Splunk Search

Discussions

Thread Info

How do I edit my search to filter results using a CSV file?

Hi all, So I'm having trouble combining my search data and CSV data so that "Bundle" has to match "Bundle Version"...

by Path Finder in

I keep getting this "Max concurrent searches reached" error. What does it mean and how do I fix it?

On some of my dashboards, I get an error that says either "Max concurrent searches reached" or "Maximum concurrent sy...

by Splunk Employee in

How to separate multiple values from a single Windows event log entry?

An example of a SINGLE Windows application log event I'm looking at in my environment is: 09/09/2015 09:46:05 AM L...

by Path Finder in

How to search the difference between the stats output per field and fill "0" values in the stats output if an event does not exist?

I have two source files, SourceA and SourceB, representing different months e.g. logs from June and July Each sour...

by New Member in

How to create a timechart with multiple fields by their event count and rename their lines for the visualization?

I currently have a search that is appending two more searches to the original for a single line chart that will show ...

by Path Finder in

Host_Regex not working

Hello All, I know that there are lots of questions for host_regex not working. Here is mine. [monitor:///var/lo...

by Communicator in

How to add hours to _time for specific events using eval?

I need to add 3 hours to records which have SITE=1 and not change anything for other sites. I started with this, ...

by Explorer in

How to create a list of fields in a table with stats displayed on the Selected Fields sidebar, including rare 10 values, their counts, and percentages?

I want to take a list of fields and show the stats displayed on the Selected fields sidebar in a table. When we do...

by Motivator in

Why am I getting "Error in 'rex' command...Regex: missing )"?

Hello All, I am brand new to Splunk and can't for the life of me figure out what I am doing wrong. I would like to...

by Path Finder in

How to extract these individual fields for iostat data?

I am having a difficult time extracting fields for data returned by iostat. Has anyone been able to extract these ind...

by Builder in

How to display the Interesting Fields in a custom search view using the Splunk web framework?

I'm using the web framework to create my own custom search view. However, from http://docs.splunk.com/DocumentationSt...

by New Member in

How to parse CEF files with key value pairs that contain white space?

Hello all! I am a Splunk "newb" when it comes to parsing out files for ingestion. Here is my situation. I have a ...

by Builder in

How can I use values in a table for a gauge?

Hi all, I have a search that returns a table with only one line and four int values. What I'd like to do, is to c...

by Path Finder in

How to incorporate a pattern into a search?

If I can see a pattern forming that will help me track users in my environment, how can I set up a search to serve th...

by New Member in

How to search the total distinct count on two different fields?

Hi, This is kind of a silly question, but currently my application is logging the session id as two separate field...

by Explorer in

What can I use instead of the join command for my search?

Hi, I would like to use something different instead of join index=test STATUS=Closed | stats dc(ID) as TOTAL b...

by Path Finder in

Why isn't my index available for search in a distributed search environment?

Hi to everyone I have a "Distributed Environment", with two indexers, and two search heads. In the Master Node Ind...

by Communicator in

Transforms.conf and props.conf field extractions

Hey fellow Splunker's. I am trying to figure out what i am doing wrong in the transforms.conf to create the proper fi...

by Contributor in

Week number and Month/Day of the begining of that week

I report on a count of events by week number, it displays like this: Week Number Count ----------- ...

by Motivator in

Why is my time search not showing expected results with a relative time picker input?

Hello everyone, Need your help. I have this dashboard to display some counter information for each host over a cer...

by Path Finder in

Splunk Search

Discussions

How do I edit my search to filter results using a CSV file?

I keep getting this "Max concurrent searches reached" error. What does it mean and how do I fix it?

How to separate multiple values from a single Windows event log entry?

How to search the difference between the stats output per field and fill "0" values in the stats output if an event does not exist?

How to create a timechart with multiple fields by their event count and rename their lines for the visualization?

Host_Regex not working

How to add hours to _time for specific events using eval?

How to create a list of fields in a table with stats displayed on the Selected Fields sidebar, including rare 10 values, their counts, and percentages?

Why am I getting "Error in 'rex' command...Regex: missing )"?

How to extract these individual fields for iostat data?

How to display the Interesting Fields in a custom search view using the Splunk web framework?

How to parse CEF files with key value pairs that contain white space?

How can I use values in a table for a gauge?

How to incorporate a pattern into a search?

How to search the total distinct count on two different fields?

What can I use instead of the join command for my search?

Why isn't my index available for search in a distributed search environment?

Transforms.conf and props.conf field extractions

Week number and Month/Day of the begining of that week

Why is my time search not showing expected results with a relative time picker input?

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >

Comparing the 2 string fields

Seeking help to create a dashboard for Antivirus a...

Haversine Issue

Missing seconds in Realtime query with 10ms span o...

Microsoft Office 365 Reporting Add-on not obeying ...

Splunk Search

Discussions

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.Find out what your skills are worth! Read the report >

Access the Splunk Careers Report to see real data that shows how Splunk mastery increases your value and job satisfaction.

Find out what your skills are worth!

Read the report >