Splunk Search

Discussions

Thread Info

How can I have 3 charts for 1 panel display on the same row instead of each on a different row?

My goal here is to save my panel as a "pre-built" one that can be distributed to other users dashboard at my company....

by Path Finder in

Can I use multiple kvstore lookups in a single collection?

This is my first time trying out the kvstore, so learning by fire. I set up a collection in myapp/default/collections...

by Communicator in

How to plot Time (in hours) in Y-axis and Date in X-axis?

So I am trying to plot Hours in Y axis and the Time in the X-axis (the time is the first time events related to a par...

by Communicator in

How to convert inline pivot expression into equivalent non-pivot search expression?

I have a pivot query that produces a one-million row table with ~50 columns. I'd like to extend the limit for that ta...

by Communicator in

Making field extractor searches faster

How to extract extracted fields faster When I search for a field in the search window its very fast (although it r...

by Communicator in

Can I search a search head from another search head?

I think I already know the answer to this, but here goes: I have a search head that can access my indexer as a sea...

by Path Finder in

How to combine two JsonArray into a single column?

HI!!! I am trying to combine two JsonArray (Nextbus & SubsequentBus) to a single column. I managed to extract bo...

by Explorer in

How to extract these fields from my sample data to create a time chart on my dashboard?

[11627/3721370512][Sun Sep 10 2015 21:00:02][CServer.cpp:4448][INFO] Connections: Current=289 Max=1349 Limit=10000 Ex...

by Path Finder in

How to create a new field at index-time using a lookup?

I have a challenge where I want to place a static field (at index-time, NOT search-time) onto events as they are inde...

by Communicator in

How to create a table that displays Request IDs and Time as columns?

MESSAGE [Slow script time: Time=9.11s - Request ID=bed_get_organization_list_b] From the one of the log message a...

by New Member in

How can I return specific results using head and tail commands?

I have an alert currently set to return a full set of results based upon the stats command which sometimes might numb...

by New Member in

Significant performance differences running same query against different indexes

I performed the exact same search (index=|head 2000000|stats count) on the same indexer against THREE different index...

by Path Finder in

Forescout: How to line graph month over month AV compliance counts by status description

We have obtained counts for each status description using the following search..... index="forescout" sourcetype="...

by Path Finder in

How to exclude null field values from search results?

Below are the log events I have, where one event has two savedsearch_name fields with two values "Apache_Monitor" and...

by Communicator in

Add time clause on the second search of a subsearch

I am writing a query to find if a account got locked out because of an attack or because of an account change that ha...

by Splunk Employee in

How to overcome the subsearch limit of 10500?

I am working with Terabytes of data and running into a brick wall with the subsearch limit. The search that I am runn...

by New Member in

How to write a search to populate a drop-down menu in a dashboard with all unique index names?

I am trying to develop a search to populate a drop-down menu in a dashboard with all unique index names. I have tried...

by Path Finder in

How to search all fieldA values where fieldB is a certain value?

We have a single source with data (in table form) looking something like this: NamePositionDepartment John Wh...

by Communicator in

How to edit my search to join results with a lookup table?

I have a lookup table and have one search working good. I have another search I want to join to the lookup table, but...

by Path Finder in

How to query for a Week over Week count of hosts reporting to Splunk

Is there a better way to report the count of hosts reporting to Splunk week over week other than running the query us...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I have 3 charts for 1 panel display on the same row instead of each on a different row?

Can I use multiple kvstore lookups in a single collection?

How to plot Time (in hours) in Y-axis and Date in X-axis?

How to convert inline pivot expression into equivalent non-pivot search expression?

Making field extractor searches faster

Can I search a search head from another search head?

How to combine two JsonArray into a single column?

How to extract these fields from my sample data to create a time chart on my dashboard?

How to create a new field at index-time using a lookup?

How to create a table that displays Request IDs and Time as columns?

How can I return specific results using head and tail commands?

Significant performance differences running same query against different indexes

Forescout: How to line graph month over month AV compliance counts by status description

How to exclude null field values from search results?

Add time clause on the second search of a subsearch

How to overcome the subsearch limit of 10500?

How to write a search to populate a drop-down menu in a dashboard with all unique index names?

How to search all fieldA values where fieldB is a certain value?

How to edit my search to join results with a lookup table?

How to query for a Week over Week count of hosts reporting to Splunk

Don't wait! Accept the Mission Possible: Splunk Adoption Challenge Now and Win ...

Unify Your SecOps with Splunk Mission Control

Data Preparation Made Easy: SPL2 for Edge Processor

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...

Does splunk support Reactive Programming in Java/S...

Alerts not Finalizing- Is there a way to find out ...