Splunk Search

Discussions

Thread Info

Regex - Browser search

I need to be able to find our users that are using the Safari browser. The user agent string looks something like thi...

by New Member in

Internal Server Error trying to retrieve search results from custom module

When my module tries to retrieve results from a search launched by a user, it produces this error: GET http:/...

by Explorer in

Aliases for "host" field?

Greetings, At the moment due to various sources/sourcetypes, as well as historical hostname changes we have a lot ...

by Explorer in

Use subsearch results as data in outer search

Hi I have a subsearch which searches for certain events (suspicious requests that sometimes happen after a user ha...

by Engager in

Subsearch question

I have a large search: search index="XXX" which has host as field. This includes data for two locations. I need...

by New Member in

How can i convert time values stored in epoch seconds to human readable values in splunk?

For example I've got some values coming in such as, how can i convert the time value to a field within splunk convert...

by Splunk Employee in

Complex Query question

I am sending my sonic wall data to splunk via syslog. I am trying to get a report to show me how many open connection...

by Engager in

Identifying users with activity in two different time periods

I'm trying to identify the source of a performance slow down that has occurred twice over the last two days. Each slo...

by Path Finder in

Display count for multiple time increments

I have log data that tracks the completion of jobs. I'd like to be able to track the completed jobs, but for 4 differ...

by Explorer in

Search never finishes

I'm trying to run a search for a large number (45) of suspect IP addresses. The search runs for 12 hours or more but ...

by Communicator in

Read a file using Splunk without indexing it?

I thought there was a way (command) that would users with the right permissions to read a file on the Splunk filesyst...

by Champion in

Max Response Time

In my application the SystemOut logs from the Websphere logs are sent to Splunk Server. In these logs i have a log st...

by New Member in

WindDHCP app returning no result

I have installed the app and faithfully followed the instructions provided but I still see no result when I try to la...

by Explorer in

Finding length of time that a field remains the same.

I've got some logs where a certain field ('randomletter') is normally X, but occasionally changes to Y (or even Z!) ...

by Communicator in

Props.conf and LINE_BREAKER Regex

I have created a regex; (\d+)(:)(\d+)(:)(\d+)(\.)(\d+) To act as my LINE_BREAKER in the props conf file for an...

by Champion in

Transactions/Stats?

I have a log file that contains multiple fields that are time oriented fields. The fields in this instance are the st...

by Explorer in

regex and rex issue advise for extraction of http headers

Trying to do an inline regex on the snip of log below. The item that I am trying to extract is the hostname admin.tes...

by Path Finder in

Permissions for index access

We are running the new splunk universal forwarder on an application server. It has the standard setup to recursively ...

by Path Finder in

limiting the scope of index=* in a metadata search

I am using this search: | metadata index=* type=hosts | eval age = now()-lastTime | where age > (2*86400) | sort a...

by Motivator in

How can I do extract fields through the CLI?

Hi, I'm trying to do this search "sourcetype="MySQL" | multikv fields Variable_name Value | search Variable_name="...

by New Member in

Splunk and Drilling down into Charts

Hi I am using a Pie chart and I want to be able to drill down into see the results, but when I try this, I get the...

by New Member in

Search for events in a specific time range

I have data eg. as follows :- rectype=031 OMD_StrtTime_002="Wed Jul 20 02:59:59 2011" OMD_Endtime_003="Wed Jul 20 ...

by Explorer in

How to write a seach query with 2 searches

I need to know how to write a search query with 2 searches where the second search takes the value of the field, IP a...

by Explorer in

Adding field to results of count querry

How would I add field x to the results of count(y) as z so that the results are x z count(y)? I know it is simple but...

by Explorer in

Reporting the number of events in an index

I want to report the number of events in a given index using a scheduled overnight report and send the PDF output to ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Regex - Browser search

Internal Server Error trying to retrieve search results from custom module

Aliases for "host" field?

Use subsearch results as data in outer search

Subsearch question

How can i convert time values stored in epoch seconds to human readable values in splunk?

Complex Query question

Identifying users with activity in two different time periods

Display count for multiple time increments

Search never finishes

Read a file using Splunk without indexing it?

Max Response Time

WindDHCP app returning no result

Finding length of time that a field remains the same.

Props.conf and LINE_BREAKER Regex

Transactions/Stats?

regex and rex issue advise for extraction of http headers

Permissions for index access

limiting the scope of index=* in a metadata search

How can I do extract fields through the CLI?

Splunk and Drilling down into Charts

Search for events in a specific time range

How to write a seach query with 2 searches

Adding field to results of count querry

Reporting the number of events in an index

Splunk at Cisco Live 2025: Learning, Innovation, and a Little Bit of Mr. Brightside

Splunk App Dev Community Updates – What’s New and What’s Next

The Latest Cisco Integrations With Splunk Platform!

MLTK - What algorithm should I use?

How to show the line when its value is NULL with ...

Search for triggered save searches and their actio...

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions