Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

How to group by forcing line value

Hi, I want to show how many lines contains some value even if no line return. My data : Row 1 : F1: a Row 2...

by Explorer in

How to return items dependent on occurrence

I have the data field "user" with data like: user1, user1, user2, user2, user3, user3, user3, ... How do I get/co...

by Engager in

How to bring non matching values into the same column

by Path Finder in

What is the difference in name capturing group"(?<name>)" and "(?P<name>)"?

How differences named capturing group expression between "(?<name>)" and "(?P<name>)"?

by New Member in

Wildcard * does not work with If or Case in Splunk

There are 3 different values for one particular field say field1 - "INTPAY\ITS\TD_EFT\can contain other data", "INTPA...

by Explorer in

Disble hover for charts?

Hi how to disable the hover functionality for line charts? I've tried disabling tooltips but it just hides the label-...

by Engager in

Can sampling for subsearches be used to parameterize main search?

Is there a way to set sampling for subsearches separately from the main search? For example, given a search of a huge...

by Engager in

Can Splunk pull the contents of a lookup created in a search head cluster via rest command search into a non-cluster search-head?

I created a Splunk Health Dashboard for myself on the server that runs my Monitoring Console. The MC server is not pa...

by Path Finder in

Help charting or displaying multiple fields

I'm working on creating either a report with a table or a dashboard to visualize the status of my Windows Audit Polic...

by Path Finder in

Stats search in SDK: Receiving task cancelled error

Hi Team, I am trying to run stats splunk search using c# SDK and getting task cancelled error. Kindly help me on ...

by New Member in

Is there a programmatic method to list and analyze which objects/resources (indexes, macros, lookups) are used by scheduled searches?

Hello fellow Splunkies, is there a method to programatically list the objects/resources used by (scheduled) search...

by Path Finder in

How to get the earliest and latest for the last full hour

Hello, How would I set the earliest and latest to the last full hour? Example: current time 5:19 pm I want earlies...

by Contributor in

getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf"

Below is the regex I am using |rex field=_raw "\d*\-\d*\s\d*\:\d*\:\d*\.\d*\s(?<Primary_Server>[^\s]+)\s*(?<Prima...

by Builder in

How to get tstats results independent of time range

Hi All, is it possible to get list of sourcetype by host and index irrespective of time range? I just want the lis...

by Builder in

Highlight entire row in table after the row is clicked

I want to highlight an entire row in a table when its clicked. I want this to be persistent so when I click outside t...

by Engager in

Splunk query for sum of fields

Hi i have a field A B C D for example with following data A B C D 1 2 3 4 1 2 2 3 2 3 3 4 I want a result "to...

by Path Finder in

How to add a column to a stats table using rex

I'm fairly new to splunk and have just learned how to use the rex/regex. I am trying to add a column in my string sea...

by Path Finder in

How to sort table by total errors in descending order?

Hi, I have this search and basically it shows a table with the channel. Error type, total error, and the sum total o...

by Engager in

How to determine if duplicate logs are sent

There was an issue with our Splunk forwarders and it appears our application sent duplicate logs. I am seeing a sudd...

by Path Finder in

Is the search concurrency and limits.conf too high?

Hi! I'm wrestling with performance on our Production Splunk installation and have been reading on Search Concurrency ...

by Path Finder in

Splunk Search

Discussions

How to group by forcing line value

How to return items dependent on occurrence

How to bring non matching values into the same column

What is the difference in name capturing group"(?<name>)" and "(?P<name>)"?

Wildcard * does not work with If or Case in Splunk

Disble hover for charts?

Can sampling for subsearches be used to parameterize main search?

Can Splunk pull the contents of a lookup created in a search head cluster via rest command search into a non-cluster search-head?

Help charting or displaying multiple fields

Stats search in SDK: Receiving task cancelled error

Is there a programmatic method to list and analyze which objects/resources (indexes, macros, lookups) are used by scheduled searches?

How to get the earliest and latest for the last full hour

getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf"

How to get tstats results independent of time range

Highlight entire row in table after the row is clicked

Splunk query for sum of fields

How to add a column to a stats table using rex

How to sort table by total errors in descending order?

How to determine if duplicate logs are sent

Is the search concurrency and limits.conf too high?

Could not load lookup=LOOKUP-splunk_security_essen...

CIDR match not working on Splunk 8.X

Splunk App for Windows - Missing Task Category, Ty...

Jump multiple links at the same time

How are AWS logs get ingested into Splunk Enterpri...