Splunk Search

Ask a Question

Discussions

Thread Info

How to pass a time preset string (e.g. Last 30 days) to a form through the URL?

I want to populate a time picker to display "Last 30 days" through a URL link. Currently I do something like this: ...

by Communicator in

How to find the top 10 error codes by each host and display the count in a table?

Hi, I have list of servers, I need to find top Event Codes errors for each host, as each host as different Event c...

by Path Finder in

lookup data permanent?

I have created a csv lookup table and have successfully loaded it into splunk and used it in a search command sourcet...

by Explorer in

How to edit my appendcols search to group all required fields based on one field?

I have written below search where i have used appendcols option so that all the result will come under one table view...

by Communicator in

How can I combine the results from my two searches?

I have 2 Splunk searches as below: search 1: My Search | stats earliest(date_hour) as FirstHour latest(date_hou...

by Builder in

how to use subsearch with different date time?

hi i try to perform a subsearch using join type=left between two index. first my indexs are configured like this :...

by Contributor in

How to collate each consecutive N rows into one row with N columns?

I have a search which produces a stats with 2 columns, and n = 3k, where k is an integer, rows. The second column is ...

by Communicator in

How to modify the below search so I can get only servers which are infected ?

Hi All, We have our Symantec End Point Protection which is sending logs and it is monitoring both servers and user...

by New Member in

How to sort list by size of group by?

I have a query of the form 'stats list(body) AS events BY id Which gives me for example: id body 1 jack 2 f...

by Path Finder in

How can I modify my search to filter and display only the first and second value?

search :- My search | stats values(date_hour) as Access_time by user The above search displays the user id with th...

by Builder in

Group events based on the field value

Hello, I want to count the number of different messages and show them in a pie chart. My data looks like the followin...

by Path Finder in

Can eval be used to calculate the standard deviation in multiple fields for a single event?

Is there a way to use eval to calculate the standard deviation of data in multiple fields (same number of fields each...

by Path Finder in

subsearch

Hey everyone. I want to search updated events via jira rest for adding them in my index after. My search work fine...

by Communicator in

Add clustered search peers (indexers) to standalone search head?

Hello, is it possible to add clustered search peers (indexers) to standalone search head? Thanks.

by Motivator in

How to create a dashboard that will calculate searches per minute on each search head?

We have X-numbers of search heads. i want to create a dashboard which will calculate searches per minute on each Splu...

by Communicator in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to pass a time preset string (e.g. Last 30 days) to a form through the URL?

How to find the top 10 error codes by each host and display the count in a table?

lookup data permanent?

How to edit my appendcols search to group all required fields based on one field?

How can I combine the results from my two searches?

how to use subsearch with different date time?

How to collate each consecutive N rows into one row with N columns?

How to modify the below search so I can get only servers which are infected ?

How to sort list by size of group by?

How can I modify my search to filter and display only the first and second value?

Group events based on the field value

Can eval be used to calculate the standard deviation in multiple fields for a single event?

subsearch

Add clustered search peers (indexers) to standalone search head?

How to create a dashboard that will calculate searches per minute on each search head?

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

The Great Resilience Quest: 10th Leaderboard Update

How to find events between time ranges for a servi...

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...