Splunk Search

Ask a Question

Discussions

Thread Info

How do I get a correct count using AND/OR statement

The following produces a count of 0 for "Other": |stats count AS Contacts, count(eval((in_value=1 AND durati...

by Engager in

Table Command: Customization?

Hello All, I am wondering if anyone knows if Splunk, or a splunk app can accomplish customizing your table. F...

by Path Finder in

how to indentify \| character in SPLUNK

Hi, I have a file which contains few fields which are '|' separated, Now I have certain values in file which looks...

by Contributor in

can i replace the _raw data with my own data ??

HI.. can i replace the _raw data value with my default data value only for the display purpose only ??

by Motivator in

Search for top results

| eval totalCount = cCounter + lCounter | eventstats max(totalCount) as maxTotal | table id, time, message, c...

by Explorer in

combine results from OR on each result

Sorry for the weird title, but I couldn't figure out how else to reword it. I have the following example data from...

by Engager in

Help with eval (if)

I need some assistance with the eval (if) function. I have a CSV file that has been indexed with 100 records. In that...

by Communicator in

can we display the S.no field along with my table command ?

Hi.. is it possible a field called SNO along with my search search results , which will old the serial no of event...

by Motivator in

What is wrong with this curl command and what does this output mean?

All URLs and such have been modified for privacy. Can anyone tell me what is happening here? I'm trying to search ...

by Path Finder in

Error in "sort" command

I have a search in which I am sorting my data based on "Location" field: my search | sort Location + desc My re...

by Contributor in

A Regex to display the Current Date/Time

I want to write a Blacklist regex inputs.conf to ignore the latest log file based on the date compared to the current...

by Builder in

timechart average of a sum

I have a row for each host in my source data. I want to sum the values of two fields for all hosts and display on a c...

by Explorer in

Regex for fields that may or not be filled?

Hey Guys, tricky one I came across. I have to find and match on fields that may not be present. So far I have this to...

by Contributor in

Multiple top results against IP address

Alright this may seem like a trivial question for some of you Splunkers. I'm new at this: I'm trying to get the re...

by Path Finder in

Eval is failing to set field values?

I'm sure I'm missing something simple, but I suddenly can't get the eval command to work. Simplest case, the followin...

by Path Finder in

Error While using "append" command

Hi, I am getting the following error which using "append" command : Encountered an error while reading file 'C:\Pr...

by Contributor in

How to calculate the number of events which crossed the threshold limit.

hello I am trying to create a 24hour chart with the number of times the threshold has been exceeded in the number ...

by Motivator in

how to convert a single field into multivalued field

My currrent ouput is now: file name keyword project_plan_project.doc ...

by New Member in

can i use the or condition in lookups ??

Hi.. My Keyword , value ABC A ABC B ABC C XYZ D These are the values that i have in lookup table..for the valu...

by Motivator in

Date format

I am having an issue with outputting a Date/Time stamp. Here is the scenario: Indexing a CSV file containing a fie...

by Communicator in

Not able to create a 24hour chart with the table.

Hello I am trying to do a 24hr and 31 days chart for the threshold value which will be as a output of this table....

by Motivator in

Why cant I chart over multiple fields?

I would imagine it could return multivalue fields, but there could be advantages to being able to chart sum(foo) over...

by Path Finder in

Export results of timechart into CSV or other format

I've created a search that counts each value of "nlist" in a particular timeframe: nodelist | rex field=_raw "node...

by Communicator in

extract fields in log4j files

Hi, I want to make a timechart of the different errors in my application. To do this I need a fieldextractions. ...

by Path Finder in

Perfmon on Exchange App is not working: What does "unable to add counter" mean?

We have an environment with 4 Exchange Servers 2010 (2x CAS/HUB and 2x MBX), one each server we have installed splunk...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How do I get a correct count using AND/OR statement

Table Command: Customization?

how to indentify \| character in SPLUNK

can i replace the _raw data with my own data ??

Search for top results

combine results from OR on each result

Help with eval (if)

can we display the S.no field along with my table command ?

What is wrong with this curl command and what does this output mean?

Error in "sort" command

A Regex to display the Current Date/Time

timechart average of a sum

Regex for fields that may or not be filled?

Multiple top results against IP address

Eval is failing to set field values?

Error While using "append" command

How to calculate the number of events which crossed the threshold limit.

how to convert a single field into multivalued field

can i use the or condition in lookups ??

Date format

Not able to create a 24hour chart with the table.

Why cant I chart over multiple fields?

Export results of timechart into CSV or other format

extract fields in log4j files

Perfmon on Exchange App is not working: What does "unable to add counter" mean?

Can’t make it to .conf25? Join us online!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Unlock What’s Next: The Splunk Cloud Platform at .conf25

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!