Splunk Search

Discussions

Thread Info

How can I "paginate" a single very wide row as multiple rows with a new "page break" every 4 columns.

I have no idea how to paginate a tables. Splunk builds rows by default: 1 2 3 4 5 6 7 8 I can convert to a very...

by New Member in

Is this feasible to do in Splunk?

Hello, I am new to Splunk and I am using it for work. What I have is a raw log of data that tells me dates, when scri...

by Communicator in

How to tell if two rows from different tables each are both an equal match?

Hello Splunkitans, If I am given a table of 5000 rows and a second "filter" table of 500 rows, If I were to extrac...

by Explorer in

Searching through "inputlookups" - syntax error?

by Explorer in

How do we edit this search to combine our 2 individually working searches?

Our security analyst is having an issue with his search...and I cannot for the life of me figure out the issue. Am I ...

by Explorer in

Display disk space usage in chart format

I am able to display disk space via the Pie Chart visualization, but I'd like to display w/ a chart, like what's in t...

by Contributor in

How to search a list of URLs and add the response times for URLs with similar patterns?

Hi, I have a Splunk search which gives list of URLs and their corresponding response times like: /webapp/store...

by New Member in

Where do I place my CSV file to use the lookup command for my search?

I have an event as shown below that reports the replication status cn=host2:1636,cn=host1:1389,ibm-replicaGroup=d...

by Communicator in

How to limit the number of bars in a Bar Chart made with Search and Eval?

I have a search that makes a stacked bar chart: tag=authentication user!=NULL | eval myVar=if(tag=="success","succ...

by Path Finder in

Why am I getting "TypeError: e.replace is not a function" using SearchManager with eval in the search?

new SearchManager({ id: "mysearch1", earliest_time: "-24h@h", latest_...

by New Member in

If I have 3 months of data, how do I write a search to return repeating values that appear in all 3 months?

Hi, I have data like below: Day month Signature 10 oct trojan 11 oct abc 12 oct efg 10 nov abc 11 nov efg 11 de...

by SplunkTrust in

How to apply the time modifiers in the subsearch to limit the time range of results returned in the parent search?

Hi! I have log statements containing error messages. This is lacking context information (ie user id). Using the e...

by Path Finder in

Is it possible to run an eval search using a wildcard to pull the date stamp from the source file name?

Hi All, I am new to splunk. Just using this wonderful application for my day to day activity. Below is the search...

by Engager in

How to I extract survey results from an event where question/answer pairs are delimited by "," and key-values are delimited by "|"?

Dear all, I want to extract results from a field, but I'm facing some problems. Could you pls kindly guide me on w...

by Path Finder in

Splunk DB Connect v1 connects to the database successfully but returns no results when I try any query

I have installed Splunk DB Connect v1 App and MySQL driver and configured them with my database details. Looks like c...

by Explorer in

Help with REGEX for data filter

In my transforms.conf I currently have [filter-marimba] REGEX=^(?!\[[^\]]+\]\s+-\s+warning.*) DEST_KEY = queue FOR...

by Path Finder in

How do I find common values from the results of two searches?

Hi all, I have a use case. I have a list of the top viewed products for the last 3 months individually. Now, I wa...

by New Member in

When showing data through table, can't sort in descending order because null > any numerical value

So I am displaying a ton of events with a very long table with tons of fields (input pkt, output pkt, input octet, ou...

by Path Finder in

How to edit my timechart search to show average CPU utilization in 1 minute increments (on chart as well)?

I'm trying to use the following search... index=os sourcetype=cpu host=sp3ctxps01 | multikv fields pctIdle | eva...

by Communicator in

How to accelerate a report and use fillnull or usenull with stats?

Splunk 6.2.2 ... I want to build an accelerated daily report. The search I want to power this daily report is... i...

by Explorer in

display sum value in pie chart

I have used in the past count value in the pie chart. Now I need to display sum value in the chart. How can I do this...

by Contributor in

How to put the result of an additional search into an alert email triggered by the base search?

Hi Is there any way to put the search result of additional search into the alert mail triggered by the base search...

by Explorer in

Why does a join query not return results unless I give specific field values?

Hello, I am noticing the following strange behavior with a join. It is actually not returning results when I use a...

by Communicator in

Google Analytics data into Splunk

I could swear I heard at .conf2013 that there was a Google Analytics app/add-on, but I sure can't seem to find one no...

by Builder in

How to search call data records to find parallel concurrent calls from the same originating telephone number?

I have an index of telephony call data records where each record has an event_start_timestamp, mapped to the event ti...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How can I "paginate" a single very wide row as multiple rows with a new "page break" every 4 columns.

Is this feasible to do in Splunk?

How to tell if two rows from different tables each are both an equal match?

Searching through "inputlookups" - syntax error?

How do we edit this search to combine our 2 individually working searches?

Display disk space usage in chart format

How to search a list of URLs and add the response times for URLs with similar patterns?

Where do I place my CSV file to use the lookup command for my search?

How to limit the number of bars in a Bar Chart made with Search and Eval?

Why am I getting "TypeError: e.replace is not a function" using SearchManager with eval in the search?

If I have 3 months of data, how do I write a search to return repeating values that appear in all 3 months?

How to apply the time modifiers in the subsearch to limit the time range of results returned in the parent search?

Is it possible to run an eval search using a wildcard to pull the date stamp from the source file name?

How to I extract survey results from an event where question/answer pairs are delimited by "," and key-values are delimited by "|"?

Splunk DB Connect v1 connects to the database successfully but returns no results when I try any query

Help with REGEX for data filter

How do I find common values from the results of two searches?

When showing data through table, can't sort in descending order because null > any numerical value

How to edit my timechart search to show average CPU utilization in 1 minute increments (on chart as well)?

How to accelerate a report and use fillnull or usenull with stats?

display sum value in pie chart

How to put the result of an additional search into an alert email triggered by the base search?

Why does a join query not return results unless I give specific field values?

Google Analytics data into Splunk

How to search call data records to find parallel concurrent calls from the same originating telephone number?

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

Update Your SOAR Apps for Python 3.13: What Community Developers Need to Know

October Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions