Splunk Search

Discussions

Thread Info

Timechart with large split by gives" Your search generated too much data for the current visualization configuration." Is it truncating stats or chart or both?

When running a search against a weblog, and attempting to "|timechart span=1h limit=0 count by queryname" for 24hrs, ...

by Motivator in

Why is fieldformat not working if I don't include a certain value in the table?

here is my search, I'm trying to create a report that shows the error count, error percentage, and total transaction ...

by Explorer in

Splunk eval not working with generated column

Need some help on some Splunk Search Syntax. | inputlookup defect__kvs | search (week_date="") (type="") (sub_typ...

by Explorer in

Compare two search results' differences over time

First timer here - hi all and thanks for this amazing ressource. I am trying to timechart the counts for unique a...

by New Member in

How can I show the time of the last event in a stats by count table?

I have a table that shows the host name, IP address, Virus Signature, and Total Count of events for a given period of...

by Engager in

Using summary index data to compare event count between different days

I'm using a cool search I found on Answers to compare the event count from yesterday to the same day last week for ou...

by Path Finder in

What's the difference between chart functions list() and values()? Is there a similar function that doesn't dedup?

Both list() and values() return distinct values of an MV field. Although list() claims to return the values in the or...

by Influencer in

How do I write a search to find the top 10 max by field?

I am attempting to get a listing of the max top 10 by a field. I am able to get the the top 10 by doing this: ...

by Explorer in

How do I construct a search for the average per day of the week, with my day of the week starting on Sunday?

I am trying to chart the average per day of the week (mon, tue, wed, etc) but unable to do it with the days arranged ...

by Communicator in

estdc usage

I have this snippet of a search query, and I have a question. estdc(Purchase_History.Lavender_Paint) as Project1_c...

by Communicator in

How do I group similar URLs into one event?

I am doing a search to get the total count of different URIs and their response times. My result has multiple events ...

by New Member in

How do I write a regular expression to extract 2 fields from my sample data?

So I have a search that will check if two variables equal a specific number, and then I get the count of these instan...

by Contributor in

tostring commas and locale specific separators

My question is whether or not the tostring command is locale specific. If the locale specifies commas as the decimal ...

by Path Finder in

Why aren't defined field transformations showing in the GUI?

A user created a field transform/extraction through the wizard in the GUI. The field extraction works for him, but he...

by Influencer in

How to use a wildcard in an eval function?

Hi From the search, I get the field file_path. I have to differentiate the events based on the file path. file_pa...

by Builder in

Part 1: How to extract a json portion of an event then use spath to extract key=value pairs

I have the following log event but I have not been able to use spath to extract the json key=value pairs. 2013-03...

by Motivator in

How do I modify my search so that it will show either a Marker Gauge or Single Value visualization?

Howdy. So I have two searches, which I have been asked to turn into "easy visualizations" so non-techies can look ...

by Communicator in

Search Issue

Hi, When i try to search data using command sourcetype="WinEventLog:Security" there is no result for it. However w...

by Explorer in

strftime and strptime functions are not working in search queries

I have multiple time fields in my db like Reported Date, Last Modified Date, Responded Date.. If I apply strftime/str...

by New Member in

How to replace letters with numbers in a string

I'm trying to convert a long hexadecimal number (md5) to decimal. Unfortunately md5_number = tonumber(md5_string,16) ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Timechart with large split by gives" Your search generated too much data for the current visualization configuration." Is it truncating stats or chart or both?

Why is fieldformat not working if I don't include a certain value in the table?

Splunk eval not working with generated column

Compare two search results' differences over time

How can I show the time of the last event in a stats by count table?

Using summary index data to compare event count between different days

What's the difference between chart functions list() and values()? Is there a similar function that doesn't dedup?

How do I write a search to find the top 10 max by field?

How do I construct a search for the average per day of the week, with my day of the week starting on Sunday?

estdc usage

How do I group similar URLs into one event?

How do I write a regular expression to extract 2 fields from my sample data?

tostring commas and locale specific separators

Why aren't defined field transformations showing in the GUI?

How to use a wildcard in an eval function?

Part 1: How to extract a json portion of an event then use spath to extract key=value pairs

How do I modify my search so that it will show either a Marker Gauge or Single Value visualization?

Search Issue

strftime and strptime functions are not working in search queries

How to replace letters with numbers in a string

Improve Your Security Posture

Maximize the Value from Microsoft Defender with Splunk

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Why are there Different results with "earliest" th...

Why is website monitoring app not pulling data?

How to achieve readable date format for scatter pl...

How to change the date format of the Date Picker i...

Maximun disk usage quota- Why are alerts not sendi...