Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

how to customize panel width in a row ?

how do I customize or adjust width of panel ? my sample code <row> <panel> <title></title> <html> <p> ...

by New Member in

We are receving messages on captain in search head cluster like “The maximum number of concurrent historical scheduled searches on this cluster has been reached”. Any inputs on this ?

number of searchheads in cluster including captain are 6. Splunk version is 6.6.5

by Communicator in

Show up result only if its continuously coming up for 'n' number of days?

I have created a query related to account lockouts, but my criteria is if user is continuously coming over last 3 day...

by Communicator in

how to get items from a large json file?

Hi everyone I´m new in splunk ,I need to get items from a json file but when i search in my file i see this in man...

by New Member in

using multiselect to concatenate fields into a compound key

We have a dashboard where the user can select multiple in a multiselect input field. Those values correspond to colum...

by Path Finder in

Excel Like Pivot Table

I'm trying to figure out how to build an excel-like pivot table using 3 or more columns. As example, I have this data...

by New Member in

If i have 3 column in lookup table like column "A" has 10 entries column "B" has 5 entries and column "C" has 2 entries how can i match in search

if i have 3 fields A,B,C and i need to match all entries for that fields index=main |search [|inputlookup abc.csv | f...

by Loves-to-Learn in

Multi level table

Hi, I am trying to build a multi-level pivot table in SPLUNK, where you can have multiple rows under one another l...

by Explorer in

Multivalue xml field extraction

Hi Splunkers, Part of the incoming xml data looks like this, <metaDataSet> <metaData key="DocName">...

by Explorer in

How to filter a dashboard search based on a date field that is not the default _time field?

Hello, I am having trouble setting up a dashboard to filter based on a date field which isn't the default _time fi...

by Explorer in

How to group by a by Title?

Hi guys!! I have this search: index=temp sourcetype=sdc cs_host="*mto.ree.*" WT_dl=0 NOT (cs_uri_stem ="*/es-e...

by Engager in

Comparing multivalue field with single value field (v6.5.2)

I was looking for a way to input multiple text inputs on a dashboard and searching the inputs against a single value ...

by Path Finder in

On-Premises documentation server

I run Splunk Enterprise in a distributed cluster architecture, in an offline environment that is completely disconnec...

by Path Finder in

Average command vs count and average command

Maybe im just bad in mathematics. but why does splunk docs always take the count of events and then the avg of events...

by Communicator in

Add a blank row in the table

I have a search which would give me a table of results and at the end the total count of columns. I want a blank line...

by Explorer in

Source Workstation shows random IP

Hi there, I'm looking into why one of our users is getting locked out, but when I run a search to try to find out the...

by New Member in

how to Configure positional timestamp extraction in log using RegEx?

hi All, Am trying to extract the time stamp inside event as index time. We have similar sourcetype of logs from 4 ...

by Explorer in

Help with ending search for rex expression

Hi All - I am using the below query index=ABC "XYZ"| rex field=_raw "\"code\":\"(?.*)\"" | stats count by errorcod...

by Explorer in

Calculate totals and then sort based on a field and separate out results

accountId: 12345678 action: Test publishId: 123 or 456 tile: Tile1 How can I get this result: [accountID that has...

by New Member in

Insert a heading between rows and customise it.?

How can I add a heading between two rows , my each row on dashboard has three panels . and can i customize it ?

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

how to customize panel width in a row ?

We are receving messages on captain in search head cluster like “The maximum number of concurrent historical scheduled searches on this cluster has been reached”. Any inputs on this ?

Show up result only if its continuously coming up for 'n' number of days?

how to get items from a large json file?

using multiselect to concatenate fields into a compound key

Excel Like Pivot Table

If i have 3 column in lookup table like column "A" has 10 entries column "B" has 5 entries and column "C" has 2 entries how can i match in search

Multi level table

Multivalue xml field extraction

How to filter a dashboard search based on a date field that is not the default _time field?

How to group by a by Title?

Comparing multivalue field with single value field (v6.5.2)

On-Premises documentation server

Average command vs count and average command

Add a blank row in the table

Source Workstation shows random IP

how to Configure positional timestamp extraction in log using RegEx?

Help with ending search for rex expression

Calculate totals and then sort based on a field and separate out results

Insert a heading between rows and customise it.?

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...