Splunk Search

Discussions

Thread Info

Show bar chart labels in the bar

Currently Splunk puts the bar chart labels off to the left and truncates them which makes things really hard to read:...

by Explorer in

Fire an alert when count of a particular value in one column is greater than something

Hello, I have a query like so: source=“some-source.log” MySearchQuery | stats count by user, host_name which produ...

by Engager in

Scheduling multiple searches

Hi, I am trying to schedule 60 saved searches with summery indexing. There are for 5 different searches, each with...

by Explorer in

Concatenating stats results and visualizing as a single value

Hi there index=someIndex | stats = sum(fieldA) as one, sum(fieldB) as two I would like to display the result in th...

by Engager in

How to convert values for a time field to find max and average values with stats?

We have a field with data 00 00:01:00.209 00 00:00:59.540 00 00:00:10.528 00 00:00:10.014 00 00:00:10.010 00 00:00:09...

by Explorer in

How do I sum similarly named fields from nested JSON?

I have JSON events with a sub list and want to sum similarly named fields for each event. { "id": "theid", "subdat...

by Path Finder in

How do I get my SPLUNK csv excel data to display via a horizontal bar chart?

My data displays in splunk and ![I was able to generate a correct table via running the command index=cmadam host=kot...

by New Member in

How to report on how long a field equaled a specific value, and show the result as a percentage of time? (aka true uptime)

Here is the sample set of data, simplified: Aug 8 11:00:00 host=host1 status_code=UP Aug 8 12:20:00 host=host1 s...

by Path Finder in

Regex match till end of event?

Not sure why I cant find this, but the following is not working. |rex field=_raw "(?i)response=(?<responseXML>.+)$...

by Builder in

How to edit my search to find if a service is down, then trigger an alert only if the status is still down 1 minute later?

Hi , We have search that runs for every minute, and if in case it found any Service is down, it triggers an alert....

by Path Finder in

Case insensitive field value results in a count

How can I make the results of a count on the user field case insensitive? index=winevents sourcetype="WinEventLog:...

by New Member in

How to write a query where I can show the success and failure of a status?

H Form the result of a asearch i get field status- success & failed, i need to show the count of success and failed ...

by Builder in

Hunk is not filtering files based on timestamp

I have a Hunk installation that is successfully (albeit slowly) pulling data from an s3:// filesystem. However, I'm h...

by Explorer in

Assign earliest and latest _time to some other timestamp column

I want to take the earliest and latest _time and assign to some other timestamp column. For example, I have a timesta...

by Explorer in

Can a result of one query can be used in multiple timechart ?

I can use a query that display the result in verbose mode with all fields displayed in interesting field area. I woul...

by Explorer in

How to edit my regular expression to extract a field from my sample data?

Hey Fellow Splunkers I'm looking to possibly create a regular expression that can be used to extract a field. The ...

by Path Finder in

How to edit my regular expression to extract a field and trim out strings with more than X characters (except space) from the value?

I have the following events. event 1) [08-09-2016_08:00:40.567_PDT] [ERROR] - [ePdv0XVRu2] [xxx@yyy.com] [] [au...

by Explorer in

How to round a percentage value in a pie chart to 1 decimal place?

Hi, I have the entry below in my dashboard which shows the percent value in pie chart, but defaults to 3 decimal p...

by Path Finder in

Why is my dashboard panel showing different values from the base report?

Hi, I wonder if someone can help me on something. I created a report which runs absolutely fine no matter when I r...

by Explorer in

search adding instead of representing a trend

I'm trying to rectify a search where the chart should represent a Trend but is actually just adding the last active u...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Show bar chart labels in the bar

Fire an alert when count of a particular value in one column is greater than something

Scheduling multiple searches

Concatenating stats results and visualizing as a single value

How to convert values for a time field to find max and average values with stats?

How do I sum similarly named fields from nested JSON?

How do I get my SPLUNK csv excel data to display via a horizontal bar chart?

How to report on how long a field equaled a specific value, and show the result as a percentage of time? (aka true uptime)

Regex match till end of event?

How to edit my search to find if a service is down, then trigger an alert only if the status is still down 1 minute later?

Case insensitive field value results in a count

How to write a query where I can show the success and failure of a status?

Hunk is not filtering files based on timestamp

Assign earliest and latest _time to some other timestamp column

Can a result of one query can be used in multiple timechart ?

How to edit my regular expression to extract a field from my sample data?

How to edit my regular expression to extract a field and trim out strings with more than X characters (except space) from the value?

How to round a percentage value in a pie chart to 1 decimal place?

Why is my dashboard panel showing different values from the base report?

search adding instead of representing a trend

Splunk Lantern | Spotlight on Security: Adoption Motions, War Stories, and More

Splunk Cloud | Empowering Splunk Administrators with Admin Config Service (ACS)

Tech Talk | One Log to Rule Them All

multi-level nested JSON to table?

Matching index field value with lookup field value

extract fields from json-wrapped postfix logs?

How to configure alert when a service is in failed...

how to identify '\n' in Splunk rex