Splunk Search

Discussions

Thread Info

lookup matching only first record

i have a lookup file as per below: fail_reasons "reason 1" "reason 2" "reason 3" "reason 4" The lookup is n...

by New Member in

Search query for a report to match 3 fields

I am trying to create a report where same engineer has escalated a ticket and resolved it. Like Ticket 13440211 was e...

by Explorer in

How to create regex for line breaking my data?

Please help me to create regex for following type of data: Id = 159275791 Id = 159275792 Id = 159275793 I...

by Communicator in

How to apply a field lookup to any field name match in all sourcetypes

Hi, we have a series of indexes, storing different data structures (each with its own sourcetype) that have in the...

by Explorer in

Custom field for numbering/naming - requires loop ?

Hi Good day Splunkers, I was stuck on this simple problem. I want to make a field for my numbering/naming. I beli...

by Communicator in

RegEx extract multiple values per field

Hello, I am right now trying to reed Lotus Notes (to be coorect: Domincos console.log-file) Events. One of my proble...

by Path Finder in

Chart by X but sort by Y

I have a chart that shows the count of users of my app by the version of the app that they're using. It works great. ...

by Engager in

is there any way to make the GRID lines more bold in splunk charts

Is there any way to make the GRID lines more bold in splunk charts. Using Splunk 6.1.2

by Explorer in

6.0.3 Chart Legends Truncated Unnecessarily

Note there is plenty of room to expand the hostnames (they are only 5 characters each). In 6.0, they showed correctly...

by Influencer in

Simple xml charting-Does it support flashchart configurations????

Hi According to following splunk documentation if we use any configuration which is not supported by jschart, splu...

by Communicator in

Create Table Group Results

I have the following data: ...

by Path Finder in

how to use count(eval(httpstatus="2")) as success count(eval(httpstatus!="2")) as failed in search query

Hi All, how to use count(eval(httpstatus="2*")) as success count(eval(httpstatus!="2*")) as failed in search query

by Path Finder in

How to merge 3 timecharts into one?

Hi, I have three slightly different queries on the same data set. (1) general_attribute="foo" special_attribut...

by Explorer in

reg flowchart/org charts in splunk

Hi, Is there any options in splunk for creating org charts, process flow charts with drill down options in splunk?...

by Path Finder in

How do I display some major xaxis labels when minor labels wont fit?

I'm trying to plot a distribution of events as a column graph. The code is below: eval time_sec = round(t/1000) | ...

by Explorer in

Filtering results by count on one item

What I am trying to accomplish. Search for three items X Y and Z . Count the total number of events for each X Y Z . ...

by Explorer in

Splunk DB connect multiple Db join

Hi, Can Splunk DB connect (dbquery command) be used to join multiple databases? It tends to table 1 particular dat...

by Explorer in

How to extract host field values with regex?

Hello Experts, I am trying to extract hosts from the following in 2 ways 15 21:26:18 cmflouxy005.sample.xy.com sto...

by Motivator in

Multiple source types in one search

Hi Team, I have following scenario source type :A contains Account Number Source type :B Contains Account ID & ...

by Explorer in

How to query multiple conditions when the field name has a space

I need to run a query on the following lines: index=i source=s earliest=-7W@W latest=@W | timechart span=1w count ...

by Explorer in

how to perform JOIN with STATS

Hi I am having two indexes INDEX_A with following fields : name,packets,sourceip and INDEX_B has following fields : ...

by New Member in

Duplicate nested KV's

Resource_list_select=ncpus=24:mpiprocs=2:node_class=n24.48+7:ncpus=24:mpiprocs=1:node_class=n24.48 Every once in a...

by Contributor in

How do you search on a form token that has a value enclosed in double quotes?

Hello. I know variants of this question have been asked before, but I haven't found a solution for my specific case. ...

by Builder in

How to extract data into a data model attribute regex?

I'm trying to extract data into a Data Model Attribute Regex. The data I'm trying to extract from the events get logg...

by Explorer in

Not Reading Dropdown Form Tokens

I'm trying to use two dropdowns, one to select a fiscal quarter and one to select the fiscal year. These are both bas...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

lookup matching only first record

Search query for a report to match 3 fields

How to create regex for line breaking my data?

How to apply a field lookup to any field name match in all sourcetypes

Custom field for numbering/naming - requires loop ?

RegEx extract multiple values per field

Chart by X but sort by Y

is there any way to make the GRID lines more bold in splunk charts

6.0.3 Chart Legends Truncated Unnecessarily

Simple xml charting-Does it support flashchart configurations????

Create Table Group Results

how to use count(eval(httpstatus="2")) as success count(eval(httpstatus!="2")) as failed in search query

How to merge 3 timecharts into one?

reg flowchart/org charts in splunk

How do I display some major xaxis labels when minor labels wont fit?

Filtering results by count on one item

Splunk DB connect multiple Db join

How to extract host field values with regex?

Multiple source types in one search

How to query multiple conditions when the field name has a space

how to perform JOIN with STATS

Duplicate nested KV's

How do you search on a form token that has a value enclosed in double quotes?

How to extract data into a data model attribute regex?

Not Reading Dropdown Form Tokens

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

Alert Triggered Action: Dashboard Studio Snapshot

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions