Splunk Search

Ask a Question

Discussions

Thread Info

Why are log events indexed from GZip archive with a specified source type missing extracted fields?

Hi there, I have a custom source type (papertrail) that is a tab delimited source and have verified it works corre...

by Engager in

What exactly is Archiver (Archiving large_file) doing?

In splunkd.log we see: 01-31-2019 12:38:03.683 -0800 INFO Archiver - Archiving large_file=/opt/splunk/etc/apps/sea...

by Champion in

Can I have an accelerated search summary for 1 year if the index retention time is set to 90?

I am attempting to come up with a solution to hold log data for 180 days for data within an index that has a retentio...

by Engager in

how can i do to make this events into Splunk?

hello team! We have this logs comming in a port 10162 (say that this is a kind of "syslog" but it comes with a lot...

by Path Finder in

allow-custom-value doesn't work in Splunk 7.2.3

I've built a custom alert action with a UI. One of my inputs is dynamic, and populated from a splunk search. Here is ...

by Explorer in

Restrict results by count > 30?

This is my query: index=mtickets MovieRating=R CustomerAge<17 | stats count by MovieName Can I restrict the res...

by New Member in

Inner Join Returns Different Results When Reversing Search Order

Been working on a proof of concept that seems to be eluding me. From my work with SQL I would expect that an Inner Jo...

by New Member in

Problem with token eval I am trying to rest one hour to fiel1latest

What I am doing wrong, I am trying to rest one hour to fiel1latest <label>otro</label> <fieldset submitButto...

by New Member in

Using the Send to File app, why am I getting the following error?: "No such file or directory" error

Hello @Damien Dallimore - I am using your app Send to File and see the following errors in the View log events. T...

by New Member in

Unfamiliar Syntax in Query

I have a query, written by someone else, that I'm trying to understand: tstats count as count sum(sessionLength) as v...

by Explorer in

not getting the time difference

Hi splunkers, i m trying to calculate the time differece in minutes between the two fields sla_time and FILE_ARRIV...

by Explorer in

How do you find the properties/metadata of a lookup file via REST API?

We have certain automated lookup files, which get updated by various feeds. Any chance to get the properties of these...

by Super Champion in

Gauge not showing numbers over a billion

Morning all is there a way to show over 1 billion on a gauge without out it converting to 1E etc, Thanks

by Path Finder in

Is the following calculation possible ?

I'm currently generating an AvgTime of processing cycles in a thread within a 5 min duration and writing these out to...

by Path Finder in

Indexing salt on ID value

Hello, I'm looking for a way to not index an event if the ID is already in the index. The log will have this fo...

by Explorer in

Comparing matching fields in macro

Hi, I would like to display results if both user and src_user field is match but it shows an "unbalanced parenthes...

by New Member in

How do you add search results to an existing lookup?

i have a table that has 30 columns and some rows, table 1 column1 column2 ---------- column30 ww xx ------------...

by Path Finder in

How do we fetch events after getting stats on the events , and we have no more of the events in the results?

Hi, I'm trying to filter on the logs of spring boot application. I want to calculate the time that a POST request...

by Explorer in

How do I rename a field I don't know the name of or will be different into something I know e.g. X

How do I rename a field I don't know the name of or will be different into something I know e.g. X?? So, Imagine I...

by Motivator in

How do you discard events from the cron.log?

On my universal forwarder, I have a repeated entry in my cron.log file that I would like to discard. However, I am no...

by New Member in

Issues with Joining: Maybe there is a better way?

We have the following search that stopped working: | tstats summariesonly=true sum(everything.rawlen) as rawBytes ...

by Contributor in

Basic search doesn't return consistent data

I'm doing a simple query into splunk to retrieve some data: index=my_index |table source,host I've also put a s...

by Engager in

Reloading Index everytime

Hello Experts, We are having an issue where we have an DB connect to connect to oracle database and getting the da...

by New Member in

Can you help us build a query that removes null values from a table?

Hi guys, Our search query is like this LogName=Application SourceName=Script | rex "Days Remaining: (?.*)days" ...

by Path Finder in

extract _raw to field

Team, When I search for particular sourcetype, source and index I want to have one interesting field may be called as...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are log events indexed from GZip archive with a specified source type missing extracted fields?

What exactly is Archiver (Archiving large_file) doing?

Can I have an accelerated search summary for 1 year if the index retention time is set to 90?

how can i do to make this events into Splunk?

allow-custom-value doesn't work in Splunk 7.2.3

Restrict results by count > 30?

Inner Join Returns Different Results When Reversing Search Order

Problem with token eval I am trying to rest one hour to fiel1latest

Using the Send to File app, why am I getting the following error?: "No such file or directory" error

Unfamiliar Syntax in Query

not getting the time difference

How do you find the properties/metadata of a lookup file via REST API?

Gauge not showing numbers over a billion

Is the following calculation possible ?

Indexing salt on ID value

Comparing matching fields in macro

How do you add search results to an existing lookup?

How do we fetch events after getting stats on the events , and we have no more of the events in the results?

How do I rename a field I don't know the name of or will be different into something I know e.g. X

How do you discard events from the cron.log?

Issues with Joining: Maybe there is a better way?

Basic search doesn't return consistent data

Reloading Index everytime

Can you help us build a query that removes null values from a table?

extract _raw to field

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

Splunk Observability for AI

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions