Splunk Search

Discussions

Thread Info

How do I create a dashboard to show count roll up by location and billing system?

Planning to create a dashboard from the information as below. Can we see count roll up by location and billing system...

by Explorer in

How do I prevent initial delta value from breaking my visualization?

I am trying to get the delta of several key-value pairs over a period of an hour. The initial ingestion of data is fr...

by Builder in

How to modify my search so it shows total MB per user for the day?

bucket _time span=1d| eval _time = strftime(_time,"%b %d, %Y")| stats sum(eval(Bytes_Written/(1024*1024))) as MBytes...

by Path Finder in

POST LOGIN need to execute a search and use token across dashboard

Hi All, For a particular filter which is used across my dashboard , I have run a search in javascript and set a to...

by Explorer in

Questions regarding datamodel, stats, NOT, and Macros in my query

This is the query I have: | tstats summariesonly count from datamodel=Threat_Intelligence.Threat_Activity where NO...

by Communicator in

What does "stats sum(count) by" do?

Hey, a really basic question, but I'm unsure of the answer. What does stats sum(count) by do? I'm fairly sure that th...

by Communicator in

How to edit this search to remove the time for maintenance windows using a CSV file?

We've got a search that displays our web monitor logs, and would like to add a function that allows us to remove time...

by Communicator in

How to use the result from one search in another search?

I have a set of fields like Servername, type, Country, desc,_time. These fields have been indexed and I already have ...

by Communicator in

How to get a transaction command to work with a combination of indexTime and another field?

Good Afternoon Splunk, I have a question about some data that I am trying to evaluate for the transaction command....

by Communicator in

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

I have field values that are coming in with unnecessary spaces. I'm trying to remove them and from another post, I f...

by Path Finder in

show unique values from yesterday

Hello, please help! I want to display only the unique names from yesterday that are not in today's list Initial s...

by Explorer in

How to check if new hosts get added to instance & get alerted?

The number to hosts have increased in our instance & we want to check which ones are the new ones added. Also we want...

by Path Finder in

How to list count of Error messages

I have multiple error messages in the logs and I do count by ErrorMessage. The error messages gets listed as below. ...

by New Member in

show value in case of no results found

hello, I'm trying to do a stats count command and to show "0" (for single value chart) instead of N/A in case the que...

by Explorer in

Searching the latest event quickly

Hello I would like to check if my firewall rules are used or not. For that, I'm doing something like that : index=...

by Engager in

How to use drilldown and selection in the same chart at the same time?

Hi, I'm trying to use both drilldown and selection in a timechart to limit the events shown in an events view (not...

by Communicator in

Searching the _introspection index, why are PerProcess events missing?

Hi, While checking the introspection index, the search index=_introspection | dedup component | table component r...

by New Member in

How to revise my search in order to convert my cluster map into a choropleth map?

Hi, I have a query that supplies IP address and a status code and I have created a cluster map from the results ...

by Motivator in

How to edit my search to categorize User Agent by Mobile OS?

Hello Splunk Masters, I'm working on a radial gauge that will show successful IIS requests. I need to be able to b...

by Explorer in

Why don't I see the real time option in time range picker?

I don't see the real time option in the time range picker. I do have queries to search in real time.

by Contributor in

How can I use rex to extract the time stamp of a used search?

I am attempting to create a search that would pull information about search usage. I have an index generated off of t...

by Path Finder in

Need help normalizing a field's contents for display

I'm extracting a piece of a filename to create a field using makemv and a rex command. The extracted field should be ...

by Contributor in

How can i search what all indexes are into splunk ESS app?

please let me know via CLI or Splunkweb.?

by New Member in

How to edit my stats search to calculate a percentage based on a custom range?

I have a search from web logs that I need to calculate a percentage based on a custom range. Search example: i...

by Explorer in

Can this query be written more efficiently?

It's a query for a staked column chart. index=myCompIn source="/locatedin/mySrc.log" "Reply Back" "CAT-IN " "SOME ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I create a dashboard to show count roll up by location and billing system?

How do I prevent initial delta value from breaking my visualization?

How to modify my search so it shows total MB per user for the day?

POST LOGIN need to execute a search and use token across dashboard

Questions regarding datamodel, stats, NOT, and Macros in my query

What does "stats sum(count) by" do?

How to edit this search to remove the time for maintenance windows using a CSV file?

How to use the result from one search in another search?

How to get a transaction command to work with a combination of indexTime and another field?

How do I formulate the rex command to remove unnecessary spaces in the middle of my field values?

show unique values from yesterday

How to check if new hosts get added to instance & get alerted?

How to list count of Error messages

show value in case of no results found

Searching the latest event quickly

How to use drilldown and selection in the same chart at the same time?

Searching the _introspection index, why are PerProcess events missing?

How to revise my search in order to convert my cluster map into a choropleth map?

How to edit my search to categorize User Agent by Mobile OS?

Why don't I see the real time option in time range picker?

How can I use rex to extract the time stamp of a used search?

Need help normalizing a field's contents for display

How can i search what all indexes are into splunk ESS app?

How to edit my stats search to calculate a percentage based on a custom range?

Can this query be written more efficiently?

OpenTelemetry for Legacy Apps? Yes, You Can!

UCC Framework: Discover Developer Toolkit for Building Technology Add-ons

.conf25 Community Recap

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions