Splunk Search

Discussions

Thread Info

Lookups to files larger than max_memtable_bytes report file only contains a header row

With Splunk v5 and v6, I have not been able to get lookups to work with CSV files that are larger than max_memtable_b...

by Path Finder in

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

The following were some events :- [30706/3663031152][Mon Sep 05 2016 03:55:01][CServer.efpp:4719][INFO][sm-Server-...

by Builder in

Why am I unable to find a summary index in search when using index=summary?

I have a saved search in the default summary index and when I use the index=summary in my search box, I cannot find t...

by Explorer in

Why am I getting strange results with the fillnull command when I input a lookup table?

I have a search that looks like: multisearch [search a] [search b] | table field1, field2, field3 | fillnull value...

by Builder in

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

I got a project where I have a csv file with one particular field. Each bar ranges from 200-700 in value. I need to b...

by New Member in

Not able to use Fields, Rename, Table command after Fieldformat command

Hi, I am trying to convert some values with combination of Alphabets, Special Characters and numbers but still wan...

by Communicator in

How do I pass multiple values from a chart as input into another chart?

Hi, I have a chart the displays the performance of all servers. When the user clicks two of the servers, I want ...

by Path Finder in

How do I get the time span (span=X) in a search to automatically adjust depending on the time picker value chosen?

Hi, I want the time span in a search to adjust based upon the time picker value. i.e. time picker is day, t...

by Path Finder in

How to search the duration between the time a user logged in to a host and the time another user logged in to the same host?

I'm having a hard time wrapping my head around this, and after a few false-starts, I'm hoping the community can point...

by New Member in

How do I construct a regular expression with wildcard matching?

Hi, I have data that looks like this ####<Sep 15, 2016 9:35:27 AM CDT> <Debug> <ucontrol> <betamax-cpe1> <manag...

by Motivator in

Timechart with large split by gives" Your search generated too much data for the current visualization configuration." Is it truncating stats or chart or both?

When running a search against a weblog, and attempting to "|timechart span=1h limit=0 count by queryname" for 24hrs, ...

by Motivator in

Why is fieldformat not working if I don't include a certain value in the table?

here is my search, I'm trying to create a report that shows the error count, error percentage, and total transaction ...

by Explorer in

Splunk eval not working with generated column

Need some help on some Splunk Search Syntax. | inputlookup defect__kvs | search (week_date="") (type="") (sub_typ...

by Explorer in

Compare two search results' differences over time

First timer here - hi all and thanks for this amazing ressource. I am trying to timechart the counts for unique a...

by New Member in

How can I show the time of the last event in a stats by count table?

I have a table that shows the host name, IP address, Virus Signature, and Total Count of events for a given period of...

by Engager in

Using summary index data to compare event count between different days

I'm using a cool search I found on Answers to compare the event count from yesterday to the same day last week for ou...

by Path Finder in

What's the difference between chart functions list() and values()? Is there a similar function that doesn't dedup?

Both list() and values() return distinct values of an MV field. Although list() claims to return the values in the or...

by Influencer in

How do I write a search to find the top 10 max by field?

I am attempting to get a listing of the max top 10 by a field. I am able to get the the top 10 by doing this: ...

by Explorer in

How do I construct a search for the average per day of the week, with my day of the week starting on Sunday?

I am trying to chart the average per day of the week (mon, tue, wed, etc) but unable to do it with the days arranged ...

by Communicator in

estdc usage

I have this snippet of a search query, and I have a question. estdc(Purchase_History.Lavender_Paint) as Project1_c...

by Communicator in

How do I group similar URLs into one event?

I am doing a search to get the total count of different URIs and their response times. My result has multiple events ...

by New Member in

How do I write a regular expression to extract 2 fields from my sample data?

So I have a search that will check if two variables equal a specific number, and then I get the count of these instan...

by Contributor in

tostring commas and locale specific separators

My question is whether or not the tostring command is locale specific. If the locale specifies commas as the decimal ...

by Path Finder in

Why aren't defined field transformations showing in the GUI?

A user created a field transform/extraction through the wizard in the GUI. The field extraction works for him, but he...

by Influencer in

How to use a wildcard in an eval function?

Hi From the search, I get the field file_path. I have to differentiate the events based on the file path. file_pa...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Lookups to files larger than max_memtable_bytes report file only contains a header row

How to display the result in a graph format with timechart as y-axis and field_1, field_2 on x-axis?

Why am I unable to find a summary index in search when using index=summary?

Why am I getting strange results with the fillnull command when I input a lookup table?

How to multiply the x-axis values by the y-axis values and display the result on the y-axis in the chart?

Not able to use Fields, Rename, Table command after Fieldformat command

How do I pass multiple values from a chart as input into another chart?

How do I get the time span (span=X) in a search to automatically adjust depending on the time picker value chosen?

How to search the duration between the time a user logged in to a host and the time another user logged in to the same host?

How do I construct a regular expression with wildcard matching?

Timechart with large split by gives" Your search generated too much data for the current visualization configuration." Is it truncating stats or chart or both?

Why is fieldformat not working if I don't include a certain value in the table?

Splunk eval not working with generated column

Compare two search results' differences over time

How can I show the time of the last event in a stats by count table?

Using summary index data to compare event count between different days

What's the difference between chart functions list() and values()? Is there a similar function that doesn't dedup?

How do I write a search to find the top 10 max by field?

How do I construct a search for the average per day of the week, with my day of the week starting on Sunday?

estdc usage

How do I group similar URLs into one event?

How do I write a regular expression to extract 2 fields from my sample data?

tostring commas and locale specific separators

Why aren't defined field transformations showing in the GUI?

How to use a wildcard in an eval function?

Why You Can't Miss .conf25: Unleashing the Power of Agentic AI with Splunk & Cisco

Deep Dive into Federated Analytics: Unlocking the Full Power of Your Security Data

Your summer travels continue with new course releases

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Joining records in a table

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions