Splunk Search

Discussions

Thread Info

How to calculate changes over multiple column

I have the following output from my base search: It shows accumulative value for each sampling time for ea...

by Path Finder in

I am trying to show VPN connection times with the time of day

I am trying to show how long someone has been connected to the VPN for the last X days. There is an action field with...

by New Member in

Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"?

Hi folks, It seems that some searches take an inordinately long time. My search is pretty simple: index=McAfee ...

by Communicator in

Changing an app's name on Search Head Cluster

When changing an app's name via the Splunk web interface ('Manage Apps' > 'Edit Properties'), the app's name is only ...

by Engager in

Chart using span logs does not show the columns in range order

Hello, I am trying to chart some response time and wanted to use the log span as: index=myIndex "time_value" | cha...

by New Member in

How to display specific fields in statistics?

References to tutorial http://docs.splunk.com/Documentation/Splunk/6.5.3/SearchTutorial/Searchwithfieldlookups, sour...

by Path Finder in

How to split multiple values in a column and make into row

I have the following search result which has multiple values in a cell: I would like to format the result ...

by Path Finder in

Trying to use subsearch to filter records

Looking at event data to run some eval commands... specifically on records with any "Status" value. Then once I get t...

by Path Finder in

How to generate a search that counts specific strings that occur in _raw data?

I have raw data events that contain the words "Request" or "Response" or "Offer". Each event will contain only one of...

by Path Finder in

Do I need to use the join command to combine three searches (including one search with the transaction command)?

Hi, I'm trying to combine my three searches so I can see which users are logging in from multiple locations at one ti...

by Explorer in

How can I use transaction as a boolean to create a visualization in a timechart?

I'd like to create a visualization showing the connected state of a hand full of clients. We log connected state a...

by Explorer in

Lookup table for matching and non matching counts

I have a lookup table CSV file that has 50 usernames in a single column, and I want to sum the results count of the u...

by Engager in

Lookup table does not append value to event

I have a lookup table as below User IsMember user1 Yes user2 Yes user3 No I save the table as memberlist.csv save ...

by Communicator in

Hunk: Searching two different virtual indexes using OR: should work?

In regular Splunk I can easily search for index=index1 OR index=index2 <search term> | stats count by index T...

by SplunkTrust in

When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"?

I have a simple search of a CSV file pulling back the latest timestamp: source=/opt/apps/splunk/var/run/splunk/csv...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to calculate changes over multiple column

I am trying to show VPN connection times with the time of day

Why search slows down drastically after error "Events may not be returned in sub-second order due to search memory limits"?

Changing an app's name on Search Head Cluster

Chart using span logs does not show the columns in range order

How to display specific fields in statistics?

How to split multiple values in a column and make into row

Trying to use subsearch to filter records

How to generate a search that counts specific strings that occur in _raw data?

Do I need to use the join command to combine three searches (including one search with the transaction command)?

How can I use transaction as a boolean to create a visualization in a timechart?

Lookup table for matching and non matching counts

Lookup table does not append value to event

Hunk: Searching two different virtual indexes using OR: should work?

When I use eval command to assign search to variable, why does it return "Error in 'eval' command: Fields cannot be assigned a boolean result"?

Index This | Why do they call it hyper text?

State of Splunk Careers 2023: Career Resilience and the Continued Value of Splunk

The Great Resilience Quest: 9th Leaderboard Update

Users with the same roles, in the same app, and sa...

auto_generated_pool_download-trial

Automatic lookup during data ingestiont (Splunk cl...

Working with OpenTelemetry Cumulative Histogram Bu...

Better PDF report visualization