Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Hot folder does not index some files

Good morning everyone I'm having trouble crawling multiple files at once. Today I copied 100 files and placed them...

by New Member in

Can Splunk charts display a logrythmic Axis?

Hi, Is there an option for Splunk to display chart axis logrythmically? I don't see an option in the standard char...

by Champion in

How do you add a blank row after each unique host in search results?

I have a search statement in a customized dashboard to show the disk utilization of my servers. I would like to add a...

by Engager in

Need to hide data in DB connect

Hi Team, I have 2 sources & have 12 months of data in DB connect app , Can we hide particular month of data in DB ...

by Communicator in

Query substring of value stored in token

I have a $token$ with value 192.168.25.2. How do I perform a query for all addresses that have 192.168.25.* excluding...

by New Member in

Why is my search head sorting columns when displaying statistics/visualizations?

We have two search heads, one for general use and one for Enterprise Security. Any table/stats searches on the ES ...

by Communicator in

How do you extract an XML tag from _raw field?

Hi all, I'm new to Splunk and don't have much idea of regex. I'm trying to extract the content of "faultstring"...

by Explorer in

Can I exclude certain columns in a table from drilldown?

Hello, Basically, I just want to know if there is a way in the Splunk XML to exclude certain columns in a table fr...

by New Member in

Reindex a file on 3000 machines

All, I indexed a 30-line config file off all our Linux hosts. But accidentally used the wrong source-type and ind...

by Builder in

interesting regex

Hi, I have data that looks like this 2018-06-11 23:37:11,035 pool-10-thread-1 DEBUG c.i.w.i.s.WholesaleCVRServi...

by Motivator in

Dynamic eval if match from a list of values - foreach?

A standard eval if match example is below. Any ViewUrl value which starts with /company/.* has the entire string ...

by Contributor in

How do I get the timechart results for a summary index query?

I have a query which uses the summary index and some lookup tables with eval conditions and ends with... | chart ...

by Builder in

Multiple If Statements (Comparing Two Columns)

Hello, I have information being indexed from a website that does constant ping tests. The information that I am re...

by Explorer in

ID of the max value event

Hello! I have a table like this ID, OperationName, Duration 1, oper_x, 114 2, oper_x, 117 3, oper_c, 76 4, oper_z,...

by Explorer in

Splunk enterprise sizing with ES

Hello everybody, I am sizing hardware for splunk enterprise and enterprise security solution. We are designing that f...

by Explorer in

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

I have Cisco Networks App for Splunk Enterprise version 2.5.6 and Cisco Networks Add-on for Splunk Enterprise version...

by New Member in

How do you treat a variable value as another field with Splunk?

I have a field named "object_XXX_property", where XXX string is dynamically generated and is held in another field na...

by Explorer in

Help with slot time conditions

hi i use the request below but i have an issue with the relative_time: secondlastday=I dont want to have events af...

by Motivator in

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

I have: sourcetype_a` and`sourcetype_b Where one field message_ID exists in both source types. I want to lo...

by Engager in

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

Hi all, I have a CSV lookup file to map with one field in my indexed data. The search was working perfectly before, b...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Hot folder does not index some files

Can Splunk charts display a logrythmic Axis?

How do you add a blank row after each unique host in search results?

Need to hide data in DB connect

Query substring of value stored in token

Why is my search head sorting columns when displaying statistics/visualizations?

How do you extract an XML tag from _raw field?

Can I exclude certain columns in a table from drilldown?

Reindex a file on 3000 machines

interesting regex

Dynamic eval if match from a list of values - foreach?

How do I get the timechart results for a summary index query?

Multiple If Statements (Comparing Two Columns)

ID of the max value event

Splunk enterprise sizing with ES

How to Change Cisco SG350 Switch's sourcetype from syslog to cisco:ios?

How do you treat a variable value as another field with Splunk?

Help with slot time conditions

How do you correlate one field between two sources, and then if they match, find value from another field from the second source type?

[hdfsprovider] Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table

Dashboard Studio Challenge - Learn New Tricks, Showcase Your Skills, and Win Prizes!

Introducing Edge Processor: Next Gen Data Transformation

Take the 2021 Splunk Career Survey for $50 in Amazon Cash

Need to add date range to dashboard panel title s...

Will Splunk searches using lookup get affected if ...

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?