Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

how to exclude a certain field value from results

Search query: list the last known user (userid) on each host. sourcetype=syslog source=/var/log/secure "pam_unix(s...

by Explorer in

Multiline Regex trouble - Can't get fields to be associated with keys

Hi, I am in great troubles with a multilines events i'm trying to analyse, and associated required regex to extrac...

by SplunkTrust in

Use a Function without Running a Search

Hey guys, is it possible to run an eval function in the search bar without piping a search to it? In an attempt to...

by Explorer in

How to get sum and charts of usage time values for corresponding fields?

I'm using splunk 6.0.3 When I search for: "has been closed after being in use" I have a series of hits like shown ...

by New Member in

How to display timechart as area chart over last 4 hours with span of 1 hour?

I will try my best to formulate my question as I couldn't find anything similar asked already. I am trying to disp...

by Path Finder in

Displaying the count of events over varying time spans

All, I want to create a search that will return the count of events over the last 5 minutes, 30 minutes, hour, 6 h...

by Contributor in

Report new users each month trended - large time range

Hi, I have a request to trend new users on a web application by month over a two year period and produce this repo...

by Contributor in

Field extraction for logs with slightly different field position based on the servername

Hi All Here are my sample logs _time prod-server-1234 web_access 10.11.12.13 "GET /json/some_search?asasa HTTP/1.1...

by Path Finder in

How to sort events by number of occurances?

I'm trying to do "[Simple text search]" | top limit=50 count To so the 50 highest occurrences of my search for...

by Engager in

Error using lookup table

Hello I am running the following search with the end aim of using the 'map' functionality to plot the results but ...

by Communicator in

How to rename _time column

How to rename the _time to TIME in the below query: |inputlookup currentesdorders.csv | dedup ORDER_NUMBER | where...

by Explorer in

How can I add new columns and name them by result or subsearch?

Hi! I would like to draw a chart with stacked bars , but I don't know how to add columns depend on result. for exampl...

by Engager in

Limiting Forwarding Throughput

Hi, We are trying to limit the maxKBps of a couple forwarders to 30 KBps. We are doing this because the app on those ...

by Explorer in

How to get sum for unique field values?

Hi, I saw that there is dc so we can get the distinct count but what if I want to get the sum for unique field val...

by Contributor in

Chart column widths

How do I specify a minimum width for columns in a column chart? The documentation very usefully says columnStyle s...

by Explorer in

Sorting the stats values results by count, and include count in results

I am trying to get a search result that shows a single IP associated with all of its user agents, but I would like th...

by Path Finder in

Return fields from subsearch but not used as filter in outer search

Hi all, can I return fields from subsearch but not used as filter in outer sesarch? Assuming the log1 contains fields...

by Communicator in

variable fields - re-arrange (tranpose) variables fields into one field for data aggregation

Hi, I have data indexed with variable fields (csv data indexed as csv by Splunk) such as: timestamp device1 dev...

by SplunkTrust in

Is there a way to email more than 10K results

sendemail command limits to 10k events. This number makes my automates search emails imcomplete. Is there anywhere I ...

by Path Finder in

newlines in stats command failure with savedsearch

I've discovered that if you have newlines in a stats command in a savedsearch like this: | stats values(blah), l...

by Ultra Champion in

Splunk Search

Discussions

how to exclude a certain field value from results

Multiline Regex trouble - Can't get fields to be associated with keys

Use a Function without Running a Search

How to get sum and charts of usage time values for corresponding fields?

How to display timechart as area chart over last 4 hours with span of 1 hour?

Displaying the count of events over varying time spans

Report new users each month trended - large time range

Field extraction for logs with slightly different field position based on the servername

How to sort events by number of occurances?

Error using lookup table

How to rename _time column

How can I add new columns and name them by result or subsearch?

Limiting Forwarding Throughput

How to get sum for unique field values?

Chart column widths

Sorting the stats values results by count, and include count in results

Return fields from subsearch but not used as filter in outer search

variable fields - re-arrange (tranpose) variables fields into one field for data aggregation

Is there a way to email more than 10K results

newlines in stats command failure with savedsearch

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >

Writing records to KVStore - Strange Behavior

Chart # of instances for a process, w/ sum of RAM ...

Need to send mail with multiples information

Strategy to search entire estate for unique server...

Python SDK - mTLS support

Splunk Search

Discussions

Free LIVE events worldwide 2/8-2/12Connect, learn, and collect rad prizes and swag!Sign up now >

Free LIVE events worldwide 2/8-2/12
Connect, learn, and collect rad prizes
and swag!

Sign up now >