Splunk Search

Discussions

Thread Info

How to combine results of two table searches?

I've combed through a plethora of the posts here with regards to using subsearches and other various "solutions" to w...

by Explorer in

Problem computing error rate from two different queries for a graph. . .

Other answers I have found don't quite seem to work in my case here. Have seen similar where it can be done based on ...

by Explorer in

How to combine my three searches into one search?

Hi all, I want to combine the three searches below into one to display all data in the result. However, it should ...

by Explorer in

Is it possible to show a column chart of the average log count per hour over several days?

I apologize if this as been asked before. The examples I have found are a bit too much, as what I want to achieve is ...

by Explorer in

Combine 2 indexes with join based on result of a substring search

I have 2 indexes: First index: index= abc with field1 having values like "\A,\B,\C" and "\A,\D" and so on Second inde...

by Explorer in

In a timechart, how can I display the chosen bucket size?

I'm letting timechart choose the proper bucket size, but I want that size to be displayed somewhere. I'd like to be a...

by Explorer in

Why are my additional columns in my asset lookup not showing in Splunk Web?

Hi. I have added a few additional columns to my asset lookup CSV, meaning in addition to the required columns. Whe...

by Communicator in

How to sort date fields chronologically in a stacked bar chart and group dates by week numbers?

I have a CSV import that has a date field in the format dd/mm/yyyy that I want to be able to chart chronologically on...

by Explorer in

How to edit my props and transforms.conf to filter out Windows Security Events with Logon Type:3?

Hi I want to drop all Windows Security Events (4624, 4625, etc) with Logon Type:3 My first idea is to make filter...

by Path Finder in

How do I handle fields with no value or a blank space in a rex field extraction so they show up as null?

I have a data source that is pipe delimited, but some of the fields contain no data or even a blank space. I've creat...

by Builder in

REGEX to filter out event records

At the indexer, we are trying to exclude event records from incoming windows logs that have Logon_Type=3. Below i...

by New Member in

Join Statement Not Retrieving All Records

Hi, I wonder whether someone may be able to help me please for which may seem a really dumb question. I'm using th...

by Motivator in

Is it possible in Splunk to display contents from external url

I have a url, by hitting which, i get some data. Is it possible in splunk to read that data and process it and displa...

by Contributor in

How to get each occurrence of the username in a search from my sample data, not just the first username?

This is my search: index="test" sourcetype="Cisco_Users" | rex field=_raw "(?<Host>\w+-\w+-\w+-\w+-?\d?\.\w+\.\w+...

by Path Finder in

chopping up lastlog

I have managed to get our linux hosts' lastlog data in our Splunk> (version 5.0.2, build 149561) easily enough, but w...

by Engager in

Joining multiple field value count using a common text

Hi, We have few appliances spread across various data centers feeding logs into Splunk. Each Data center has 2 or ...

by Builder in

How to use the value of one field to select/chart another field?

I have a json object (see below). I need to take the value of payload.chan (15 in this case) and using 15 select payl...

by Motivator in

How to dedup after | stats list(blah)?

Scenario: I am extracting sender domains with the following code: index=mail sourcetype=xemail [search index=...

by Contributor in

Extraction of a substring and comparison in a loop

Hi, I need to search for an element A present in one of the fields let's say field 1. Some of the values presen...

by Explorer in

How to set different colors for each row of my results in dashboard panel?

Hi, Can someone please advise, how we can set different colors in a dashboard for each single row? Our data lo...

by Path Finder in

The automatic timechart range changed after upgrading from Splunk 6.3.1 to 6.3.3. What can we set to revert to the old behavior?

We have certain source types where there is only data from months ago. When putting this into a timechart, the chart ...

by Communicator in

How to create a stacked bar graph showing total time and (total time-pending) stacked by filter?

I want to create a stacked bar graph showing 2 columns stacked by department: 1 column is the total time and the seco...

by Explorer in

Change the ''Waiting for data... '' message with a value or word

My search : index=test | where Value>=95 | stats count(Value) as Events by Host The result : if ther...

by Communicator in

How can I know when Splunk reaches the 10000 result limit in a search to output a certain message?

In my search, I calculate some values, but if I reach the 10000 result limit, I get wrong results. I would like chang...

by Path Finder in

How to create a table based on certain fields from the Output Results?

Hi Splunk Support, I'm trying to create a table based on certain fields from the Output Results: Search String...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to combine results of two table searches?

Problem computing error rate from two different queries for a graph. . .

How to combine my three searches into one search?

Is it possible to show a column chart of the average log count per hour over several days?

Combine 2 indexes with join based on result of a substring search

In a timechart, how can I display the chosen bucket size?

Why are my additional columns in my asset lookup not showing in Splunk Web?

How to sort date fields chronologically in a stacked bar chart and group dates by week numbers?

How to edit my props and transforms.conf to filter out Windows Security Events with Logon Type:3?

How do I handle fields with no value or a blank space in a rex field extraction so they show up as null?

REGEX to filter out event records

Join Statement Not Retrieving All Records

Is it possible in Splunk to display contents from external url

How to get each occurrence of the username in a search from my sample data, not just the first username?

chopping up lastlog

Joining multiple field value count using a common text

How to use the value of one field to select/chart another field?

How to dedup after | stats list(blah)?

Extraction of a substring and comparison in a loop

How to set different colors for each row of my results in dashboard panel?

The automatic timechart range changed after upgrading from Splunk 6.3.1 to 6.3.3. What can we set to revert to the old behavior?

How to create a stacked bar graph showing total time and (total time-pending) stacked by filter?

Change the ''Waiting for data... '' message with a value or word

How can I know when Splunk reaches the 10000 result limit in a search to output a certain message?

How to create a table based on certain fields from the Output Results?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!