Splunk Search

Discussions

Thread Info

Why is the charting.reverse option for scatter chart not working in my dashboard panel?

Dear Splunk Community, In the current implementation of my dashboard, I have a scatter chart panel for which I am...

by Engager in

How to search duration of time above a percentage?

I have data that has a watermark percentage, and a consumed percentage in a timechart. I want to determine how much t...

by Contributor in

Dump command splits results in many files. How to consolidate to have a single file instead of splitting results by source?

I have used the dump command to extract data from production server and play with it on my local. I have 6 different ...

by Explorer in

How do I edit my timechart search to prevent all of my data being put into one bucket?

Hi, I have this search: eventtype=mlc sourcetype=murex_log4j source=launchermxmlc.mxres.log | stats earliest(_...

by Communicator in

How to create a drilldown from several pie charts in Dashboard1 to the same single table in Dashboard2?

I have several pie charts. I would like to drilldown from each of the pie charts to the same table in a different vie...

by Communicator in

Why is my summary index search timechart not displaying?

We have a summary index called summary_site_stats, One of the saved searches that adds data to that summary index...

by Builder in

iis field extraction uri="-"

So I am extracting fields using the standard field transforms, and many of my uri results and user agents are returni...

by Motivator in

How do I get these three conditions to work in my search for a field output?

I have search output wherein in field DB_NotBackedup has 3 values: 1- null value 2- value greater than 3 3- value le...

by New Member in

What is the precedence of common fields between the main search and subsearch after a join?

I have two types of log entry with a common field. I am using join to get the index=web_load sourcetype=instrumen...

by Champion in

Why is my scheduled search that includes join and append missing data for some rows in the report?

Hi, I have a comparatively very long search scheduled to run on the 1st of every month. This includes 2 subsearche...

by Explorer in

How to configure Splunk to parse Perforce logging structured data in CSV files?

I am trying to ingest the structured logs from our main Perforce server. I have the structured logs split out to mult...

by Path Finder in

How to show multiple values for a single field in splunk

My raw data consists of xml data as below: <fundTemplateName>FUND1</fundTemplateName><quantityExpression>1600</qu...

by New Member in

Convert String to Integer

I have extracted a value out of expression but seems like it is still treated as String not integer and i cant do any...

by Path Finder in

How DBX decides dbmon interval

Hello, I am using DB Connect to pull data from my DB. I had configured dbmon interval manually (interval = 30s, fo...

by Motivator in

How do I edit my search to append a subsearch result to a count on an hourly basis?

Hi, I'm trying to create a scheduled report that runs daily at 3am. The use case is to track the occupancy number...

by Path Finder in

Powershell output containing Curly braces gets parsed as System.String[]. How to parse and extract fields within the curly braces?

Hello, I hope one of you here can help me out. I have a PowerShell script which is am running via PS modular i...

by Path Finder in

Splunk Search

Discussions

Why is the charting.reverse option for scatter chart not working in my dashboard panel?

How to search duration of time above a percentage?

Dump command splits results in many files. How to consolidate to have a single file instead of splitting results by source?

How do I edit my timechart search to prevent all of my data being put into one bucket?

How to create a drilldown from several pie charts in Dashboard1 to the same single table in Dashboard2?

Why is my summary index search timechart not displaying?

iis field extraction uri="-"

How do I get these three conditions to work in my search for a field output?

What is the precedence of common fields between the main search and subsearch after a join?

Why is my scheduled search that includes join and append missing data for some rows in the report?

How to configure Splunk to parse Perforce logging structured data in CSV files?

How to show multiple values for a single field in splunk

Convert String to Integer

How DBX decides dbmon interval

How do I edit my search to append a subsearch result to a count on an hourly basis?

Powershell output containing Curly braces gets parsed as System.String[]. How to parse and extract fields within the curly braces?

How do you view the search used to generate an alert?

How to write a search to return all rows for each value of field_b where field_a = a, b, and c?

Why are the counts inconsistent for metadata under Data Summary after using Delete?

Join, appendcols how to collect data from several events and combine them into one row?

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >

Field alias does not work in tstats?

Help with search

Highlight a table value alone (not the entire cell...

When do I move Lookup files to a KVstore? How big ...

Lookup with wildcard in data, not in lookup table?

Splunk Search

Discussions

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20. Learn More or Register Now >

How will you .conf21? You decide! Go in-person in Las Vegas, 10/18-10/21, or go online with .conf21 Virtual, 10/19-10/20.

Learn More or Register Now >