Splunk Search

Discussions

Thread Info

4.3 multiple flashtimeline panels

I have a dashboard that worked fine on 4.2 but no longer renders properly on 4.3. It has multiple flashtimeline panel...

by Engager in

How to remove text from host name in search results?

Hey Splunkers, I have a search that is successfully returning search results as needed, however, I'd like to clean up...

by Contributor in

How to extract fields with empty values at index time?

In our logs, we have the below two lines where we need to extract both empty & values for Dms_Code. Currently we are ...

by New Member in

How to create a report only showing values for 4 fields?

Greetings, I'm trying to create a report that only shows 3 things in a search. I need to be able to not show everythi...

by New Member in

How to remove user info events from Splunk?

Can you please tell us, how to scrub remove events from Splunk indexed data (index="idx" and source="error_log"). We ...

by Builder in

REX with a variable rather than a string

Hi I have a large chunk of raw data from one of my servers and am trying to filter the data down using a multiple ...

by Explorer in

Splunk search goes through 'main' index only

Hi, When I try to search anything through either 'Search & Reporting' or 'Splunk App for Windows Infrastructure' I...

by Explorer in

Help with regex for index time extraction

Can you please help us with the REGEX to extract "varnishnsca" from the log below during the indexing time to assign ...

by Builder in

Getting value from more than one event ago

Hello again, here is my search result: _timeID1ID21.1.093012211.1.09 3012211.1.09 3012721.1.09 3012821.1.09 301...

by Path Finder in

Using REX where unique data is behind the required string

Hi I am quite new to Splunk and REX. I am using the SNMP modular input app to poll one of my servers for multip...

by Explorer in

Help with rex regex to extract a field value for a chart?

I have a search that will return the log entry below. The search is here: < "Authentication succeeded for user [*]...

by Path Finder in

Why realtime dashboard searches continue to run in the background after browser is closed?

I noticed that one particular power user was taking up almost all the realtime searches on 2 of our search heads. The...

by Motivator in

How to search the item name with max number of items sold per hour?

I need the item name and no of items sold based on max(itemSold) per hour TimeItemNo Of ItemsSold5:02xxx55:05yyy25...

by Path Finder in

Is there a code example to add a drilldown for a column chart to display a table?

We are using Splunk 6.0 version and trying to add drilldown to column chart to display table. I searched examples rel...

by Explorer in

How to write regex to capture multiple groups and replace parentheses with periods from DNS Logs?

Stumped on a regex problem and need a hand. Basically, I have DNS logs that come in like this: 8/21/2014 9:32...

by Path Finder in

How to write a search that shows results whenever a particular field does not exist?

hi, I want to create a search that shows results whenever a particular field doesn't exist. I tried isnull but it did...

by Path Finder in

maxresultrows not working for | search ... | stats count

I'm the developer of the R Project app and currently working on issue #13. When executing this... index=_intern...

by Splunk Employee in

How does Splunk handle transactions that span search time boundaries?

How does splunk handle transactions that span search time boundaries? If a transaction starts before a search interva...

by Explorer in

How to filter numeric field with where clause?

So, our application logs duration times of logged method calls as ..dT=XXXms.. and I would like to use this for nice ...

by Explorer in

How to write lookup app file to update to correct location with distributed searches?

I've written a lookup app called TA-browscap_lookup_express. It needs to write data out to a CSV to be re-used on fut...

by Path Finder in

How to use eval min and mvcombine ip for events grouped by two or three other fields?

Hello! How can I, for example, eval min(_time) an mvcombine ip for event grouped by two or three other fields? Thank...

by Communicator in

How to sum a field with a 'by' clause in pivot UI?

index=_internal per_sourcetype_thruput series!=splunkd | eval gb=kb/1024/1024 | timechart span=1d useother=f sum(gb) ...

by Contributor in

What is the difference between chart "over" and "by"?

I know there is a syntax difference between: sourcetype=blah | chart count over foo by bar and sourcetype=blah | char...

by Explorer in

Columns into Rows

I am trying to turn my columns into rows and I have not had any luck with the xyseries command. Here is my search...

by Path Finder in

Question about computations in event types

I was trying to create a tag/eventtype/equivilent for a message length checksum in our logfiles and it seems eventtyp...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

4.3 multiple flashtimeline panels

How to remove text from host name in search results?

How to extract fields with empty values at index time?

How to create a report only showing values for 4 fields?

How to remove user info events from Splunk?

REX with a variable rather than a string

Splunk search goes through 'main' index only

Help with regex for index time extraction

Getting value from more than one event ago

Using REX where unique data is behind the required string

Help with rex regex to extract a field value for a chart?

Why realtime dashboard searches continue to run in the background after browser is closed?

How to search the item name with max number of items sold per hour?

Is there a code example to add a drilldown for a column chart to display a table?

How to write regex to capture multiple groups and replace parentheses with periods from DNS Logs?

How to write a search that shows results whenever a particular field does not exist?

maxresultrows not working for | search ... | stats count

How does Splunk handle transactions that span search time boundaries?

How to filter numeric field with where clause?

How to write lookup app file to update to correct location with distributed searches?

How to use eval min and mvcombine ip for events grouped by two or three other fields?

How to sum a field with a 'by' clause in pivot UI?

What is the difference between chart "over" and "by"?

Columns into Rows

Question about computations in event types

October Community Champions: A Shoutout to Our Contributors!

Community Content Calendar, November Edition

Stay Connected: Your Guide to November Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions