Splunk Search

Discussions

Thread Info

After saving my search as a report on the dashboard, why is the chart data incomplete?

We have data like this: TestPath 200 202 500 302 /test/v1 51 0 0 0 /t...

by Path Finder in

Having a search trigger another search

Is there a way to trigger another search from a search? What I have is a syslog search for traffic on a router. The o...

by Communicator in

Wildcard search not working on splunk search bar.

When I try to search for hostname (ks75rhel) typing it in the search bar, I'm not getting any results. I tried the fo...

by Builder in

Why am I getting regex error "unrecognized character" with my current rex syntax?

Hello Everyone, I have a problem with Splunk 6.3 when I am trying to run the rex statement: | rex "WTIDCCN[-_]\...

by Explorer in

How to configure Splunk to extract fields from XML tags?

Hi! I know there are many topics on XML field extractions, but did not see one that matches my requirement! I r...

by Splunk Employee in

Convert negative seconds to duration

I have a column of seconds, some of which are negative (representing an outage). I want to use tostring(duration, "du...

by Path Finder in

How to match IPs from two different sources, count the number of matches, and extract another value from the matching events?

Hello, I have two different types of data inputs, both having a field that represents an IP (let's call the list o...

by New Member in

How to edit my search to add a trend line to a Splunk line chart?

Hi, I'm trying to add a trend line to my splunk line chart, but no trend line is appearing. Original search str...

by New Member in

How to Convert epoch time to human readable format?

Hi everyone, I have the following event: "... src=218.2.3.256 act=block app=ips rt=1433065461040 ...." The rt f...

by Path Finder in

Why is my search to create a range of values not returning any results?

Hello, I'm trying to run this search in order to range the values: index=prod GetClientStateNotFound | rex "Acc...

by Path Finder in

How to write a search to calculate percentages for success and failure rates from my user log data?

I am trying to write a search that reports the percentage of total users impacted from log data. // All users wil...

by Path Finder in

Can I control which y-axis is on the left and which is on the right?

Can I control which y-axis is on the left and which is on the right? for instance in the below can i have percent...

by Motivator in

How to search Splunk API from a remote host with Forwarder installed via CLI with user and password

If you wish to Search the API via command line (using the Splunk Binary included in the Forwarder package for example...

by Engager in

How to merge 2 messages into 1 message?

Hi, Is there a way to merge 2 messages into 1 message? For example I have a sequence of messages: TestingData n...

by New Member in

Why is _time for my events showing a 1 hour difference compared to the _raw data?

Hi , Here is my requirement: In my search, _time is showing 1 hour difference to _raw. Why it is _time is not p...

by Explorer in

How to replace multiple column/field names with a `(` with an `_` underscore

I have a search that gives me a number of columns in the stats field. max(col1) max(col2) ... 1 2 ... Can I r...

by Motivator in

Is it bad practice to have fields with high values in them?

I'm going through the limits.conf specs to see what the defaulted fields are and noticed that the default for max val...

by SplunkTrust in

How to make multivalue comparisons against multivalue fields without mvexpand?

I have an alert designed to examine Windows event logs (event 560 or 4663) for file access by unauthorized users. The...

by Path Finder in

Can I control earliest and latest date using fixed dates?

I have 2 searches that I am appending that looks something like search1 | append [search search2] and basicall...

by Motivator in

Can I control earliest and latest date using fixed dates ?

I have 2 searches that I am appending that looks something like search1 | append [search search2] and basical...

by Motivator in

Splunk Search

Discussions

After saving my search as a report on the dashboard, why is the chart data incomplete?

Having a search trigger another search

Wildcard search not working on splunk search bar.

Why am I getting regex error "unrecognized character" with my current rex syntax?

How to configure Splunk to extract fields from XML tags?

Convert negative seconds to duration

How to match IPs from two different sources, count the number of matches, and extract another value from the matching events?

How to edit my search to add a trend line to a Splunk line chart?

How to Convert epoch time to human readable format?

Why is my search to create a range of values not returning any results?

How to write a search to calculate percentages for success and failure rates from my user log data?

Can I control which y-axis is on the left and which is on the right?

How to search Splunk API from a remote host with Forwarder installed via CLI with user and password

How to merge 2 messages into 1 message?

Why is _time for my events showing a 1 hour difference compared to the _raw data?

How to replace multiple column/field names with a `(` with an `_` underscore

Is it bad practice to have fields with high values in them?

How to make multivalue comparisons against multivalue fields without mvexpand?

Can I control earliest and latest date using fixed dates?

Can I control earliest and latest date using fixed dates ?

Best approach for comparing multiple search result...

Search to display for list of applications to whic...

Why is "stats" not working for the default "compon...

I need to get a kvstore lookup from my ES search h...

Creating a Splunk Alert Rule for Anomoly's detecte...