Splunk Search

Discussions

Thread Info

Why would a search from a datamodel take longer than same search against raw ?

I performed this search: | datamodel Authentication Autherntication search | search Authentication.src=xxx.yyy.com...

by Splunk Employee in

Dual Histogram

I am trying to create a histogram with two data sets that share the x-axis. I can do it for each data set but can not...

by Path Finder in

How to get two form inputs to run separate searches, each with their own submit button in a Simple XML dashboard?

I'm trying to get 2 separate searches to work on a simple xml dashboard. I would like to have 2 input boxes and 2 sea...

by Path Finder in

Return adjacent entries until a specific string is found?

This is a rather complex question, at least for me, so please bear with me. In one of our custom logs, when an err...

by Explorer in

How to pass the date and time result from an inner search to the outer search?

Hi, My inner search returns the date and time (for eg 06-22-2015-23). I want to use this time in my outer search ...

by New Member in

How to change the time range for a subsearch?

Hi, I am creating a search that will take date range from datetime field that I have created above. However, insi...

by Communicator in

How to find the location of a cell in a row

How can I find the location of a cell in row? I'm using javascript like: var CustomRangeRenderer = TableView.Ba...

by Explorer in

Alert to search greater than 30 days

Hi there, I'm looking to create an alert that searches for entries 30 days greater than today. So basically, if I ...

by New Member in

Using multiple REGEX in a single search

Hi, I want to use multiple REGEX in OR condition in a single search. For Ex: REGEX 1: "VDL2PortPropSet.* : Fail...

by Path Finder in

How to iterate over a row of results returned by stats command?

I have log file in which each log has a conversationId field and a transactionId field. The logs are of various machi...

by Engager in

Limited results when running searches via REST API

Hi, I am trying to run a search and get the results back via REST API using python. The way i am trying to get the...

by Path Finder in

Can't generate Tableau extract - error "internal error starextracttuplesource has wrong number of bindings for number of input columns"

I'm having trouble using Tableau to extract data for a Tableau report. I can connect to the saved-search fine by conn...

by Explorer in

Is there a solution to handle a field name in my data that overlaps with the default "source" field name?

My raw data includes a field "source=SoftwareSubsystemFoo", a name which overlaps the default 'source' field. In the ...

by Path Finder in

Using subsearch to parameterize outer search.

I have a subsearch that calculates a field call 'MyLatestTime' and I want to use that to set the latest field in my o...

by Path Finder in

Correlating events across multiple sources and multiple keys

Hi, I'm after some advice on the best way to create a search for the following scenario. I have 3 data sources,...

by Explorer in

How to extract more complex statistics from my sample log file?

I have a log file with the following content: 2015-05-02 17:07 - :Search time taken | '16,414ms' |, Search count r...

by New Member in

Splunk DB Connect 1: Where do I put the token name in a dbquery search string for a chart drilldown?

Hi, I'm using Splunk 6.2.3 and DB Connect 1. I have connected to an Oracle database. I have applied an input drill...

by Explorer in

Why does using a time modifier in a search give a different output than selecting the time from the GUI?

Hi All , I have running a search to grab events for the last 1 hour. so in my search i am using earliest=-1h@h. It...

by Path Finder in

How can I dedup one part of a combined search?

Hi, How can I dedup one input to a combined search? e.g; index=dataA OR index=dataB | dedup <some field only...

by Explorer in

Color individual table cell based on value of other table cell

I have a table with different columns like: C1 C2 C3 C1Code C2Code C3Code I would like to color the cell in a colu...

by Explorer in

Table results - change color of an entire column

Is there a way to set the font color for one column in a table? For example I have multiple calculated columns for mi...

by Path Finder in

how to make Java bridge server status is running.?

Hi Splunkers, I have installed java 1.8 and splunk 6.2.3 and splunk DB Connect app is 1.2 I have setup the environ...

by Contributor in

How to create a table based on field extraction

Hi, I have few field extraction created in my Splunk App. For Ex: firewall_dst firewall_username firewall_opera...

by Path Finder in

How to subtract 2 column values and create a new column with the result in a chart?

Hello, I have a chart I am trying to create that splits data based on another field. IE: .... | stats count by...

by Engager in

Capitalize the first character of a string value using eval or field format?

How can I capitalize the first character of some string values using one of the eval or fieldformat operators?

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why would a search from a datamodel take longer than same search against raw ?

Dual Histogram

How to get two form inputs to run separate searches, each with their own submit button in a Simple XML dashboard?

Return adjacent entries until a specific string is found?

How to pass the date and time result from an inner search to the outer search?

How to change the time range for a subsearch?

How to find the location of a cell in a row

Alert to search greater than 30 days

Using multiple REGEX in a single search

How to iterate over a row of results returned by stats command?

Limited results when running searches via REST API

Can't generate Tableau extract - error "internal error starextracttuplesource has wrong number of bindings for number of input columns"

Is there a solution to handle a field name in my data that overlaps with the default "source" field name?

Using subsearch to parameterize outer search.

Correlating events across multiple sources and multiple keys

How to extract more complex statistics from my sample log file?

Splunk DB Connect 1: Where do I put the token name in a dbquery search string for a chart drilldown?

Why does using a time modifier in a search give a different output than selecting the time from the GUI?

How can I dedup one part of a combined search?

Color individual table cell based on value of other table cell

Table results - change color of an entire column

how to make Java bridge server status is running.?

How to create a table based on field extraction

How to subtract 2 column values and create a new column with the result in a chart?

Capitalize the first character of a string value using eval or field format?

Splunk Enterprise Security 8.x: The Essential Upgrade for Threat Detection, ...

Get Early Access to AI Playbook Authoring: Apply for the Alpha Private Preview ...

Reduce and Transform Your Firewall Data with Splunk Data Management

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions