Splunk Search

Discussions

Thread Info

Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"?

Hi folks, It seems that some searches take an inordinately long time. My search is pretty simple: index=McAfee ...

by Communicator in

Changing an app's name on Search Head Cluster

When changing an app's name via the Splunk web interface ('Manage Apps' > 'Edit Properties'), the app's name is only ...

by Engager in

Chart using span logs does not show the columns in range order

Hello, I am trying to chart some response time and wanted to use the log span as: index=myIndex "time_value" | cha...

by New Member in

How to display specific fields in statistics?

References to tutorial http://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Searchwithfieldlookups, sour...

by Path Finder in

How to split multiple values in a column and make into row

I have the following search result which has multiple values in a cell: I would like to format the result ...

by Path Finder in

Trying to use subsearch to filter records

Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get t...

by Path Finder in

How to generate a search that counts specific strings that occur in _raw data?

I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one of...

by Path Finder in

Do I need to use the join command to combine three searches (including one search with the transaction command)?

Hi, I'm trying to combine my three searches so I can see which users are logging in from multiple locations at one ti...

by Explorer in

How can I use transaction as a boolean to create a visualization in a timechart?

I'd like to create a visualization showing the connected state of a hand full of clients. We log connected state a...

by Explorer in

Lookup table for matching and non matching counts

I have a lookup table CSV file that has 50 usernames in a single column, and I want to sum the results count of the u...

by Engager in

Lookup table does not append value to event

I have a lookup table as below User IsMember user1 Yes user2 Yes user3 No I save the table as memberlist.csv save ...

by Communicator in

Hunk: Searching two different virtual indexes using OR: should work?

In regular Splunk I can easily search for index=index1 OR index=index2 <search term> | stats count by index T...

by SplunkTrust in

When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"?

I have a simple search of a CSV file pulling back the latest timestamp: source=/opt/apps/splunk/var/run/splunk/csv...

by Explorer in

Trouble displaying multiple stats

I am doing a search on our firewall. I am looking to see who is making the most requests on different ports, and also...

by Path Finder in

Similarity "score" of similar values of fields>

Howdy Folks, I have data in a chart similar to this, with particular scored values per attribute (may attributes....

by Explorer in

How to edit my search to transpose data field (in column) to header field?

Hello, I'm trying to get this table : Device ----- Interface ----- March ----- April ----- ..... device1 -...

by Explorer in

want to compare fields on different event and display only not matching fields

Hi Team, I have two events 1) 2017-05-18 14:24:58,798 [http-abcd] INFO Backend.Pure.gen.id - 108; Return 200 ids...

by New Member in

Compare one field against itself (Chart)

I have a chart that gives me serial numbers, some of the spots for serial numbers are empty. I want to compare how ma...

by Contributor in

When multiplying 3 fields to get a new field, why does Splunk round the result when the fields are decimals?

Hi. I have one issue with my search. I need to multiply three fields to get another new field. When I do the multi...

by Path Finder in

How to edit my search so that no results should be replaced with a zero (0)?

I have a scenario where one column needs to be indicated with Zero in the instance of no result. However, it's showin...

by Explorer in

How to search if data contain value from the other fields?

Hi I'm very new in Splunk, I'd like to find the event where the short description contain the "Category" or "Subca...

by Explorer in

To add multiple criteria to determine drop in traffic

index=circuit basequery1 earliest=-10m@m latest=@m|fields count | stats count AS currentMinuteCount | appendcols [sea...

by Explorer in

How to edit a transaction search with multiple "endswith" option?

hi, i have a search to get duration of the job, let's say startswith=started endswith=success But in some case the...

by Explorer in

table lookup issues

I have a lookup table named lookupfile.csv My file looks like this: col1,col2,col3,col4 100,300,500,yes 200,400,600,y...

by Explorer in

Find average count per minute by a specific field over the whole time period

Hi, I have a web service's http access log and I want to find out the average request per minute for each url_pat...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"?

Changing an app's name on Search Head Cluster

Chart using span logs does not show the columns in range order

How to display specific fields in statistics?

How to split multiple values in a column and make into row

Trying to use subsearch to filter records

How to generate a search that counts specific strings that occur in _raw data?

Do I need to use the join command to combine three searches (including one search with the transaction command)?

How can I use transaction as a boolean to create a visualization in a timechart?

Lookup table for matching and non matching counts

Lookup table does not append value to event

Hunk: Searching two different virtual indexes using OR: should work?

When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"?

Trouble displaying multiple stats

Similarity "score" of similar values of fields>

How to edit my search to transpose data field (in column) to header field?

want to compare fields on different event and display only not matching fields

Compare one field against itself (Chart)

When multiplying 3 fields to get a new field, why does Splunk round the result when the fields are decimals?

How to edit my search so that no results should be replaced with a zero (0)?

How to search if data contain value from the other fields?

To add multiple criteria to determine drop in traffic

How to edit a transaction search with multiple "endswith" option?

table lookup issues

Find average count per minute by a specific field over the whole time period

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions