Search

kcantrel · ‎12-16-2020

...creenshot of the search results when I just searched for " 60286da6ca69eb29 ". I want to find that "record" via "RayID= 60286da6ca69eb29 ". And really, I just want that record, that starts with t...

gerbert · ‎04-13-2021

Hi splunk community, I feel like this is a very basic question but I couldn't get it to work. I want to search my index for the last 7 days and want to group my results by hour of the day. So t...

markwymer · ‎12-29-2016

...re 270 results returned and when I check the 'Sourcetype' field on the left it does show that all 270 events are now in the new Sourcetype - ba.com:authentication:dob However, when I click on t...

jip31 · ‎01-26-2022

hi I use a basic search which returns results by site | stats count(x) as x, count(y) as y by site In a lookup I have also a site list | inputlookup site.csv...

gurkiratsingh · ‎04-02-2020

Hi so suppose in my results there are 2 logs that are being retrieved. There is a status message which is either true or false. I want the color to be set to green when both of them are true. What I...

inventsekar · ‎07-30-2019

...ocs, i feel like - instead of using a Splunk Search Head Cluster(SHC), this DFS concepts will be using the external compute engines(Apache Spark Core) and produce the similar results, thus by reducing t...

TAE2112 · ‎02-11-2015

...xpected results. While logged into the search head, when I search for data specific to data hosted by Indexer01, I receive the expected results. However, when I search for data hosted by I...

aashiqwork · ‎07-29-2020

...s enabled. In this scenario for correlation searches the tstats command looks into the tsidx file to get the search results. My question here is how Splunk scans multiple indexes in my case t...

mjones414 · ‎04-14-2016

...was executing. Therefore, search results might be incomplete. Hide errors. •[SearchPeer1] Streamed search execute failed because: Error in 'xmlkv' command: Cannot find program 'xmlkv' or s...

rereeser · ‎06-15-2012

...aving a search which goes that far back is impracticable (or at least impractical). My solution was to schedule a daily search which would save the results from the last 24 hours. After 3 months, f...

Search

Search the Community

Trouble getting a very basic search to work

group search results by hour of day

Basic Search with Sourcetype Filter Issue

help to display the difference between a search re...

Splunk search basic queries

Splunk Data Fabric Search(DFS) basics

Search head returning no results from peer

How Splunk Searches tsidx files in getting results

Running a basic search on XML formated events, why...

Graphing scheduled saved search results