Splunk Search

Discussions

Thread Info

run the second search query only after the first search query completes

Hi, I have a dashboard in advance xml, where I am using a search query to run a python script :- <view template="...

by Builder in

Saved Search in Splunk 5 produces a table, but in Splunk 6 a column chart and table. Why?

The search is nothing special. It ends with a stats command showing avg, median, p95 and max values. In Splunk 5, whe...

by Influencer in

Make a graph

Hi, I am using this query sourcetype=TraceDropOff| transaction startswith="Starting Main" endswith="DropOff appli...

by Path Finder in

Static lookup only on results found

I have basic lookups using a static lookup table of network devices, it's looking up host values if they show up as I...

by Contributor in

Can I Rename the Variable on a Chart for Predict Command?

Just as it says.. Can I rename the variable on a chart for predict command? Instead of count and prediction(count)...

by Communicator in

How to tag an ip address as suspect

Hi, What I did understand from tags, is that you can tag a field value. For example, I can tag clientip=1.1.1.1 as...

by Explorer in

Search for events from a certain universal forwarder

I have 2 universal forwarders sending data to 1 indexer. I want to search to see if one of the universal forwarders i...

by Communicator in

Splunk ingesting MSMQ Message

I have a legacy logging application that sends its messages to a MSMQ queue. Can splunk be configured to read data di...

by New Member in

Transient IP tagging or lookup on parsing input

I need to map a clientip to their hostname and MAC address. This environment is DHCP driven and hosts move around a l...

by Explorer in

How to display rows in query to cols?

i have the following query that query's for a value data for a given label data pair. The query runs fine but it adds...

by Path Finder in

Roll Up Summary Index from Seconds to Hourly

I have created a saved search which runs once an hour and records to a summary index. The search allows me to determi...

by Path Finder in

What is the trick to stack column charts in splunk 6?

I have a basic query that generates the following results from splunk(6)'s' main query page (not a panel or anything)...

by Path Finder in

Top results for multiseries data

Hi there, I'm charting multiseries data displayed in stacked columns with the following command: stats dc(...

by New Member in

query using join

Trying to combine two logs . Using this query to get a list of items from user log source="/opt/mysplunk.log" earl...

by Explorer in

How to get top values

Hi, i have a report where i show top 50 404s by uri as shown below. Now i want to get the top referer for each URI in...

by Contributor in

show overall data in table if no option is selected in dropdown

Please suggest how to sow all records in the table if no option or record has been selected in the dropdown. Here is ...

by Builder in

how to find search name based on error in splunkd.log?

I'm getting the following errors in my splunkd.log file a lot; 02-19-2014 10:10:58.232 -0800 WARN FileClassifierM...

by Builder in

how to write dbquery in search

Hi guys, Please help me to write a dbquery in search bar.I have the following dbquery | dbquery "databasename" "sele...

by Builder in

Conditional Filter count results in chart

index=rhwindows sourcetype="WinEventLog:System" Type=Error OR Type=Warning NOT (*PrintSpooler OR *SpoolerWin32SPL) ea...

by Path Finder in

Using join in postprocess takes longer than duplicating the search

Hello I have 3 searchmanagers like so (the actual queries are longer) {% searchmanager id="s1" search="index=ab...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

run the second search query only after the first search query completes

Saved Search in Splunk 5 produces a table, but in Splunk 6 a column chart and table. Why?

Make a graph

Static lookup only on results found

Can I Rename the Variable on a Chart for Predict Command?

How to tag an ip address as suspect

Search for events from a certain universal forwarder

Splunk ingesting MSMQ Message

Transient IP tagging or lookup on parsing input

How to display rows in query to cols?

Roll Up Summary Index from Seconds to Hourly

What is the trick to stack column charts in splunk 6?

Top results for multiseries data

query using join

How to get top values

show overall data in table if no option is selected in dropdown

how to find search name based on error in splunkd.log?

how to write dbquery in search

Conditional Filter count results in chart

Using join in postprocess takes longer than duplicating the search

Observability Newsletter Highlights | March 2023

Security Newsletter Updates | March 2023

Platform Newsletter Highlights | March 2023

How to delay with search result when run via Splun...

KV Store status is currently unknown- How to resol...

Combining results in metric index?

Summary Index from | collect ... addtime=f : When ...

Importing HCL BigFix data from Insights, how to ve...