Splunk Search

Discussions

Thread Info

How to suppress extra _time line on timechart in dashboard

I have a search that creates a timechart. I do not specify a time range. When I run the search I get the results I ex...

by Explorer in

How to add a row to a stats chart to display the total number of events with a unique ID?

This is probably simple. I am trying to add a row to stats/chart which displays the total number of events with a uni...

by Path Finder in

Why am I always getting an error when finishing an extraction of new fields using the Field Extractor utility in Splunk 6.2?

In version 6.2 adding new fields via the wizard always results in this error: In handler 'props-extract': Argument 'v...

by New Member in

How to group/count assets based on part of ip or hostname

Hi, Is there a way in Splunk to do a stat count based on part of the fields result? We have multiple data cent...

by Builder in

How to plot a timechart from a stats search output with span=1m?

After doing transaction, removing unique row and finally applying | stats list(score) as score, list(Id) as Id by...

by Path Finder in

Compare field in search

I have a folder which stores .txt files. I need to compare the data that is inside the files. Not only accumulate the...

by Explorer in

How can I update the metadata ?

Hello, I deleted the redundant logs from an index with "delete" command. Now, I would like to update the metadata inf...

by New Member in

What is the most efficient approach to identify the earliest event for each field-value pair?

I am looking to identify the earliest event for each field-value pair. For example, given a list of usernames from AD...

by Motivator in

Why is searchPostProcess is not showing any data on the dashboard?

Hi, I have created a dashboard in which I have added a timepicker and I have opened a drop-down menu which defines...

by Contributor in

How to remove unique rows from a table? Is there a command opposite to dedup?

From my search and transaction command I get the following table. To further process my results, I want to remove the...

by Path Finder in

How to add a search text field input and index drop-down list to the top of a dashboard in simple XML?

How can I easily add a "search bar" to the top of my own dashboards? Trying to add a quick and convenient way for les...

by Super Champion in

How to write a search to return events with a variable field value greater than a certain number?

Hi, I've this log entry: "2014-11-22 02:42:10,545 .. - average:2.74425 , min:1.43 , max:4.007..." i want to ...

by Path Finder in

How to extract language field

Converted from http://answers.splunk.com/answers/193524/how-to-write-a-search-to-return-events-with-a-vari.html Hi...

by SplunkTrust in

How to dynamically set earliest time to the first instance of a particular event for a timechart?

I want to dynamically set the earliest time to the first instance of a particular event. Is there a way to do that? ...

by Explorer in

How can I edit my regex to exclude the words "query" and "in" from a string?

I'm trying to exclude the word query and in from my string to create a new field called query. I'm not having any luc...

by Path Finder in

What's the best way to extract key value pairs from the following log?

Hello Experts, I am trying to extract key-value pairs from the following. Here's the sample log. I have tried usin...

by Motivator in

How much I/O is used for indexing and searching in a clustered environment? What resources are there for guidance?

Hi Splunkers, I'm considering about splunk clustering in VM env, 1 Search Head, 3 Search Peers, 1 Cluster Master. ...

by Contributor in

Find a distinct count using a priority system.

:: my search :: | stats count dc(player) by result Let’s say the result field has two possible values, Win and L...

by Communicator in

Create a lookup with search queries and have another search search those queries

Is there a way i can have a search look at a lookup that has predefined search queries in each row and then run a sea...

by Contributor in

Filter out outliers in stats command

So I am trying to filter out outliers using the 3 sigma rule across some transactions. My search is as follows: bl...

by Path Finder in

Cumulative count of new users over all time (or custom range)

I have a field "LYC_USERNAME" that shows up in our logs. In order to determine the total number of distinct users of ...

by Explorer in

How to overlay 2 searches to generate linechart and area chart?

Using 6.1, I would like to create a horizontal line with area chart. I have read so many examples and my search comma...

by Path Finder in

Is there a way to get my saved search to sort the resulting table properly when run on my dashboard?

I am using a search cloned from the SoS app. I modified it to sort in the search itself. Though the search does run o...

by Path Finder in

How do I change the color of a pie graphic for each unique value?

I have a Risk field with this possible values (Critical, High, Medium, Low) and I want to be red when critical, high ...

by Path Finder in

Is there a guide or map to understand Splunk's internal indexes and their log content?

Does there exist some sort of map or guide to understanding Splunk's internal indexes (_internal, _audit, _introspect...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to suppress extra _time line on timechart in dashboard

How to add a row to a stats chart to display the total number of events with a unique ID?

Why am I always getting an error when finishing an extraction of new fields using the Field Extractor utility in Splunk 6.2?

How to group/count assets based on part of ip or hostname

How to plot a timechart from a stats search output with span=1m?

Compare field in search

How can I update the metadata ?

What is the most efficient approach to identify the earliest event for each field-value pair?

Why is searchPostProcess is not showing any data on the dashboard?

How to remove unique rows from a table? Is there a command opposite to dedup?

How to add a search text field input and index drop-down list to the top of a dashboard in simple XML?

How to write a search to return events with a variable field value greater than a certain number?

How to extract language field

How to dynamically set earliest time to the first instance of a particular event for a timechart?

How can I edit my regex to exclude the words "query" and "in" from a string?

What's the best way to extract key value pairs from the following log?

How much I/O is used for indexing and searching in a clustered environment? What resources are there for guidance?

Find a distinct count using a priority system.

Create a lookup with search queries and have another search search those queries

Filter out outliers in stats command

Cumulative count of new users over all time (or custom range)

How to overlay 2 searches to generate linechart and area chart?

Is there a way to get my saved search to sort the resulting table properly when run on my dashboard?

How do I change the color of a pie graphic for each unique value?

Is there a guide or map to understand Splunk's internal indexes and their log content?

The Payment Operations Wake-Up Call: Why Financial Institutions Can't Afford ...

Make Your Case: A Ready-to-Send Letter for Getting Approval to Attend .conf25

Community Spotlight: A Splunk Expert's Journey

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions