Splunk Search

Discussions

Thread Info

How to accelerate a report and use fillnull or usenull with stats?

Splunk 6.2.2 ... I want to build an accelerated daily report. The search I want to power this daily report is... i...

by Explorer in

display sum value in pie chart

I have used in the past count value in the pie chart. Now I need to display sum value in the chart. How can I do this...

by Contributor in

How to put the result of an additional search into an alert email triggered by the base search?

Hi Is there any way to put the search result of additional search into the alert mail triggered by the base search...

by Explorer in

Why does a join query not return results unless I give specific field values?

Hello, I am noticing the following strange behavior with a join. It is actually not returning results when I use a...

by Communicator in

Google Analytics data into Splunk

I could swear I heard at .conf2013 that there was a Google Analytics app/add-on, but I sure can't seem to find one no...

by Builder in

How to search call data records to find parallel concurrent calls from the same originating telephone number?

I have an index of telephony call data records where each record has an event_start_timestamp, mapped to the event ti...

by Path Finder in

Why does "search host!=ComputerName" return all results?

I'm looking for Splunk Universal Forwarders that have a different name registered other than the actual host name. Th...

by Explorer in

How to add "point-in-time" annotations to a chart?

I'd like to "annotate" a graph which shows performance over time with what points the releases have been at. I see...

by Explorer in

How do I write a search that outputs a table where each Computer_Name has 3+ variables and their counts

So I am trying to output audit failures in a readable manner while displaying relevant data. I am trying to output th...

by Path Finder in

Nested "Where" Commands - Error: The expression is malformed

I'm trying to filter the results of a search based on the results of a (pretty complex) subsearch using the where com...

by Path Finder in

How do I edit my if else search for comparing two values?

I have a field Name and a field ID. So a person named Adam has an ID 1. The next time Adam is renamed Rob, but ID rem...

by Communicator in

How to display a chart with values and also a timechart below that?

I'm trying to show a chart and need to show the actual values. At the same time I would like to display a linear time...

by Path Finder in

How to write a conditional timechart search that will not count more than 1 event per day?

I'd like an efficient search that will return either "Yes" or "No" for a timechart per day. I would imagine a limitin...

by New Member in

How handle time-based join with streamstats

I have 2 sets of events, 1 for registration events, and 1 for host state events. There is a common field between the ...

by New Member in

How to apply a regex filter to my pivot?

http://docs.splunk.com/Documentation/Splunk/6.2.3/SearchReference/Pivot#Filter_element According to this, there is...

by Communicator in

Why are Interesting Fields not yielding complete values in the search result?

Hi, When a blank space is introduced in values, the search results are not yielding complete values. Please see de...

by Explorer in

How to combine two fields, but add quotations marks around one of the fields prior to combining?

Hello folks, I am trying to combine two fields by string; however, I need to put quotation marks around one of the...

by Explorer in

How do I edit the regex in my search to extract a part of a string?

by New Member in

How to split a string into multiple fields using whitespace as delimiter

Hi, I have a field called "details" with the following value: details GAP 16 GAP PLI 31 ...

by New Member in

Why is my rex search not extracting the field from my event?

Dear all, I want to extract a field from the event, and name it retail, and then use this new field to make a calc...

by Path Finder in

How to make the search dynamic - continuation of "How to use rex and sed to insert '-' and ':' in the result?"

I have different environments. In each environment logs are located in different path. e.g.: C:\Program Files\Splunk....

by Explorer in

How to parse and extract unstructured .log file data in Splunk?

04/07/15 23:55:01 Device: a b c d e f g h i j k 1ppd 0.00...

by Explorer in

When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?

When we create a statistical table using table command , is there a way to disable sorting of data on click of table ...

by Communicator in

How to search a lookup table to find any IP addresses that match the IPs in my firewall events?

I have a lookup table called - c2cisp.csv. the definition is called c2cisp. The table has a field name ip. It contain...

by Explorer in

How do I get results from Splunk searchmanager JavaScript into Google JavaScript API to draw charts?

How to get data results from a searchmanager javascript into google jsapi to draw charts? All My Searches and Post...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to accelerate a report and use fillnull or usenull with stats?

display sum value in pie chart

How to put the result of an additional search into an alert email triggered by the base search?

Why does a join query not return results unless I give specific field values?

Google Analytics data into Splunk

How to search call data records to find parallel concurrent calls from the same originating telephone number?

Why does "search host!=ComputerName" return all results?

How to add "point-in-time" annotations to a chart?

How do I write a search that outputs a table where each Computer_Name has 3+ variables and their counts

Nested "Where" Commands - Error: The expression is malformed

How do I edit my if else search for comparing two values?

How to display a chart with values and also a timechart below that?

How to write a conditional timechart search that will not count more than 1 event per day?

How handle time-based join with streamstats

How to apply a regex filter to my pivot?

Why are Interesting Fields not yielding complete values in the search result?

How to combine two fields, but add quotations marks around one of the fields prior to combining?

How do I edit the regex in my search to extract a part of a string?

How to split a string into multiple fields using whitespace as delimiter

Why is my rex search not extracting the field from my event?

How to make the search dynamic - continuation of "How to use rex and sed to insert '-' and ':' in the result?"

How to parse and extract unstructured .log file data in Splunk?

When creating a statistical table using the table command, is there a way to disable sorting of data on click of table column headers?

How to search a lookup table to find any IP addresses that match the IPs in my firewall events?

How do I get results from Splunk searchmanager JavaScript into Google JavaScript API to draw charts?

Can’t make it to .conf25? Join us online!

Level Up Your .conf25: Splunk Arcade Comes to Boston

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!