Splunk Search

Discussions

Thread Info

What is the trick to stack column charts in splunk 6?

I have a basic query that generates the following results from splunk(6)'s' main query page (not a panel or anything)...

by Path Finder in

Top results for multiseries data

Hi there, I'm charting multiseries data displayed in stacked columns with the following command: stats dc(...

by New Member in

query using join

Trying to combine two logs . Using this query to get a list of items from user log source="/opt/mysplunk.log" earl...

by Explorer in

How to get top values

Hi, i have a report where i show top 50 404s by uri as shown below. Now i want to get the top referer for each URI in...

by Contributor in

show overall data in table if no option is selected in dropdown

Please suggest how to sow all records in the table if no option or record has been selected in the dropdown. Here is ...

by Builder in

how to find search name based on error in splunkd.log?

I'm getting the following errors in my splunkd.log file a lot; 02-19-2014 10:10:58.232 -0800 WARN FileClassifierM...

by Builder in

how to write dbquery in search

Hi guys, Please help me to write a dbquery in search bar.I have the following dbquery | dbquery "databasename" "sele...

by Builder in

Conditional Filter count results in chart

index=rhwindows sourcetype="WinEventLog:System" Type=Error OR Type=Warning NOT (*PrintSpooler OR *SpoolerWin32SPL) ea...

by Path Finder in

Using join in postprocess takes longer than duplicating the search

Hello I have 3 searchmanagers like so (the actual queries are longer) {% searchmanager id="s1" search="index=ab...

by Engager in

How can I subtract 2 times together/why won't the search string I'm trying work?

So I have seen an answer related to this question on Splunk Answers but the answer that was given is not working for ...

by Communicator in

Finding count of grouped data

How can we find the distinct values inside a grouped values. I use transaction to group data.Now i want to find co...

by Path Finder in

Use field A if B does not exist

Hi, in the past I used a lookup to add the field "price" to my events. Now there will be a new field "price II" in...

by Motivator in

Convert to Timechart

My search string is (host=A AND "ER"=XXW) OR (host=B AND "EMPCODE"=ABC AND ) | stats sum(field)total ,count("user") ...

by Explorer in

Automatically updating dashboard from scheduled search

This must have been asked before, but I am having trouble finding an answer. The scenario is we have a group of se...

by Path Finder in

Assigning arbitrary values to a variable dependent on subsearch

I have a transaction defined where a trade goes through some stages in its lifecycle. Unfortunately, the markers for ...

by Path Finder in

Summary Index and timechart by host

I have created a saved search which runs once an hour and records to a summary index. The search allows me to determi...

by Path Finder in

Not able to find the table when creating ''New Automatic Lookup''

Hi, I'm following below tutorial (section Lookups) http://docs.splunk.com/Documentation/Splunk/latest/Tutorial/**Usef...

by Splunk Employee in

Multi value event merging and breaking

Hi there, I am trying working out a scenario with Splunk and having a hard time on it. I have got a XML which h...

by Path Finder in

Multiple "latest' statements on one table

I am attempting to get the latest status of a port scan for 5 different ports per host into a table. I am trying ...

by Motivator in

How to append search as new row?

Given the following query, how can I append the second query so that the results show up as two rows so I can graph t...

by Path Finder in

how to inform the splunk users of a maintenance in splunk ?

I have to do some maintenances in splunk and want to warn the users that splunk will be down. How to get the list ...

by Communicator in

Error dbconnect Invalid column name

My query in dbconnect DatabaseInput is: SELECT b.modifielddate AS [Modfielddate], a.name, b.amount FROM sales b in...

by Explorer in

License Usage by Host over time

We are using Splunk 6.0.1, and I found a search that generates license usage by host: index=_internal source=*lice...

by Engager in

Not getting by day results for a timechart

I'm banging my head against the wall. Here's my search: host="atlassian-stash*" sourcetype=atlassian source="/opt/...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

What is the trick to stack column charts in splunk 6?

Top results for multiseries data

query using join

How to get top values

show overall data in table if no option is selected in dropdown

how to find search name based on error in splunkd.log?

how to write dbquery in search

Conditional Filter count results in chart

Using join in postprocess takes longer than duplicating the search

How can I subtract 2 times together/why won't the search string I'm trying work?

similar searches using report acceleration

Finding count of grouped data

Use field A if B does not exist

Convert to Timechart

Automatically updating dashboard from scheduled search

Assigning arbitrary values to a variable dependent on subsearch

Summary Index and timechart by host

Not able to find the table when creating ''New Automatic Lookup''

Multi value event merging and breaking

Multiple "latest' statements on one table

How to append search as new row?

how to inform the splunk users of a maintenance in splunk ?

Error dbconnect Invalid column name

License Usage by Host over time

Not getting by day results for a timechart

Strengthen Your Future: A Look Back at Splunk 10 Innovations and .conf25 Highlights!

Now Offering the AI Assistant Usage Dashboard in Cloud Monitoring Console

Stay Connected: Your Guide to October Tech Talks, Office Hours, and Webinars!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions