Splunk Search

Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Community Activity
Log_wrangler

Keep specific events and discard the rest (PART 2)

Hi, I followed previous instructions and successfully was able to keep only ERROR and WARN logs and "discard the re...
by Log_wrangler Builder in Splunk Search 05-11-2018
0 2
0
2
sai_john

How to find difference between (Today's logins) and (Average logins of that particular week day for last 30days) by hour?

I need to calculate difference between (TodayLogins-AverageLogins of that particular weekday). For that I have calcu...
by sai_john New Member in Splunk Search 05-11-2018
0 3
0
3
cmak

How to remove empty buckets in timechart

When I plot a timechart, there are some empty buckets, which causes a gap in my graph. This happens if I have no data...
by cmak Contributor in Splunk Search 05-11-2018
1 6
1
6
rakesh_498115

rex help??

hi.. how can i tell splunk to pick the first occurence of regular expression from a single event.i have written a re...
by rakesh_498115 Motivator in Splunk Search 05-11-2018
1 8
1
8
funlearning321

Splunk forwarder log monitoring for unspecified stanzas

Hello, can i please whether the splunk will monitor the logs which are not absolutely specified . For example , i ha...
by funlearning321 New Member in Splunk Search 05-11-2018
0 3
0
3
paddygriffin

Is the append command's default maxout=50000 also the maximum limit, or can I override this with a larger number?

Using an append command, it seems I can successfully set the maxout to a number less than 50000, but not increase it ...
by paddygriffin Path Finder in Splunk Search 05-11-2018
0 8
0
8
rndp89

i need and when a splunk agent goes down or stops

i have 30 servers, out of which I want to monitor splunk agents of only 4 servers i have the following query. index...
by rndp89 Explorer in Splunk Search 05-11-2018
0 2
0
2
radekpitr

Join fields of different events

Hello All, I would need help to join two efferent events together and create one table with all information from bot...
by radekpitr New Member in Splunk Search 05-11-2018
0 6
0
6
ronnybruska

Addtotals - Percentage of 2 total fields as new field

Hi there, i created a table: Date | Value1 | Value2 | Percentage The last line should be: "total" | total of Valu...
by ronnybruska New Member in Splunk Search 05-11-2018
0 2
0
2
garujoey

How to rex multiple lines

Hi there, I am a newbie in Splunk and trying to do some search using the rex. The log body is like: blah blah Dest...
by garujoey Engager in Splunk Search 05-10-2018
0 6
0
6
mjones414

need to replace the value of a field only when other values are present from other fields

I'm trying to add more specific data to a particular field by replacing it with another value when other conditions e...
by mjones414 Contributor in Splunk Search 05-10-2018
0 1
0
1
Splunk_rocks

How to configure props and transforms.conf based on the rex extractions in my sample search?

I need to construct props and transforms for below sample search. index=blaa sourcetype=my_source | rex field=X__Ed...
by Splunk_rocks Path Finder in Splunk Search 05-10-2018
0 11
0
11
santosh_hb

File will not be read, seekptr checksum did not match. Last time we saw this initcrc, filename was different. You may wish to use larger initCrcLen for this sourcetype, or a CRC salt on this source.

I am getting the following error due to which, the log file is not getting indexed daily. Log file name is like: db...
by santosh_hb Explorer in Splunk Search 05-10-2018
0 5
0
5
brdr

How to use the timechart command to get a certain amount of time span in custom field?

I have a lookup table with 3 fields: host, user, p_time The events in the lookup table will contain 12 months of dat...
by brdr Contributor in Splunk Search 05-10-2018
1 6
1
6
jon_d_irish_ctr

How to highlight values from the iplocation command?

I want to setup a search that determines which countries have connected to my network over the past "x" hours, and th...
by jon_d_irish_ctr Path Finder in Splunk Search 05-10-2018
0 7
0
7
skallaje

Missing Fields in events for specific log entries in a log file

So, I have this following format for my log entries. FIELD1-FIELD2-FIELD3-FIELD4-FIELD5-FIELD6 and logs are like .....
by skallaje Engager in Splunk Search 05-10-2018
0 2
0
2
macadminrohit

Regex not working event after validating in regex101.com

This is my regex : Test Name\","value":"(?.*)},{"key" and my test string is : {"key":"Test Name","value":"GET:Corp...
by macadminrohit Contributor in Splunk Search 05-10-2018
0 4
0
4
vrmandadi

how to extract month date and year and save in a new field from _time

I am trying to do field extraction from the _time only the month,date and year but just not getting it.I know strftim...
by vrmandadi Builder in Splunk Search 05-10-2018
0 7
0
7
vikramyadav

How do I filter successful events since I am getting too many?

When I login I get too many logon events. How do I filter successful events? This is the query:- index="wineventlog"...
by vikramyadav Contributor in Splunk Search 05-10-2018
2 1
2
1
jyotirmayee_tri

Why am I getting duplicate logs from a particular index?

I am getting duplicate logs from particular index , please let me know how to rectify this.
by jyotirmayee_tri New Member in Splunk Search 05-10-2018
0 1
0
1
oliverj

How to get all users searches and lookups synchronized to both search heads?

I have 2 sites configured with a multisite cluster. Site 1: Indexer, manager, independent search head. Site 1: Indexe...
by oliverj Communicator in Splunk Search 05-10-2018
0 5
0
5
RRajneesh

How to replace/remove a specific character?

Hi, I have the below output : "(|01/01/16|01/01/18|01/05/18|04/02/18|05/01/17|05/05/16|05/08/17|)" The desired ou...
by RRajneesh New Member in Splunk Search 05-10-2018
0 4
0
4
sarwshai

What's wrong with this eval statement? Getting 'Error in 'eval' command: The expression is malformed. Expected ). ' Error.

This is the eval statement i am using along with case but getting error. eval total=case(critical>0 AND high>0,criti...
by sarwshai Communicator in Splunk Search 05-10-2018
0 10
0
10
aamirs291

Alternatives to Lookup

Everyone, The events on splunk for me have data in the following format : ticket_num,actual_start_time,finish_time...
by aamirs291 Path Finder in Splunk Search 05-10-2018
0 5
0
5
wvalente

Configure timespan bucket

Hi guys, I have to configure the timespan to roll data to warm, cold and frozen. The question is: How can configur...
by wvalente Explorer in Splunk Search 05-10-2018
0 4
0
4
Top Labels
Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas

Why Splunk Customers Should Attend Cisco Live 2026 Las Vegas     Cisco Live 2026 is almost here, and this ...

Data Management Digest – May 2026

Welcome to the May 2026 edition of Data Management Digest!   As your trusted partner in data innovation, the ...