort the items within a stacked bar chart by size?

I have created a search to produce a stacked bar chart: (each shop sells the same items but in different quantities) ...

by Path Finder in

Why does the C# SDK 2.0 only work when a query produces results?

Perhaps similar to: https://answers.splunk.com/answers/206372/enumerating-empty-searchresultstream-causes-invali-1...

by New Member in

How to run rex commands from CLI mode

I want to run Splunk query from the cmd prompt. It works just fine with basic error search, but when I tried with...

by Path Finder in

How to run different timerange in subsearch versus the original search?

Hi, I'm trying to execute this query: index=index_cbo [search index=index_cbo 12018955000155 "An error ocurred...

by Engager in

How to fetch results by grouping the fields with a condition like count>0?

Hi Team, I have fields like txn_id and txnchainid where txnchainid can have more than 1 txn_id like: Log 1: ......

by New Member in

How to edit my regular expression to extract the date and time from my sample data?

Hi, I have data that looks like this: "-" 10.30.28.1 "10.30.28.1" - - [09/Sep/2016:16:58:31 -0500] "GET /ICHeal...

by Motivator in

How to edit my subsearch syntax to combine the results of my two searches?

Thanks in advance for any assistance.. I am trying to create an alert that creates a table that shows sourceIP, co...

by Explorer in

How to filter my search to only count the users that visited each location at least N number of times?

We have a listing of travelers. Every event has the following two fields: USER and LOCATION. I need a search that ...

by Path Finder in

How can I get the subsearch results in the same row as the main search?

Hi, Please see the image below. I want to get shipcond=NEXTDAY in the first column also. How can I get that? Here,...

by Explorer in

why splunk doesn't resolve stats count on postprocess ?

when i try to run a stats count using postprocess splunk doesn't resolve the query search and i don't know why ? t...

by Contributor in

My search returns results but why does it not work as a query in my dashboard?

Hi, I have this query index=top10_1 source="*Account_Log*" OR source="*Arm_Disarm_Events*" OR source="*CPE_Comm...

by Motivator in

How to search unique values in 2 different indexes, compare them, and determine which values are missing from which index?

I've been racking my brain over multi-searches, subsearches, and a few other methods I harvested from Google and Splu...

by Communicator in

How to search a list of saved searches that are (historically) consuming high CPU, memory, and take a long time to execute?

I want a search that will list saved searches that are (historically) consuming high CPU, memory, and take a long tim...

by New Member in

I have a forwarder and indexer set up, but why am I unable to search logs from the search head?

I have a forwarder and an indexer. I see the app is deployed in the forwarder at location etc/apps/. Forwarders ar...

by Path Finder in

How can I use a source folder as a input token?

Hi guys! I have a bunch of test data in JSON files as my sources and they're structured in the following way: "/MyF...

by Explorer in

Splunk Search

Discussions

How to use a lookup to validate hosts against metadata

How do I get 3 fields on a timechart?

How can I generate a search to find hosts which are missing a certain sourcetype?

Why Splunk is telling me that my eval expression is malformed?

Why is Regular Expression (Regex) grabbing digits in multiple cases?

How to sort the items within a stacked bar chart by size?

Why does the C# SDK 2.0 only work when a query produces results?

How to run rex commands from CLI mode

How to run different timerange in subsearch versus the original search?

How to fetch results by grouping the fields with a condition like count>0?

How to edit my regular expression to extract the date and time from my sample data?

How to edit my subsearch syntax to combine the results of my two searches?

How to filter my search to only count the users that visited each location at least N number of times?

How can I get the subsearch results in the same row as the main search?

why splunk doesn't resolve stats count on postprocess ?

My search returns results but why does it not work as a query in my dashboard?

How to search unique values in 2 different indexes, compare them, and determine which values are missing from which index?

How to search a list of saved searches that are (historically) consuming high CPU, memory, and take a long time to execute?

I have a forwarder and indexer set up, but why am I unable to search logs from the search head?

How can I use a source folder as a input token?

Search That Looks Back in Time and Checks Fields

Generate timechart with normalized/rescaled data p...

mvexpand issues and alternative needed

Continue on dbxquery Failure

How to display a unit format and a color format in...