Splunk Search

Discussions

Thread Info

Why is my search pulling the wrong events when selecting an appended column on a graph?

Hey guys, I recently created a graph using the search: sourcetype=testing PhpFatal="PHP Fatal error" | stats c...

by Path Finder in

Why are we getting an incorrect date in our resulting table?

the job: 0019295 which shows run time on Thu Jan 14 07:00:02:2016 actually ran on Wed Jan 13 07:00:19 2016 Sanpshot a...

by Communicator in

How do I extract a field from a URL and group by that field?

How do I group data and get a count for usage per customer? My data is Time and Event. The event data is a URL and th...

by Explorer in

Tricky latest login state question

Hi Guys, I'm having a bit of trouble with this. Basically I wish to show who is into this device on a dashboard and I...

by Path Finder in

How to show two search results in one dashboard panel

HI all I have two search which yield the table like this below: Module1 Module2 Name1 1.2 2.2 Name2 1.5 3.2 Na...

by New Member in

Looking for way to return a value from subsearch when it returns zero results

Maybe there is a much easier way to do that I'm just missing.....but here goes. I have a search that I am using to al...

by Explorer in

Reformat table so values become Column headings

I have a search that ends with | stats sum(count) AS Hits by _time GUID cs_uri_stem Which results in a table ...

by Contributor in

How can I retrieve count or distinct count of some field values ?

I have lots of logs for client order id ( field_ name is clitag ), i have to find unique count of client order( field...

by Explorer in

Error: [indexer1] Empty csv lookup file

Hi, I've got a large (170.000 rows) lookupfile that is used in several searches. I've scheduled these searches to ...

by Motivator in

Messed up input data ruining/slowing down search?

Hi! I accidentally indexed really bizarre logs (partially downloaded logs) and assigned it to a sourcetype. Now s...

by Path Finder in

How can I do a cumulative timechart with dedup?

I've got some data with three applicable fields, hostname, requirement, and requirementstatus. Each day I may receive...

by Explorer in

How do I run a programmatic search against a Search Head Cluster?

Is there anything special about interacting with a Search Head Cluster via the REST APIs? Specifically, what endpoint...

by Super Champion in

Updating fields in a lookup through a scheduled search

Fellow Splunkers! I am attempting to update fields within a lookup file, and fortunatley there are only 2 fields. ...

by Motivator in

How to work out the age of a user based on date of birth?

I want to group users by their age which range from roughly 5 years to 90. The dateofbirth field is formatted like th...

by Communicator in

Do unused search-time field extractions significantly impact performance if the extracted fields are not used?

I have a new analyst requesting to add some search-time field extractions for sourcetype=syslog to simplify reporting...

by Contributor in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why is my search pulling the wrong events when selecting an appended column on a graph?

Why are we getting an incorrect date in our resulting table?

How do I extract a field from a URL and group by that field?

Tricky latest login state question

How to show two search results in one dashboard panel

Looking for way to return a value from subsearch when it returns zero results

Reformat table so values become Column headings

How can I retrieve count or distinct count of some field values ?

Error: [indexer1] Empty csv lookup file

Messed up input data ruining/slowing down search?

How can I do a cumulative timechart with dedup?

How do I run a programmatic search against a Search Head Cluster?

Updating fields in a lookup through a scheduled search

How to work out the age of a user based on date of birth?

Do unused search-time field extractions significantly impact performance if the extracted fields are not used?

Observability Unveiled: Navigating OpenTelemetry's Framework and Deployment Options

Observability | How to Think About Instrumentation Overhead (White Paper)

Cloud Platform | Get Resiliency in the Cloud Event (Register Now!)

How to find events between time ranges for a servi...

How to combine rows based on parent-child relation...

Outputlookup to a kvstore does not write results

How do I limit a search to everything except the t...

StatsBuffer::read: Row is too large for StatsBuffe...