Splunk Search

Ask a Question

Discussions

Thread Info

Search using join returning incoherent results

Hello, I am getting different results running the same search over the same interval of time. The search is: so...

by Explorer in

New index mapped to Hdfs data input does not result -only main index shows data

Hi Folks, Sorry for a basic question, I am a newbie. I have successfully installed and configured Hadoop Connec...

by Explorer in

what happens with Duplicate GUID's

hi, I want know what happens if hosts have duplicate GUID's because i my environment , i have 100 forwarders havin...

by Path Finder in

Upgrading apps in a clustered environment

When upgrading an app in a clustered environment (in this case the netflow analytics) - can I just update the folders...

by Builder in

How to run search only for shown panels?

Hi, i have a dashboard with several panels. i have used the "depends" option for every panel to see only those tha...

by Path Finder in

timechart where field name and value are both in event data

I have a database query that runs every 5 minutes. It brings back queue names and the counts of those queues. I would...

by Motivator in

Grab max value and associated value

I have a stats table of max hits by API for a given time period. index="ml_summary" report=api_stats earliest=-1w@...

by Communicator in

Combining Row Results Into Columns

Here is my search: | dbinspect index=netflow | stats sum(sizeOnDiskMB) as StateSize by state, splunk_server | eval...

by Builder in

Hi all,I'm pretty new to splunk and having my hands on it. My question is what query is used to get the data of specifuic user.

Hi all,I'm pretty new to splunk and having my hands on it. My question is , I have a index=sftp and user as some xyz....

by New Member in

Why are data model metrics not showing up with this search?

The following searches work : | tstats `xxxx_summaries_only` avg(All_Performance.Memory.swap_free) AS swap_free F...

by Path Finder in

Percentile Implementation

Hi I am wondering what percentile implementation does Splunk use (used by stats, etc.). It does not always return ...

by Explorer in

How to set an alert that will trigger an email when based on these conditions?

HI All, I need some help in setting alerts for a condition, where I'm using a simple Splunk search to get whether th...

by Path Finder in

index time extractions search

I have did index time extractions for fields. I have stored them in _meta. But when I search for the extracted field...

by Contributor in

how to check number of lines in each events

number of lines from file is not matching in the count, want to check each events number of lines. ?

by Explorer in

How can I split the values in the stats table. I have used in combination of stats Values() count() by host

index=* | stats values(source),values(sourcetype),count(sourcetype) by host ....query i used host values(source) ...

by Builder in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Search using join returning incoherent results

New index mapped to Hdfs data input does not result -only main index shows data

what happens with Duplicate GUID's

Upgrading apps in a clustered environment

How to run search only for shown panels?

timechart where field name and value are both in event data

Grab max value and associated value

Combining Row Results Into Columns

Hi all,I'm pretty new to splunk and having my hands on it. My question is what query is used to get the data of specifuic user.

Why are data model metrics not showing up with this search?

Percentile Implementation

How to set an alert that will trigger an email when based on these conditions?

index time extractions search

how to check number of lines in each events

How can I split the values in the stats table. I have used in combination of stats Values() count() by host

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...

Search based on a previous conditions. Or alert th...