Splunk Search

Community Activity

	Exclude results where two or more fields match I am trying to understand how to remove results where "field_a" and "field_a" each contain a certain value together i... by iomega311 Explorer in Splunk Search 08-19-2020 0 2	0	2
	Timechart with multiple where like statements Hello Guys,I'm trying to plot multiple values onto a time chart. These values are collected through a Where Like stat... by Marco Communicator in Splunk Search 08-19-2020 0 7	0	7
	How to hide dashboard panels ? I have a drill down in my dashboard.When I select any choice from the drill down other two panels(reports) will appea... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Is there a way to do retention based on sourcetypes? Hi rteam, We have too many index created and now planning to have different retention duration based on sourcetypes.... by prabhu77749 Explorer in Splunk Search 08-19-2020 0 1	0	1
	Change In Sourcetype Format Before a change was made, data was originally being sent to Splunk in the example of { %a \| %b \| %c \| %d }. Now after... by BookerT14 Engager in Splunk Search 08-19-2020 0 4	0	4
	Why are the queues full and searches in error on Search Head? Hello, We are having some issues finalizing the installation of our Splunk environment. We have 2 Linux servers: 1 Se... by performancemoni Path Finder in Splunk Search 08-19-2020 0 1	0	1
	Combine a numerical field with a string field separated with a dash Hello,I am trying to combine couple of fields data separated by a dash. Tried few options but could not get the expec... by subhrangshu Explorer in Splunk Search 08-19-2020 0 2	0	2
	Extracting a JSON boolean value I've been unable to get a boolean value extracted from JSON written to Splunk. The data looks like this: build: {<!-- --> ... by danl Explorer in Splunk Search 08-19-2020 0 5	0	5
	Why do these seemingly identical searches return different results when sorted? I have four versions of a nearly identical search. The last one returns a completely different result. What is it a... by CarbonCriterium Path Finder in Splunk Search 08-19-2020 0 3	0	3
	Filtering a Field Extracted with Rex Hello,I am having trouble with filtering fields extracted using rex as follows:rex max_match=0 field=sessions_as_clie... by user333 Engager in Splunk Search 08-19-2020 0 2	0	2
	Separate rows for a string ? I have a string like this below{ABC,DEF,GHI,JKL}i am able to show it as below in my result 1. ABC DEF GHI JK... by vinod0313 Explorer in Splunk Search 08-19-2020 0 1	0	1
	How to search indexed JSON array output for objects that match a distinct name/value pair I'm calling a REST API using curl on a UF to collect data from a remote DataPower appliance; the output is in JSON fo... by beetlegeuse Path Finder in Splunk Search 08-19-2020 0 2	0	2
	Case open count and trend history We're using a REST API to connect to a case / monitoring system and retrieve any data newer than the last run. This d... by benhooper Communicator in Splunk Search 08-19-2020 0 5	0	5
	Removing some results from stats count by function Hi all,I'm a bit of a newbie to splunk but I was trying to create a dashboard using the stats count by function for a... by DCUpro Explorer in Splunk Search 08-19-2020 0 2	0	2
	time difference between two events HiI am using below query to get the details of alarms which has (one Warning and one OK status) or (one Critical and ... by surekhasplunk Communicator in Splunk Search 08-19-2020 0 8	0	8
	Add several information on a point Hi everyone, I'm looking for how to add information on a graphical point. My graph shows only an average and an ofnum... by Lucie99 Explorer in Splunk Search 08-19-2020 0 2	0	2
	data joins I've got a few different tables, all csv, that provide different information.The main events table includes a bunch o... by friskyapple Explorer in Splunk Search 08-19-2020 0 1	0	1
	How to use data models in subsearch I am trying to use data models in my subsearch but it seems it returns 0 results.\| datamodel disk_forecast C_drive se... by eidil Explorer in Splunk Search 08-18-2020 0 4	0	4
	"This search uses deprecated 'stats' command syntax." Getting this informational message when running "stats count" commands:This search uses deprecated 'stats' command sy... by mitag Contributor in Splunk Search 08-18-2020 0 12	0	12
	How to extract count of specific event from nested JSON? I have this data coming in every minute to monitor application performance: { "events": [ { "appId": "mock-app... by chtmai Explorer in Splunk Search 08-18-2020 0 5	0	5
	Unable to see data indexed 4 hours ago Hi,Data was indexed 4 hours ago. At the time i was able to see the data when searching the relevant index. 4 hours la... by PN3000 Loves-to-Learn in Splunk Search 08-18-2020 0 2	0	2
	deprecated 'stats' command syntax notification on a sample Splunk search Running a sample search suggested by "Add sparklines to search results" in Splunk Documentation for the latest versio... by mitag Contributor in Splunk Search 08-18-2020 0 1	0	1
	Did anyonen else lose all of their "Splunk Answers" history? I am aware that answers.splunk.com has changed engines and is now community.splunk.com. The migration announcement st... by bloizides Observer in Splunk Search 08-18-2020 0 4	0	4
	Is there a dashboard visualization that allows editing a lookup table in the UI instead of using lookup editor? Is anyone aware of a dashboard visualization that will allow me to edit a lookup table in the UI? Rather than using L... by daniel_althoff8 Loves-to-Learn in Splunk Search 08-18-2020 0 0	0	0
	License Usage by Each Indexer License Usage by Each Indexer : Need to find license usage by each indexer. by vishaltaneja070 Motivator in Splunk Search 08-18-2020 0 2	0	2