Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to edit my search to filter out a certain resu...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:28 AM
Hi everybody!
In a Splunk Dashboard, I created a Bar Panel with this:
* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
That's works fine! But I don't want to have the Property "U8_DOCUMENTTITLE" in my result....
So I have to change that:
stats count(U*) as U*
How can I ask "U* without U8_DOCUMENTTITLE" ?
Thanks to help me 😉
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanoconnor
Builder
07-08-2016
05:32 AM
can you exclude anything that that field in your first search term?
* NOT U8_DOCUMENTTITLE=* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
Or exclude it in the middle:
* | stats count(U*) as U* | transpose |search column!=U8_DOCUMENTTITLE |rename column AS Property "row 1" AS Count | SORT -Count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
07-08-2016
05:38 AM
Try this
* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count | search Property !="U8_DOCUMENTTITLE"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:45 AM
Hi Sundareshr!
Thanks for your answer, that 's work too, but Ryan was so fast 😉
Have a good day!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanoconnor
Builder
07-08-2016
05:32 AM
can you exclude anything that that field in your first search term?
* NOT U8_DOCUMENTTITLE=* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
Or exclude it in the middle:
* | stats count(U*) as U* | transpose |search column!=U8_DOCUMENTTITLE |rename column AS Property "row 1" AS Count | SORT -Count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:43 AM
Hi Ryan!
Thanks a lot for your answer!
This code doesn't work:
* NOT U8_DOCUMENTTITLE=*
But this code works perfectly :
search column!=U1708_DOCUMENTTITLE
Thanks for your help!
Get Updates on the Splunk Community!
Reduce and Transform Your Firewall Data with Splunk Data Management
Managing high-volume firewall data has always been a challenge. Noisy events and verbose traffic logs often ...
Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...
If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...
Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions
Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...
