Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why does the lack of subsearch results cause my search to fail with "Error in 'eval' command: Failed to parse the provided arguments."?

Lack of subsearch results causing query to error I have a search that looks at historical data (using timewrap) an...

by Engager in

Making same query run for different times

Hi, I have a dashboard with a query that currently runs for the time range 'Today' everyday. I want the time range...

by Path Finder in

How to compare to a lookup table and pull fields?

I have an index=foo and a lookup table defined as foo2. How can I compare my index to the table to show only results ...

by Path Finder in

Multiple Value Field Extraction Help

I am trying to come up with a Regex that will extract several field values from an event which can potentially have s...

by Path Finder in

Extracting fields from transactions that have status events

I have a couple of transactions I have created for example: Transaction A: startswith=Begin_Process endswith=Reque...

by Explorer in

Timechart field value by field woes

Hello, I have log messages that look like this: Handled MessageTypeA in 10ms Handled MessageTypeB in 23ms Handled ...

by New Member in

Top 10 hosts whose number of events has increased the most

Hello, I would like to know which of my host have an increase in their event number compared to usual. I first...

by Explorer in

How to extract more than one value out of a field extraction using delimiters

I'm using props.conf and transforms.conf to extract fields with delimiters, some of which are multi-valued. Example: ...

by Communicator in

Long label text in charts

Hi all, I've tried to find a solution with other questions, and the main thing about I found is SideViews, but all...

by Contributor in

Nested Search Query on across multiple files

Hi, I am trying to do a nested search. in Log A, I want to get all the users who has accessed "X". So my search qu...

by Explorer in

Fixed-width field extraction but removing trailing spaces

I am currently defining some sourcetypes for some db2 SMF logs (oh joy). Luckily, the fields are well defined and are...

by Builder in

Lookup CSV location

Hi, I would like to ask if the CSV file that is being referenced to in the search command can be from any director...

by Explorer in

with the same search conditions, I cannot make eval if function to return true...

For some use case, I need to make a new true/false field. Below condition returns 11 events in my data sample: | f...

by Path Finder in

Drilldown with $click$ values not working

I have a dashboard where I display a list of wines. I want to be able to incrementally add the wine name to a search ...

by SplunkTrust in

Different results for error "specified span would result in too many (>50000) rows" based on time range

I am trying to run the below to get the avg/max number of hits per second each day. I have tried this multiple times ...

by New Member in

Problem while joining

Hi everyone Need your kind help. I have 50+ fields under index='abc' i want to join the same with a lookup w...

by Path Finder in

How to extract logs by rex ?

How to extract logs by rex ? "TranStartTime":"2017-05-08T02:40:58.856-04:00", "TranEndTime":"2017-05-08T02:40:58.902-...

by Contributor in

Show individual counts for each item in a multivalue field in a single stats row

I am trying to get a count for individual items in a multivalue field. Here's my current search: | stats count(_ti...

by Explorer in

format output of a string in a particular format?

I have a search query that returns numbers like 170503007 and 170504021 as outputs. Need to format them as 2017/05/03...

by New Member in

using stats function to return latest value but need associated timestamp of that value

stats latest(sequence)returns the latest sequence number but I need to display the associated timestamp when the sequ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why does the lack of subsearch results cause my search to fail with "Error in 'eval' command: Failed to parse the provided arguments."?

Making same query run for different times

How to compare to a lookup table and pull fields?

Multiple Value Field Extraction Help

Extracting fields from transactions that have status events

Timechart field value by field woes

Top 10 hosts whose number of events has increased the most

How to extract more than one value out of a field extraction using delimiters

Long label text in charts

Nested Search Query on across multiple files

Fixed-width field extraction but removing trailing spaces

Lookup CSV location

with the same search conditions, I cannot make eval if function to return true...

Drilldown with $click$ values not working

Different results for error "specified span would result in too many (>50000) rows" based on time range

Problem while joining

How to extract logs by rex ?

Show individual counts for each item in a multivalue field in a single stats row

format output of a string in a particular format?

using stats function to return latest value but need associated timestamp of that value

Enterprise Security Content Updates (ESCU) - New Releases

Thought Leaders are Validating Your Hard Work and Training Rigor

.conf23 Registration is Now Open!

Calculate event results based on time picker range...

How to filter out IPv6 and 169.254.0.0/16 from a m...

How to view creation time logs compare with index ...

KV Store status is currently unknown- How to resol...

Combining results in metric index?