Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting chart error "The following options were specified but have no effect when a split-by clause is not provided:limit"?

JonoCoetzee
Engager
‎11-10-2015 04:48 AM

I'm trying to chart the top hits to a search while the rest are rolled up into an 'OTHER' column. Ideally I'd like the split to be based on a threshold value, otherwise setting the number of columns is fine. I've read through the docs on the chart function, tried a whole host of stuff, but I cannot get it right. One of the errors I keep getting is:

The following options were specified but have no effect when a split-by clause is not provided:limit

I also tried to set the wherethresh-comp parameter in chart function, but I'm not sure of the syntax and I couldn't get it to work either.

This is the search command I'm using:

* | regex "\b[AC]\d{6,8}\b" | rex "\b(?<emp_number>[AC]\d{6,8})\b" | chart count by emp_number
0 Karma
Reply

sundareshr
Legend
‎11-10-2015 09:44 AM

You need one for field - for example .. | chart limit=2 count over index by emp_number I'm using index only to give you an idea of why you're getting the error message.

0 Karma
Reply
Get Updates on the Splunk Community!

Splunk Observability for AI

Don’t miss out on an exciting Tech Talk on Splunk Observability for AI!Discover how Splunk’s agentic AI ...

🔐 Trust at Every Hop: How mTLS in Splunk Enterprise 10.0 Makes Security Simpler

From Idea to Implementation: Why Splunk Built mTLS into Splunk Enterprise 10.0  mTLS wasn’t just a checkbox ...

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...