Splunk Search

Discussions

Thread Info

Issue with Splunk extracting escaped fields/values

Hi, I use the CEFUtils app to do search time field extractions of CEF formated events. The problem is that Splunk ...

by Path Finder in

Start and End time of a search

Hello everyone, I am having trouble getting my searches to run from 12:00 Am Sunday morning to 11:59:59PM on Saturday...

by Contributor in

Transforms on multiple indexes of XML sources with nested, duplicate keys

I would like to get a single report by combining data from 3 different data sources. However, I am running into a pro...

by New Member in

splunk "searches and reports" list more owners?

can I make this dropdown show all my owners?

by Path Finder in

incorrect number of events in search results when using sort command

Hi. When searching "index=sample | sort host", the search stopped at 10000 events. Is there a limit on number of even...

by Path Finder in

remove a blank line from a file

Hi , I would like to remove a blank line from a file based on certain fields If that field is blank, i will remove...

by Contributor in

if-else condition

Can I use like this : | eval a=if(Location!=" ",stat count by Location) but I am getting error.. actually I...

by Contributor in

Cannot change XAxis label on Splunk 4.3

under a Hidden chart Module the parameter for adding a label to the X Axis doesnt seem to work: <param name="prima...

by Builder in

How do I append text to my search results?

I want to append some text to the raw search results before I send off an e-mail. That e-mail should contain the raw ...

by Path Finder in

count the number of KEYWORD

Hi, I have a file which contains : HI bye HI hi BYE I would like to know how many HI is there in my file wh...

by Contributor in

How can i do the search in multiple indexes

Hi, How can I do search in multiple index. lets say I have 5 indexes and I want to do the same search in all the f...

by Contributor in

Splunk status/start commands giving an invalid status on crashed splunk forwarder

I've encountered the following with a crashed splunk forwarder running on 4.3.3 Linux 64-bit. Splunk says it’s run...

by Explorer in

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.

I created a look up table that does return all the fields if I use the search command: |inputlookup lookuptable ...

by Motivator in

What are possible search strategies to find most recent values of one or more fields?

Hi All I'm looking at the possible approaches to obtain events that contain the most recent values for one or more...

by Communicator in

STATS function

Hi, Is there a way to find out the max response time during a 30-minute bucket and its associated url from the web se...

by Builder in

How do I get mvcount to display 0 when no field exists?

Hi all, I have a search that looks something like this: foo | extract pairdelim="|;]}" kvdelim="=:" mv_add=true...

by Explorer in

Lookup query

hi for this ..|lookup keywords match output keyword where keywords.csv is my lookup whwre i need to put in in mycompu...

by New Member in

How to add time from drop down in GUI to search string automatically

In order to establish the search timeframe for Splunk there are 3 options that I know of. Use the dropdown to the ...

by Explorer in

Where to search my monitored indexed log

Hey guys, I have written some stuff in the inputs.conf file and the fschange stuff works but I can't find the log...

by Path Finder in

Building new events based on transactions at index time

Howdy, I've a load balancer which is happily sending event logs when certain events happen in a web app flow. It w...

by Path Finder in

Subtraction of the time duration

I used the below query and i got the following result source="ADFER"|transaction Taskaction startswith="START" end...

by Communicator in

Newbie Splunk Field Extraction Question

I have a log entry that looks like this. I am talked with coming up with a quick-and-dirty financial report to report...

by Engager in

Question on basic subtraction in time charts

Per below- my Total Configured_Space & Free_Space work great. timechart eval(sum(Logical_Capacity_Blocks) / 209715...

by Contributor in

How to identify a raw events splunk instance origin

Does anyone know how to identify the splunk instance from which a raw event was forwarded? Note: this could either be...

by Motivator in

Scheduled searches question

I have a dashboard with 10 single value boxes and I refresh it every minute. Every single value box search my indexes...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Issue with Splunk extracting escaped fields/values

Start and End time of a search

Transforms on multiple indexes of XML sources with nested, duplicate keys

splunk "searches and reports" list more owners?

incorrect number of events in search results when using sort command

remove a blank line from a file

if-else condition

Cannot change XAxis label on Splunk 4.3

How do I append text to my search results?

count the number of KEYWORD

How can i do the search in multiple indexes

Splunk status/start commands giving an invalid status on crashed splunk forwarder

Error in 'lookup' command: Could not find all of the specified lookup fields in the lookup table.

What are possible search strategies to find most recent values of one or more fields?

STATS function

How do I get mvcount to display 0 when no field exists?

Lookup query

How to add time from drop down in GUI to search string automatically

Where to search my monitored indexed log

Building new events based on transactions at index time

Subtraction of the time duration

Newbie Splunk Field Extraction Question

Question on basic subtraction in time charts

How to identify a raw events splunk instance origin

Scheduled searches question

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?

Proactively stream data to different index after C...

Write Splunk log with Laminas

Issues in multiselect input dropdown

Using splunk-sdk in user-defined functions in Spar...

Verification of SAML assertion using IDP's cert fa...