Splunk Search

Discussions

Thread Info

How to join three searches

Hi, I have three different indexes with a common field. I know how to use of the join command with two indexes wit...

by Path Finder in

How do I make a line graph with my timechart search?

This is a table I created using the timechart command. Now, I am trying to make a line graph with this information wi...

by Communicator in

Is there a performance advantage of using rex in a search versus saving it as an extracted field?

What is the advantage of using rex in a search V saving it as an extracted field? Example of using rex in a search...

by Motivator in

How to extract XML data from mixed content into one field for later use with spath?

I have a mixed output log that contains XML and non-XML data. I am looking to extract the XML data into a field that ...

by New Member in

Is there a way to disable the use of the splunk clean command?

We would like to have the splunk clean command unavailable to our Splunk administrators. The other idea would be to t...

by New Member in

How to create a table and align rows for related fields using stats?

Sorry for the lengthy question...... Here is what I am trying to achieve: For a event, containing the following da...

by Engager in

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

Hi All, source="/export/home/logs/access_log" | rex ".*?HTTP\/\d+\.\d+\" (?<status_code>\d+)"|chart count by statu...

by New Member in

How to pass Time span in Drill Down Graph

I have a parent graph showing maximum swap memory for all hosts. I have a drill down graph showing maximum swap me...

by Path Finder in

Why I am unable to accelerate this report?

Hi, I wonder whether someone may be able to help me please. I'm trying to get to grips with 'Report Acceleration' ...

by Motivator in

Use named backreference in the subsequent rex command

Hi All, Can you let me know how we can use a named backreference in the subsequent rex command? That is pass the v...

by Communicator in

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

More and more I'm getting reports of bad queries, or queries that don't match results from a separate run. In most ca...

by Influencer in

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Hello, I am trying to create a chart where each row has a different search. I am trying to obtain the completion t...

by Communicator in

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

Hi guys, I am fairly new to splunk, and I am trying to get it to monitor a couple of log files on some app servers...

by Communicator in

How to chart values over time

Hello What I am trying to do is to literally chart the values over time. Now the value can be anything. It can be ...

by Motivator in

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

This is designed to be a self answering question based on our experience. We've configured indexer clustering with...

by Motivator in

How to extract fields of variable length?

I am new to Splunk and am working with DTS Compliant formatted logs generated from Microsoft Network Policy Server an...

by New Member in

How to create a line graph where for each day, it displays the latest time?

Hello, I extracted the time with the variable TIME. I am trying to create a line graph where it shows the latest t...

by Communicator in

How to search for field values in a subsearch?

Little strange issue I got... I ingest files into an index. I want to add a yes/no field to my events, based on if th...

by Communicator in

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

I segregate my data using indexes for each group. I have a csv with a list of hosts that cross several indexes. I ...

by Motivator in

Different results same search

So we have both Snort and Sourcefire in our environment. I'm using a simple search to create a table of the top hits ...

by Builder in

Splunk Search

Discussions

How to join three searches

How do I make a line graph with my timechart search?

Is there a performance advantage of using rex in a search versus saving it as an extracted field?

How to extract XML data from mixed content into one field for later use with spath?

Is there a way to disable the use of the splunk clean command?

How to create a table and align rows for related fields using stats?

How do I edit my chart count search returning HTTP codes to filter out codes 200 and 301 from the list of results?

How to pass Time span in Drill Down Graph

Why I am unable to accelerate this report?

Use named backreference in the subsequent rex command

How do you handle copy-paste-induced search string invisible artifacts and address this with 500+ users?

How to create a chart in XML where each row has a different search and obtain the completion time based on a drop-down time input?

Monitoring several log files with a specified index, why are searches on the index in Splunk Web not returning any data?

How to chart values over time

I've configured indexer clustering with a replication and search factor of 2:2, why are we now seeing duplicate data in searches?

How to extract fields of variable length?

How to create a line graph where for each day, it displays the latest time?

How to search for field values in a subsearch?

How to create a fast report showing hosts, their indexes and lasttime using the metadata command and a lookup against a csv list of hosts?

Different results same search

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Transaction Startswith Endswith Not Grabbing Event...

Using field values from a lookup to modify other f...

Get a list of ID by date and compare with lookup f...

Large Json Array, Spath and stats

Trigger alert with condition that relies to an oth...

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >