Splunk Search

Discussions

Thread Info

Count a field value for one field, but not for another in Stats

Hello All, I am running a report that uses multiple stats commands to achieve the final output, in this report I h...

by Path Finder in

Field extraction showing up for different sourcetype

Hello. I used the Splunk field extractor to get a field from sourcetype=sourcetype_a For some reason, when I search s...

by Explorer in

Why is KV_MODE=xml not working in my distributed environment?

Hi, i'm using a distributed splunk setup (search head with several indexers) with version 6.1.3. I'm having proble...

by Path Finder in

How to restrict User access to search from dashboard?

I have a dashboard which uses internal index and I made it available for role "user". I couldn't get the dashboard ru...

by Explorer in

Security Key in server.conf

what is the diff between the security key in the clustering stanza and the key in the general stanza in server.conf ?...

by Builder in

Regex Help

Hi, Struggling yet again with another regex. The sample string looks like the following: .........,"errorCode":...

by Communicator in

Can we find the events which are not matched by Lookup table?

I have a lookup table with which I am categorizing the Error Messages received from a particulat Sourcetype "error". ...

by Path Finder in

How to make search faster

Hello, below is my search . Since i am using join , search is slow . Can i please know if there is a way to incre...

by Path Finder in

How to count success/fail event and group them by another field

Hello everyone! My data have this form I'm trying to make table in splunk, that will aggregate data to nex...

by Explorer in

Stacked100 with Bar total value

Ciao, i'd like to apply some enhancements to a stacked100 barchart i created. In particular I'd like to modif...

by Path Finder in

How to extract the last string order a table around it ?

40.118.209.1 0x735870x1 GG46989 [21/Dec/2014:00:00:00 -0500] "GET /rest/jphutenxporter/1.0/outputformatconfig/outputf...

by Contributor in

query to grab the metadata of the host entered by the user

Hello, Can someone please help me to build a query that will display hostname , IP address , last reported by the ...

by Path Finder in

How to display respective entries from two different logs based on a common extracted field value?

Hi All, I have two different sources of log and want to display respective entries from each source based on a extra...

by Engager in

what is meaning of communication protocols in spunk

by Explorer in

How to count daily events with specific time?

Hi guys, I need to count number of events daily starting from 9 am to 12 midnight. Currently I have "earliest=@d+9...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Count a field value for one field, but not for another in Stats

Field extraction showing up for different sourcetype

Why is KV_MODE=xml not working in my distributed environment?

How to restrict User access to search from dashboard?

Security Key in server.conf

Regex Help

Can we find the events which are not matched by Lookup table?

How to make search faster

How to count success/fail event and group them by another field

Stacked100 with Bar total value

How to extract the last string order a table around it ?

query to grab the metadata of the host entered by the user

How to display respective entries from two different logs based on a common extracted field value?

what is meaning of communication protocols in spunk

How to count daily events with specific time?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to return unique values with highest count, an...

Help with report creation please

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...