Splunk Search

Discussions

Thread Info

lookup is not working

I am doing it using GUI as i dont have server access. I have lookup file serverrole.csv host,role,environment A,X,pro...

by Communicator in

rex expression

I need to extract the account name from this snippet of a Windows security event log: Account For Which Logon Fail...

by Communicator in

How can I quantify the intermittent failure of a regular event?

My logs contain records of scheduled events. Sometimes the events fail, usually in 1 of 2 modes: systematic - once th...

by Path Finder in

Searching across multiple standalone indexers without data replication / indexer clustering

I have 6 different DCs with standalone Splunk ENT installed working as indexers and no replication for security reaso...

by Communicator in

validate a value base on the lookup

I have a csv lookup table like: item, expression a, "value>12 AND value<14" b, "value=1" c, "value!=111 " d, "value<1...

by Engager in

How to display a total count of results from an IP address instead of listing each event related to that IP?

Hi, I use Splunk at work and I've just downloaded Splunk Light to my personal server to test and learn. I've recen...

by Explorer in

How to modify my stats search to join multiple fields from three sources?

I have data coming in from three sources, with three different sets of fields: Source 1: Filename Source 2: Filena...

by Engager in

How to create a KV store that pulls events from an indexer?

Hi, I am trying to create a KV Store that pulls events from an indexer. It should display the Event, Log Line, Dom...

by Explorer in

Why are the second y-axis labels being overwritten by the original y-axis labels? (charting.axisY2.text displayed as charting.axisY.text)

The second y-axis labels are being overwritten by the original y-axis label. I can see the the correct label briefly,...

by Explorer in

How to extract dates from event results and compare them?

Hi, I've been doing lots of study on this, and now I am stuck.. hoping to get some insight here. I'm an absolute noob...

by New Member in

Search filter giving unexpected results

I have the following search: index=ironstream MFSOURCETYPE=SMF110 (SAPPLID=CSFBTP0* AND (TRAN=PA6* OR HOL* OR SMX*...

by Explorer in

I missed a field in my custom sourcetype

I am trying to add a field that I missed on my custom sourcetype. If I add it to the transforms.conf, the data (event...

by Path Finder in

Has anyone created a Splunk Chargeback Model that includes number of and performance heavy searches, not just data indexed and support costs?

We are currently working a chargeback model for our Splunk platform. At first glance we were thinking it would be fai...

by Explorer in

Splunk search query to list down all eventtypes

Can anyone please help me to write a search query, which lists down all eventtypes?

by New Member in

How to modify my search to make my field value case INSENSITIVE in an IF statement with a WILDCARD?

Hi, I want the "test" field to return a value of 1 for all events with the word "lookup" regardless of case. inde...

by Engager in

Bucket the data for the proper time chart for volume and response time

Hi using following query index=np_3cm sourcetype=3CM:QA:3cmlog CorrelationId ="*" communicationRequestHeader* Comm...

by Path Finder in

How to search the average of a distinct count by date_hour over the course of a quarter?

I'm looking to get some summary statistics by date_hour on the number of distinct users in our systems. Given a da...

by Explorer in

How do modify my search to get an average count of distinct users per day?

I have a search where I have total number of users and total number of events per day, but I also need to add a colum...

by Explorer in

Is it possible to set the _time field to have the value of another time field in my data?

We have the following - logTime 2016-04-06 06:12:32,251 UTC eventStartTime 2016-04-06 01:12:32.177 _time 2016-04-...

by Ultra Champion in

query on splunk for new error(exeption on server)

Hi, Requires a query that search for non-repetitive error/exception on server ie it will show only new error that ...

by New Member in

How do i get a list of all these concurrent searches?

I am trying to setup a summary and schedule it to run daily at 03.05a.m. as a cron job. But I get this error Your max...

by Motivator in

How to extract fields from XML data at search-time?

I have a .log file that I need to analyse using Splunk. The structure of the log data is as below <root> <ns0:...

by New Member in

Concurrent users per time bucket from transactions

The objective is take events that indicate user activity, breakdown the data into segments of time, and then figure o...

by Champion in

Issue with JSON event break regex

I've been asked to ingest some JSON logs for auditing purposes but I can't get the event breaking right. I'm pretty g...

by Path Finder in

How do I my get one search to populate multiple panels in a dashboard?

So I saw the documentation for global searches, but for the life of me, I can't get it to work. As you can see, ea...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

lookup is not working

rex expression

How can I quantify the intermittent failure of a regular event?

Searching across multiple standalone indexers without data replication / indexer clustering

validate a value base on the lookup

How to display a total count of results from an IP address instead of listing each event related to that IP?

How to modify my stats search to join multiple fields from three sources?

How to create a KV store that pulls events from an indexer?

Why are the second y-axis labels being overwritten by the original y-axis labels? (charting.axisY2.text displayed as charting.axisY.text)

How to extract dates from event results and compare them?

Search filter giving unexpected results

I missed a field in my custom sourcetype

Has anyone created a Splunk Chargeback Model that includes number of and performance heavy searches, not just data indexed and support costs?

Splunk search query to list down all eventtypes

How to modify my search to make my field value case INSENSITIVE in an IF statement with a WILDCARD?

Bucket the data for the proper time chart for volume and response time

How to search the average of a distinct count by date_hour over the course of a quarter?

How do modify my search to get an average count of distinct users per day?

Is it possible to set the _time field to have the value of another time field in my data?

query on splunk for new error(exeption on server)

How do i get a list of all these concurrent searches?

How to extract fields from XML data at search-time?

Concurrent users per time bucket from transactions

Issue with JSON event break regex

How do I my get one search to populate multiple panels in a dashboard?

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions