Search

Atchyuth_P · ‎12-14-2022

Hi Team, Environment 1 - Search Head, 2-Indexers, 1 - Deployment Server, 1 - Heavy Forwarder, 1 -Cluster Master Problem Statement 1)I am unable to retrieve events when searching with index...

praveenvemuri · ‎03-08-2014

Hi I am trying to retrieve data from summary index and it is taking 300secs to retrieve 140000 events from 4 search peers. index=summaryindex earliest=-7d@d latest=now (240000 events t...

fatjoe · ‎05-17-2017

I have a search query which uses dedup to get the latest event from my source type. Search: sourcetype = MonitorLog | dedup Username | WHERE SecondsElapsed >= 300 Username, A...

Ledio_Ago · ‎03-30-2010

I able to retrieve Windows event logs from remote machines using WMI, and I'm also indexing local Windows event logs. I like to organize the events coming from the local system and from remote s...

Taruchit · ‎03-03-2023

...alues for all expected fields of the index. For example, in index4, I do not get data for field8 and field9. But, if I increase the number of events limit in head from 6000 to 10000, I get the data for t...

thesame · ‎08-03-2015

The metadata command does not work for virtual indexes used by Hunk. My goal is to get a list of values from items enclosed in ${}'s within the v-index path (which are extracted as fields). With t...

nicopelletier39 · ‎03-26-2023

...xx field2=yyyy filed3=uuu`(command) I've create a new index called misp where i would like to put the events that i retrieve from the search. For this i pipe the previous command with c...

Gilgalidd · ‎01-17-2014

Hello, I trying to retrieve all login/off/fail on my inderxer from UniversalForwarder filtered by Heavy forwarder : UF v5.0.5 (All Security logs) > HF v5.0.5 (Filtering only 4642/4625/4634 events...

TLAZO · ‎01-15-2016

Good morning, We have an splunk architecture with 2 Search Heads and 2 Indexers. This morning when our user tried to look for today's logs from the SearchHead, he could not retrieve any data. C...

chrismenke · ‎01-18-2016

We recently had an issue where Splunk services were up and running, but new data wasn't being indexed. I'd like to capture data on the LATEST EVENT or INDEXED count with HP SiteScope and report it t...

Search

Search the Community

Why am I unable to retrieve events when searching ...

Retrieving Summary Index Data

Scheduled alert to retrieve latest event indexed e...

How do I configure Splunk to index Windows Event L...

How to merge data for multiple Splunk queries and ...

How can I get a list of subdirectories from a virt...

Can't see any data in the index while they seem to...

WinEventLog:Security HeavyForwarder (filter and se...

Search Head not Getting latest events from Indexer

How do I monitor Splunk's latest event timestamp o...