Splunk Search

Discussions

Thread Info

Omit "NULL" and "OTHER" from area chart

How do I omit "NULL" and "OTHER" from the results of an area chart?

by Explorer in

searching fields that have multiple lines by using \n or \r\n doesn't work but using <enter> does

I'm trying to do some windows event blacklisting due to a high volume on a particular server. However, I'm having tro...

by Engager in

Extract 'table structured' data from log file using Perl.

I have a log file in a table structured form like this, Code send_id dest_id AW 96 45 BX 65 78 Now here I hav...

by New Member in

Dashboard on email at scheduled time

Can a html dashboard be sent on email?? I have created an html dashboard with modified css and html code and I want...

by Path Finder in

How to combine a csv and savedsearch and retrieve matching and unmatching results ?

I have a savedsearch which is a result of json data. Similarly I have a master csv. I have Assettag field common in b...

by Explorer in

get rows in lookup that does not have entry in search result

I have a Lookup "Consumer_Lookup.csv" (30 rows approx) Consumer Restricted A Y B ...

by Engager in

How to transpose a table? (without using Transpose command)

My Table looks like this VF_Price Huyndai_Price Jaguar_Price345 412 542I wan...

by Contributor in

How to add two different chart queries and get the results in single table

I have two queries like as below : > index="int_audit_dev" | chart count(ApplicationName) over ApplicationName by ...

by Communicator in

Avg disappears if I add min and max, so how do I combine avg, min, and max together to have all the stats I need?

I have events with response_time fields coming from an access log file. I have to display the average, min, and max r...

by Loves-to-Learn Lots in

Filtering on my table

Hi I got following values as a result of a splunk table: 842034200103 8200000...

by Explorer in

How do I display latest event after comparing descriptions from event log?

Hello, I am working on a query to check multiple service status from multiple servers and trying to display the cur...

by Path Finder in

Color table on the basis of their values visualization

Hello, I am generating the following table in splunk dashboard using the following query from raw data file: Tw...

by Explorer in

splunk query

Hi Folks, i have a requirement to create relevant query in Splunk to retrieve daily count of records from Kafka ser...

by Communicator in

Only the raw field has data.rest everything and every field is empty

I have an issue where the raw data shows up with data but when I query it, all the other fields come up as empty. ...

by New Member in

Error in 'eval' command: Typechecking failed. '-' only takes numbers

I have tried many ways to get the difference between two numbers. Here is what I have tried. try 1: event=subsc...

by New Member in

Show 0% if no results are found

I have the following search: index="automox" sourcetype="automox:devices" server_group="Windows Ser...

by Path Finder in

Assistance with combining / joining on 2 large data sets

I have 2 large data sets Data Set 1 (Assets) contains information about devices. For example the dataset will ...

by Contributor in

Appending Searched parsing output

I m using append query multiple times for different searches for same index. Its parsing my job. Please advise solu...

by Explorer in

How to compute the duration based on Time picker

Basically, I want to get duration based on the time picker. Example, If i select Year to Date in the time picker, i...

by Explorer in

Display only the top 5 values in count column

Id like to be able to display only the top Total values, struggling with this

by Contributor in

get the latest value in an array

Hi Guys, I am working on searching data from Servicenow ticket, and tickets normally have some status for example: ...

by Explorer in

_time format

Our data input contains two timestamp fields — creation_time and modification_time — both formatted in line with ISO ...

by Communicator in

Splunk Returning different Stats for same time range.

I have a scheduled report that runs monthly for the previous month. It runs a cron job 00 08 1 * *. I need to go b...

by Communicator in

Splunk If else and severity search query

I am trying to write splunk search where I have 2 conditions and my query returns the results based on that for ex...

by Path Finder in

Simple Name for Variable

Apologies in advance as im new to SplunkIm trying to put a name to each line below. Each src to dst is a business cli...

by Engager in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Omit "NULL" and "OTHER" from area chart

searching fields that have multiple lines by using \n or \r\n doesn't work but using <enter> does

Extract 'table structured' data from log file using Perl.

Dashboard on email at scheduled time

How to combine a csv and savedsearch and retrieve matching and unmatching results ?

get rows in lookup that does not have entry in search result

How to transpose a table? (without using Transpose command)

How to add two different chart queries and get the results in single table

Avg disappears if I add min and max, so how do I combine avg, min, and max together to have all the stats I need?

Filtering on my table

How do I display latest event after comparing descriptions from event log?

Color table on the basis of their values visualization

splunk query

Only the raw field has data.rest everything and every field is empty

Error in 'eval' command: Typechecking failed. '-' only takes numbers

Show 0% if no results are found

Assistance with combining / joining on 2 large data sets

Appending Searched parsing output

How to compute the duration based on Time picker

Display only the top 5 values in count column

get the latest value in an array

_time format

Splunk Returning different Stats for same time range.

Splunk If else and severity search query

Simple Name for Variable

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

In Splunk studio, is it possible to populate a tex...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions