Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Splunk Search
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Find Answers
- :
- Using Splunk
- :
- Splunk Search
- :
- How to edit my search to filter out a certain resu...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:28 AM
Hi everybody!
In a Splunk Dashboard, I created a Bar Panel with this:
* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
That's works fine! But I don't want to have the Property "U8_DOCUMENTTITLE" in my result....
So I have to change that:
stats count(U*) as U*
How can I ask "U* without U8_DOCUMENTTITLE" ?
Thanks to help me 😉
1 Solution
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanoconnor
Builder
07-08-2016
05:32 AM
can you exclude anything that that field in your first search term?
* NOT U8_DOCUMENTTITLE=* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
Or exclude it in the middle:
* | stats count(U*) as U* | transpose |search column!=U8_DOCUMENTTITLE |rename column AS Property "row 1" AS Count | SORT -Count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
sundareshr
Legend
07-08-2016
05:38 AM
Try this
* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count | search Property !="U8_DOCUMENTTITLE"
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:45 AM
Hi Sundareshr!
Thanks for your answer, that 's work too, but Ryan was so fast 😉
Have a good day!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
ryanoconnor
Builder
07-08-2016
05:32 AM
can you exclude anything that that field in your first search term?
* NOT U8_DOCUMENTTITLE=* | stats count(U*) as U* | transpose | rename column AS Property "row 1" AS Count | SORT -Count
Or exclude it in the middle:
* | stats count(U*) as U* | transpose |search column!=U8_DOCUMENTTITLE |rename column AS Property "row 1" AS Count | SORT -Count
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yzimmer
New Member
07-08-2016
05:43 AM
Hi Ryan!
Thanks a lot for your answer!
This code doesn't work:
* NOT U8_DOCUMENTTITLE=*
But this code works perfectly :
search column!=U1708_DOCUMENTTITLE
Thanks for your help!
Get Updates on the Splunk Community!
Dashboards: Hiding charts while search is being executed and other uses for tokens
There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...
Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...
This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...
Brains, Bytes, and Boston: Learn from the Best at .conf25
When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
