Splunk Search

Ask a Question

Discussions

Thread Info

How to use the results of one search in another search and include both results in the same chart?

Hi, I want to use the result of one search, and then use this result in another search to put it in the same chart...

by New Member in

How do I reformat table values in columns to rows and rows to columns?

I have table like below Backup_Status BackupDate Servers Success 07/16/2016 archiveserver1 Failed ...

by New Member in

Column Chart: Why are small data points on a stacked column chart not displaying on some machines?

I have a stacked column chart that shows 2 values in each column. One of these values tends to be very small (0-3 eve...

by Explorer in

Is there a REST API endpoint to display a lookup table's permissions?

Looking for a way to report on whether a lookup table is exported to all apps by using a rest search. Assuming the...

by Contributor in

Summary Indexing for dashboard

Hi, I want to use summary indexing for my dashboard and was wondering what the best approach would be? The followi...

by Builder in

Why is the regular expression for rex in my search not extracting the field from my sample data?

Hi, I have this data fn.util.SingleDeviceDebugger - RCVD REST request from premise 101: GET /rest/icontrol/logi...

by Motivator in

Invalid value Drilldown error

I have a table on my dashboard which contains values that link to the actual data log on splunk. I am trying to open ...

by Path Finder in

How do I get Unique users per day and per month in one query and then divide them

Hi, I have a field called "UserID" and a DateActive field. I'm looking to make a bar chart where each bar has a va...

by Explorer in

calculate sum of multiple fields in different lines identified using regex

I want to calculate sum of multiple fields which occur in different lines in logs I have logs like bmwcar=10 bmw...

by Engager in

Field Extraction Problem

Hey, Splunkers I'm having issues attempting a field extraction. The field extraction with appending data is a comp...

by Path Finder in

What are best practices for creating summary indexes to populate a dashboard?

Hi, I need to create some summary indexes and am wondering what the best approach would be? So far there are vario...

by Explorer in

How do I merge columns from a CSV with an existing input lookup file?

Hi Team, I have an input lookup file called windows.CSV and have another .CSV file which contains host, sourcetype...

by New Member in

Is there a permanent solution for handling too many search jobs found in the dispatch directory?

Hello. I am getting this error: Too many search jobs found in the dispatch directory (found=7079, warning leve...

by Engager in

How to search within a timestamp that isn't _time?

Hi guys, I'm trying to search within events on a specific day using a timestamp that is not _time and I also want ...

by Path Finder in

How is the maximum offset used in my time-based lookup search?

Hi, I've created time-based lookup definition which I want to use in my search. The example.csv has a time field "...

by Motivator in

How to search the count of failed logs per month for the past six months?

Hi, I want to generate the monthly report for the past six months and need the count of failed logs for each month...

by New Member in

An index is shown under default search for a role, but why is a search on this index producing "No result" on the search head?

Hello Team, xyz_prd_index created, running forwarder fine on the host. It displays all indexers too when we do lis...

by New Member in

Retrieve information from a URL

Is there a way I can call a URL (https://who.is/whois-ip/ip-address/) and pass it a parameter (54.174.106.18) so the ...

by Motivator in

How to alert when a certain field changes from a value to another random value?

Hi everyone, I want to create an alert by email when one of the fields of my index changes. I have a file with dif...

by Explorer in

How to configure Optiv Threat Intel to use a proxy

I recently upgraded Optiv Threat Intel app and all of my proxy information disappeared. I have been searching around ...

by Path Finder in

How do I write a regular expression in a Splunk search to extract data from comma separated text into a table format?

I am trying to write a search/extract on a below sample type of log file: Sample data is as below (it will repeat acr...

by New Member in

How to compare 2 table with a same field value?

Hi, Please help me construct this query. I have 2 search tables Table1 from Sourcetype=A FieldA1 FieldB1 Table2 fr...

by New Member in

How do you place icons on a map

I would like to plot radio towers on a map. How could I place a jpg instead of a dot on a lat/long on a location on a...

by Builder in

How to edit my search to only display policy numbers with a failed transaction status?

index="np_dpa" PROXYNAME="ProcessUBIDeviceFulfillmentCommunication" Application="Datapower" TransactionStatus="FAIL" ...

by Communicator in

How to display the time of one search in the final result when we have another subsearch inside of it?

Below is my search. What I need is to have the time related to that error also saved(Timen) and then shown in the ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to use the results of one search in another search and include both results in the same chart?

How do I reformat table values in columns to rows and rows to columns?

Column Chart: Why are small data points on a stacked column chart not displaying on some machines?

Is there a REST API endpoint to display a lookup table's permissions?

Summary Indexing for dashboard

Why is the regular expression for rex in my search not extracting the field from my sample data?

Invalid value Drilldown error

How do I get Unique users per day and per month in one query and then divide them

calculate sum of multiple fields in different lines identified using regex

Field Extraction Problem

What are best practices for creating summary indexes to populate a dashboard?

How do I merge columns from a CSV with an existing input lookup file?

Is there a permanent solution for handling too many search jobs found in the dispatch directory?

How to search within a timestamp that isn't _time?

How is the maximum offset used in my time-based lookup search?

How to search the count of failed logs per month for the past six months?

An index is shown under default search for a role, but why is a search on this index producing "No result" on the search head?

Retrieve information from a URL

How to alert when a certain field changes from a value to another random value?

How to configure Optiv Threat Intel to use a proxy

How do I write a regular expression in a Splunk search to extract data from comma separated text into a table format?

How to compare 2 table with a same field value?

How do you place icons on a map

How to edit my search to only display policy numbers with a failed transaction status?

How to display the time of one search in the final result when we have another subsearch inside of it?

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions