Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Is it possible to create a multivalue visualization for each value of a grouped field?

Hello, I am trying to create a variable sized visualization based on the value of a field grouped by another field...

by Builder in

How do I display negative values through geostats?

Hello, I'm busy mapping temperatures for locations around the world and in some cases the value is negative. Unfor...

by Builder in

How to have my summary index only index on the calculated value?

I have a sourcetype that has a tremendous amount of data - we use this data to calculate an overall number of calls p...

by Communicator in

How do I extract numerical value from within a string using rex command?

Hello, I've been reading up on the rex command and using it to split strings, but I cannot for the life of me get ...

by Builder in

How can I get the latest event by a specific field?

Hello, I have the following event data: City,Date,Temp,Sky New York,2016-11-10,20,Clear New York,2016-11-10-19,...

by Builder in

How to build a search that shows the uptime of Splunk and the host reporting to Splunk?

I am required to build a search which will show the uptime of all my Splunk components over a period of one month. Al...

by Explorer in

Is there any way to do stats count over multiple time frames?

Is there any way to do stats count over multiple time frames? I am trying to replace something written in perl and...

by Explorer in

How to extract multiple sets of fields from one sourcetype

I'm currently forwarding data from a pfSense Firewall in our Splunk Light instance. This works pretty well and I defi...

by Engager in

How to trim off the last 7 characters from a field?

Hi, I have a field with fields as below: name -------- abcd - xyz cdef - xyz adfeq - xyz I want to trim "- ...

by Communicator in

How to retrieve information behind java.lang using rex?

Hi, I am trying to retrieve the information behind the value "at java.lang. ..." I tried the following command ...

by Engager in

How to limit the number of result lines from stats

Hi! I have some data from which I would like a summary report with only the most active clients in the list. The s...

by Path Finder in

How many custom shapes does choropleth map support?

http://blogs.splunk.com/2015/10/01/use-custom-polygons-in-your-choropleth-maps/ Use Custom Polygons in Choropleth Map...

by Contributor in

How to edit my search to calculate values inside JsonArray

Hi *, I have some trouble with Splunk stats functions :). I have a JSONArray event like this and I need to sum all...

by Engager in

How can I optimize my search?

This search is taking too much time to execute, around 20 mins. Is it because of the lookup? index="access_log_ind...

by Explorer in

Search Job inspector - dispatch.fetch slow - why?

I'm working on tracking down some slowness in searches of all types that I am doing. Looking at the search inspector ...

by Path Finder in

Calculate Difference between two time fields in single event

Hi All, Am trying to calculate difference between starttime and endtime for tasksession, both start and end time a...

by Path Finder in

How can i display dates between two dates?

I have a log that has Start date=23/nov/2016 enddate=23/dec/2016.now i need to display the dates between the dates .

by Path Finder in

distinct count using stats and eval

I am slowly going insane trying to figure out how to remove duplicates from an eval statement. where acc="Inc" AND...

by Communicator in

If you're running 6.5.0, you should disable search_optimization::predicate_merge

In 6.5.0 Splunk added a bunch of search optimizations, see http://conf.splunk.com/files/2016/recordings/optimized-sea...

by SplunkTrust in

How to edit my search to calculate the average duration for last 7 days from the average duration of yesterday and display both?

I have my following search: My Search earliest=-1d@d latest=@d | convert ctime(_time) as Date_and_Time | conve...

by Builder in

Splunk Search

Discussions

Is it possible to create a multivalue visualization for each value of a grouped field?

How do I display negative values through geostats?

How to have my summary index only index on the calculated value?

How do I extract numerical value from within a string using rex command?

How can I get the latest event by a specific field?

How to build a search that shows the uptime of Splunk and the host reporting to Splunk?

Is there any way to do stats count over multiple time frames?

How to extract multiple sets of fields from one sourcetype

How to trim off the last 7 characters from a field?

How to retrieve information behind java.lang using rex?

How to limit the number of result lines from stats

How many custom shapes does choropleth map support?

How to edit my search to calculate values inside JsonArray

How can I optimize my search?

Search Job inspector - dispatch.fetch slow - why?

Calculate Difference between two time fields in single event

How can i display dates between two dates?

distinct count using stats and eval

If you're running 6.5.0, you should disable search_optimization::predicate_merge

How to edit my search to calculate the average duration for last 7 days from the average duration of yesterday and display both?

how to calculate Uptime

how to join the two tables?

Changing the background of Single Value Viz. with ...

How to color code a field value based on the newly...

How to get n-1, n-2, n-3 ... records where n is t...