Splunk Search

Discussions

Thread Info

Sum of a multivalue field inside a row

Sum of a multivalue field inside a row Hi below is how my processed data look like And the expected outpu...

by Explorer in

Avg of past data vs current product data.

I have product family pens, we release a new pen named blue. I want to compare avg sales of pens in past 24hrs with s...

by Contributor in

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

I have a lookup table that has information such as resourcesavailablequeuea=1000 resourcesavailablequeueb=23 resou...

by Contributor in

Fix table header and add vertical scrollbar using CSS and JavaScript

Hi All, I want to display 100 rows results in table per page with vertical scrollbar and fix the header when we mo...

by Super Champion in

Display the top 5 line chart field values

I'm having some trouble with getting the top 5 line values on a line chart. My current search is below index=db s...

by Explorer in

Column width adjustable table

Morning all, Im sure this may have been answered in the past, but is there away to have a table in splunk that you...

by Path Finder in

How to create a sub-search that looks for events 10 mins earlier

index=windows sourctype=bla EventCode=g host=abc user=cvb NOT [ search index=email |table _time,host |fields _time, ...

by Engager in

KV_Mode against Constant value host fields

I have a new data source that extracts quite well using KVmode = auto (or KVMode=json). The data itself is a simp...

by New Member in

Field extraction

I have field in my raw events src = https://www.abcd.com/shop/buy-laptop/dell-200 src= https://www.abcd.com/shop/...

by Contributor in

How to alert when a deviation has been detected in volume between two time periods?

I currently use the following query to compare volume counts between current day and a week ago: sourcetype=abc in...

by New Member in

How to create new field combined from existing fields

Hi I have such a table in which is described the proces of any TestMachine: A B C D TestStart TestStatus TestDuration...

by Communicator in

How to combine two searches into one table using count twice

I have two searches, one getting the current connections and the other getting an average. I'm trying to grab the fie...

by Explorer in

How to get the row text from inputlookup in a variable for email alert

HI! I am using a CSV file to catch some alerts, and that part works fine, I catch all my alerts. index="main" ...

by Engager in

Comparing appVersions over time

Hi, I am trying to compare my latest app vs all the other app Version to evaluate adoption rate. I would like to disp...

by New Member in

Is it possible to use EVAL field in sendemail with DBXQUERY search?

I am needing to pass a custom date to the sendemail subject line and I know it is possible using a standard Splunk se...

by Explorer in

How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf

Hi. Can you help me, please, to optimize the regular expression. The problem is, when I search in longer time, I rece...

by Communicator in

There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior?

Rather than use 3rd party websites, we'd like to use Splunk to geolocate an address that may not yet be indexed. Simi...

by Explorer in

Splunk Search

Discussions

Sum of a multivalue field inside a row

Avg of past data vs current product data.

Lookup table of key=value limits with a random assignment of key=value fields indicating consumption with different field names

Fix table header and add vertical scrollbar using CSS and JavaScript

Display the top 5 line chart field values

Column width adjustable table

How to create a sub-search that looks for events 10 mins earlier

KV_Mode against Constant value host fields

Field extraction

How to alert when a deviation has been detected in volume between two time periods?

How to create new field combined from existing fields

How to combine two searches into one table using count twice

How to get the row text from inputlookup in a variable for email alert

Comparing appVersions over time

Is it possible to use EVAL field in sendemail with DBXQUERY search?

How to optimize rex to avoid the error message: Error in 'rex' command: regex= has exceeded configured match_limit, consider raising the value in limits.conf

Per day and Per second results not matching up.

Multiple fields in one chart

How do i find out if a field contains part of another field?

There are sites that provide geolocation of IPs. Is there a way to create a Splunk form for this function? Does the ip address in question need to be indexed somewhere prior?

Getting authentication error when session login fa...

wql query not returning any events [WMI:Services]

How to color a panel if the result is not equal a ...

Generate timechart with normalized/rescaled data p...

mvexpand issues and alternative needed