Splunk Search

Ask a Question

Discussions

Thread Info

Why is the Memory Tracker not working as expected?

Hi Splunkers, We have set search_process_memory_usage_threshold to 3GB, but noticed that searches are terminated w...

by Path Finder in

How do you bucket two events starting using a timespan that starts with the first event?

My question is a mix of using the transaction command with the bin command. What I would like to achieve is captu...

by Explorer in

How do you make a multiple cumulative time series?

I can make mulitple summed time series. source="splunk-source" | timechart sum(figure) as figure by category I...

by Engager in

How do you create a table with each row being a log and every column being a recognized "Interesting Field"?

I was wondering if there is an easy way to create a table that contains every single recognized interesting field ins...

by Explorer in

How do you combine data from two source types based on common values?

Hi there, I have a question regarding source types. I have 2 source types "A" and "B". "A" has a field called "aaa...

by Explorer in

How do you create a table with each row being a log and every column being a recognized "Interesting Field"?

I was wondering if there is an easy way to create a table that contains every single recognized interesting field ins...

by Explorer in

How can we add the first event to all existing event as a matedata?

Here is the case , I have an huge XML file . In which i have extracted the events based on the tags.So i have the 3 t...

by Explorer in

Splunk App for Unix and missing jquery-1.6.2.js

Hi, I just installed splunk and the Splunk App for Unix. The app can find the data as it can be seen in teh preview. ...

by New Member in

Could you help me use rex to extract end value extensions from field values?

I have field values with the below formats and I need to extract the end value extensions like (cjs, js ..,etc) from ...

by Path Finder in

How do I use a look up to check to see if I'm getting logs from hosts that are in a CSV?

Dears, I'm trying to use a lookup for Splunk to read a file and tell me if I'm collecting the logs to the host of ...

by Explorer in

How to extract XML attribute names and corresponding values using spath?

Hi Could you please help me on the below request? I would like to extract fields like RETURNMESSAGE, ORIGINALFILEN...

by Explorer in

Can you help me with my xyseries custom sorting query?

I want the results of the following query to be sorted by orders I declare. For some reason, it does not work so I mi...

by Path Finder in

How to write a search that uses eval to show the difference between two assignment groups?

I am attempting to write a search which uses eval show the difference between two assignment groups. A number of assi...

by Path Finder in

How to get earliest and latest time in splunk Java SDK

I am using Splunk Java SDK. Using the below code setting the earliest and latest time. SavedSearchDispatchArgs ...

by Communicator in

Can you help me with summary index field issue?

Hello, I have created a scheduled search which populates a summary index from a custom index. My main custom in...

by Explorer in

How to join two tables where the key is named differently and must be cleaned up first?

I'm new, have had no training. I have two distinct logs from same index and sourcetype. In the first log I want to fi...

by Engager in

How to get the time duration between two scenarios?

Hey all, I wanted to see if someone can help me out with this. Basically im trying to get a duration for the time ...

by Loves-to-Learn Lots in

Can you help me create a search query that would make a dynamic comparison of yesterday's data to last week's?

I wrote the following query for today's comparison with last week: index = abc App_Name=xyz earliest=-0d@d latest=...

by Explorer in

Can you help me find the highest time difference between the following log entries?

I have a use-case where i need to find which process took more time during the execution. I don't have sufficient log...

by New Member in

Why is the field I have extracted not shown and not available for search?

I extracted three fields. The data is \\VMMSNEWPALM2SER\Process(TIDC.Imports)\% Privileged Time, ,0,0,0,0,0,0,0,0,...

by Path Finder in

Will you help me fix my license usage by host query?

Hello All, I am using Splunk version 7.1.0 for the Distributed Management Console (DMC) and I want to calculate th...

by Builder in

How do you extract all values for respective fields from multi line event?

I have below event in my log which is output of a single command. TIMESTAMP=2018-09-11T06:47:56|HOSTNAME=a9tvdb152...

by Communicator in

How to record/calculate the duration of overlapping transactions

I have a transaction overlap issue. The output below is my data from search query with a transaction command. Here is...

by Path Finder in

Why is my below search throwing the following error: "Predict Error: Too few data points: -5." ?

The search below throws the error whenever there are more than two hosts searched for.: command="predict", Too few da...

by Path Finder in

How to do a real-time search with inputcsv?

Per the real-time search documentation, you cannot use inputcsv in a real-time search. I'm looking to display real-ti...

by Motivator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is the Memory Tracker not working as expected?

How do you bucket two events starting using a timespan that starts with the first event?

How do you make a multiple cumulative time series?

How do you create a table with each row being a log and every column being a recognized "Interesting Field"?

How do you combine data from two source types based on common values?

How do you create a table with each row being a log and every column being a recognized "Interesting Field"?

How can we add the first event to all existing event as a matedata?

Splunk App for Unix and missing jquery-1.6.2.js

Could you help me use rex to extract end value extensions from field values?

How do I use a look up to check to see if I'm getting logs from hosts that are in a CSV?

How to extract XML attribute names and corresponding values using spath?

Can you help me with my xyseries custom sorting query?

How to write a search that uses eval to show the difference between two assignment groups?

How to get earliest and latest time in splunk Java SDK

Can you help me with summary index field issue?

How to join two tables where the key is named differently and must be cleaned up first?

How to get the time duration between two scenarios?

Can you help me create a search query that would make a dynamic comparison of yesterday's data to last week's?

Can you help me find the highest time difference between the following log entries?

Why is the field I have extracted not shown and not available for search?

Will you help me fix my license usage by host query?

How do you extract all values for respective fields from multi line event?

How to record/calculate the duration of overlapping transactions

Why is my below search throwing the following error: "Predict Error: Too few data points: -5." ?

How to do a real-time search with inputcsv?

Monitoring Amazon Elastic Kubernetes Service (EKS)

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

Explore the Latest Educational Offerings from Splunk (November Releases)

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...

ジョブを消しても復活する現象について

splunk threat intelligence taxii data

Splunk DB connect add-on InfluxDB 2.6