Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
coleman07

When do you put a | (pipe) as the first character in a search

I have noticed several search commands which are preceded by a pipe character with no input left of the pipe. For exa...
by coleman07 Path Finder in Splunk Search 01-19-2019
2 5
2
5
sdubey_splunk

Want to confine splunk process running on servers as required by our audit. How to achieve?

Issue: Splunk is running as unconfiged daemon ps -eZ | egrep "initrc" | egrep -vw "tr|ps|egrep|bash|awk" | tr ':' ' ...
by sdubey_splunk Splunk Employee Splunk Employee in Splunk Search 01-19-2019
0 1
0
1
vkrishnachand

i want to iterate values a field from one source type and compare each values with set of values in another field of different sourcetype

Hi I have two sourcetype A and B where sourcetype A has field A1 and sourcetype B has field B1. My base query is ...
by vkrishnachand New Member in Splunk Search 01-18-2019
0 1
0
1
hpendela

Count of values in a multi-value field

Log lines: k1=doesn't matter, k2=doesn't matter, k3=[v3, v4] k1=doesn't matter, k2=doesn't matter, k3=[v5, v4, v6] k...
by hpendela New Member in Splunk Search 01-18-2019
0 2
0
2
jpawloski

Setting several independent AND/OR conditions on single search

I'm running a search against a single index and sourcetype for events that have slightly different data. I want to se...
by jpawloski Path Finder in Splunk Search 01-18-2019
0 4
0
4
nick405060

How can I condense this data into distinct session times? [Easy-ish search question]

Data: user Source_Network_Address session_start session_end bob 10.0.0.1 ...
by nick405060 Motivator in Splunk Search 01-18-2019
0 3
0
3
ryhluc01

How do you return a table of a value by a department and then display it by how many days ago it occurred ?

I need to return a table of a value by a department and then display it by how many days ago it occurred (Very Impor...
by ryhluc01 Communicator in Splunk Search 01-18-2019
0 8
0
8
amylala

How to add an SLA line overlay in a column chart?

I want to show TP99 in a column chart, and add a line to show SLA. Here is the chart I want: But the following is ...
by amylala Explorer in Splunk Search 01-18-2019
0 7
0
7
rey123

How to sum a column's values along multiple categories, then display the summed column along with the category which contributed the largest value in that category, all in the same row?

I have the following data: A B C Pkg Area ...
by rey123 Path Finder in Splunk Search 01-18-2019
0 5
0
5
Kendo213

Search Question

I'm building out a dashboard to identify VPN issues in our environment. The issue with the search below is that thos...
by Kendo213 Communicator in Splunk Search 01-18-2019
1 1
1
1
asp82

How do you use an inputlookup to search through all event fields?

I have a one column lookup. I want to see if any of the values in the lookup appear in ANY field of my events. And I ...
by asp82 New Member in Splunk Search 01-18-2019
0 2
0
2
dhirendra761

How do you make a table based on a match between field and lookup?

Hi All, My base search has a "tags" field, which contains 10 values. Another lookupfile has the the same column tags...
by dhirendra761 Contributor in Splunk Search 01-18-2019
0 2
0
2
jl23

Can you help me find the location of a session?

I’m examining server logs where, for each session, there are several events. I’m trying to discover the country from ...
by jl23 New Member in Splunk Search 01-18-2019
0 1
0
1
nishantkumar007

What is scheduler log event status=Continued ?

We have a log of saved searches working simultaneously in our search head. Around 70% of which are resulting status= ...
by nishantkumar007 New Member in Splunk Search 01-18-2019
0 2
0
2
sclary

How can I set a conditional time range if the token date range doesn't fit my need?

I have a dashboard with 3 elements using the time input at the top to drive the search results. One of the three elem...
by sclary New Member in Splunk Search 01-18-2019
0 2
0
2
sukundur

multivalue in a sub search not working as expected.

I am trying to return multi value from a subsearch and use that value in a field (server_status) as "OUT" in the ma...
by sukundur Engager in Splunk Search 01-18-2019
0 6
0
6
nickcardenas

In a search, how would one count the number of times a value appears in a defined time segment over a longer period of time?

Hi everybody, The search I'm trying to create is to alert possible brute force attacks using WindowEventLogs. I'd...
by nickcardenas Path Finder in Splunk Search 01-18-2019
0 2
0
2
tombar62

Suche alle user mit gleicher From: Adresse

Hallo, kann ich alle user mit From=*@domain.de finden, bei denen folgende Bedingungen zutreffen *@domain.de> -> *@dom...
by tombar62 New Member in Splunk Search 01-18-2019
0 1
0
1
fengl2

can I show less characters in my result table

I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole...
by fengl2 Explorer in Splunk Search 01-18-2019
1 2
1
2
mukesh2019

How do you extract a string from field _raw?

Hi , I am trying to extract info from the _raw result of my Splunk query. Currently my _raw result is: _raw="Servic...
by mukesh2019 Explorer in Splunk Search 01-18-2019
0 3
0
3
kcchu01

Field extraction with escaped character or control character

Hello, my user tried to feed in the CSV like log file in the Splunk and I have asked to do the field extraction. With...
by kcchu01 Explorer in Splunk Search 01-18-2019
0 2
0
2
anilyelmar

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with the same name '__mv_Calling_Station_Identifier' (col #xx and #xxx, #xxx will be ignored)

How Splunk admin can find a search executed by user which causing SearchResults - Corrupt csv header, 2 columns with ...
by anilyelmar Explorer in Splunk Search 01-18-2019
0 2
0
2
sbhale

Link srtemp to dashboard or search

I get some occurrences of directories in srtemp which are a few hundred gigs in size. Is there a way to link those di...
by sbhale Explorer in Splunk Search 01-18-2019
2 2
2
2
johnsmithcy

"how to cancel the data source"

the host monitoring keep fetching the CPU data. I want to cancel the date source
by johnsmithcy Path Finder in Splunk Search 01-18-2019
0 7
0
7
johnsmithcy

how to cancel the monitoring job

i am new to splunk. I have created a job to monitoring localhost performance. How can I delete the monitoring job and...
by johnsmithcy Path Finder in Splunk Search 01-18-2019
0 8
0
8
Top Labels
Get Updates on the Splunk Community!

Deep insights, no barriers: Splunk Observability Cloud Free Edition

As software delivery cycles continue to accelerate, observability shouldn’t be a luxury — it should be a ...

Monitoring AI Agents with Splunk Observability Cloud

Let’s say I’m running a travel planning AI app in production. A user asks for three concise hotel options in ...

[Puzzles] Solve, Learn, Repeat: Tiling

This puzzle (first published here) is based on finding groups of tessellated tiles (inspired by floor tiles I ...
Top Solution Authors
View All