Splunk Search

Discussions

Thread Info

Rename stats function in the table header

Hi, I am using the stats function to show the monitored url performance. The table header is displaying the same name...

by Builder in

Counting distinct field values and dislaying count and value together

Hi. Been trying to work this one out for hours... I'm close!!! We are Splunking data such that each Host has a fi...

by Path Finder in

Linked searches

I index 2 log files which have a common ID field in them. I'd like to search against log file 1, get a series of IDs ...

by Path Finder in

search: case --> field doesn't exist

hello, I have a question about a search with case. This is my search: source="Laura_acs" |eval Transac=case(ERR...

by Communicator in

How to create an iterative search

I'm trying to correlate my printer entries along the top printer / user combination line. What I'm looking for in th...

by Path Finder in

Multi-objects performance monitor

Hello, I have a question about how to monitor disk performance, but it requires several related object counters at...

by Contributor in

Event time inconsistency

Hi, I have a stanza below defined in transforms.conf. [wip_fields] DELIMS = "," FIELDS = timestamp,wip,vip St...

by Builder in

Charts not appearing for users other than admin

I have indexed data being displayed in dashboards for which are working well. However, I have created additional user...

by Path Finder in

How to warm data to cold by time

Hi 1 years old data on the local disk will try to move it storage. So I want to warm data to cold by time. (I...

by Communicator in

Chart by month still alphabetical

Still fighting this after looking at many examples. Data looks like this: Kronos,Jun-12,100,Kronos,20120630010101...

by Path Finder in

Similar values of differing length

Folks, We have extracted fields with example values like the below: 9979592435350 9810979592435350 900979592435...

by New Member in

How do I extract 2 timestamps from the same line

I want to chart multiple jobs that start and end at different times by time period. How do I extract the start and en...

by Explorer in

What is the earliest and latest for running a backfill script in realtime?

I want to run a backfill script to create a summary index, I want to do this in realtime! I have tried using the r...

by Builder in

How to do looping search by lookup table

Hi: I am trying to do looping search using lookup tables and map command, however, I cannot get the correct result. ...

by Engager in

Process to extract one field from a large, multi-line eventlog

I am trying to extract the exit_status from a large, multi-line event log (see below example). I need to set the prop...

by Engager in

Does index time field extraction make sense for our situation?

(currently using Splunk 4.3.3 build 128297) I have poked around the docs covering index time field extraction and ...

by Engager in

two queries, same result....

Does the following produce the same results? ... | transaction A B | max C ... | transaction A B eval ceil(C) I...

by Contributor in

How can I integrate splunk with fusionchart ?

Splunk can not show a 3D chart, but Fusionchart can do it. How can I integrate Splunk with Fusionchart ?

by Communicator in

How to highlight only specific term?

Hi, I am trying to highlight only a specific term specified by highlight command like this: index=* man | highl...

by Motivator in

How to remove event option menu?

from my dashboard I want to remove event option menu, How do I remove this? Here is my XML <row> <event> ...

by Builder in

Correlate data

Is it possible to correlate data to come up with a transaction time given this scenario? I want to calculate and char...

by Explorer in

results into a single row table

Hi, I have three search results giving me three different set of results, there are values from each search. I hav...

by Path Finder in

Iterate Through Field Values in Static File

I need to get the most recent event from about 100 different "channels" that are defined in my data. But the only way...

by Explorer in

Using OR with rex commands or combining search results

I need to perform a search that extracts user ids from unformatted log lines where the user id would be extracted by ...

by Contributor in

counting the latest servers

Hi, My log contains entries as shown below: 5:12:08.100 PM | activateServerlocked | tid:2552 | serverID="dev1" ...

by Path Finder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Rename stats function in the table header

Counting distinct field values and dislaying count and value together

Linked searches

search: case --> field doesn't exist

How to create an iterative search

Multi-objects performance monitor

Event time inconsistency

Charts not appearing for users other than admin

How to warm data to cold by time

Chart by month still alphabetical

Similar values of differing length

How do I extract 2 timestamps from the same line

What is the earliest and latest for running a backfill script in realtime?

How to do looping search by lookup table

Process to extract one field from a large, multi-line eventlog

Does index time field extraction make sense for our situation?

two queries, same result....

How can I integrate splunk with fusionchart ?

How to highlight only specific term?

How to remove event option menu?

Correlate data

results into a single row table

Iterate Through Field Values in Static File

Using OR with rex commands or combining search results

counting the latest servers

Observe and Secure All Apps with Splunk

Splunk Decoded: Business Transactions vs Business IQ

Fastest way to demo Observability

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions