Splunk Search

Community Activity

How to group by forcing line value Hi, I want to show how many lines contains some value even if no line return. My data : Row 1 : F1: a Row 2 ... by matimat Explorer in Splunk Search 11-05-2019 1 4	1	4
How to return items dependent on occurrence I have the data field "user" with data like: user1, user1, user2, user2, user3, user3, user3, ... How do I get/coun... by steffen1 Engager in Splunk Search 11-04-2019 0 4	0	4
How to bring non matching values into the same column Hi , My current index when done table shows: Name\| Attendance \| Class abc \| Present \| 2A efg ... by ayush1906 Communicator in Splunk Search 11-04-2019 0 3	0	3
What is the difference in name capturing group"(?)" and "(?P)"? How differences named capturing group expression between "(?<name>)" and "(?P<name>)"? by basplunk New Member in Splunk Search 11-04-2019 0 2	0	2
Wildcard * does not work with If or Case in Splunk There are 3 different values for one particular field say field1 - "INTPAY\ITS\TD_EFT\can contain other data", "INTPA... by gndivya Explorer in Splunk Search 11-04-2019 1 2	1	2
Disble hover for charts? Hi how to disable the hover functionality for line charts? I've tried disabling tooltips but it just hides the label-... by lsy9891 Engager in Splunk Search 11-04-2019 0 0	0	0
Can sampling for subsearches be used to parameterize main search? Is there a way to set sampling for subsearches separately from the main search? For example, given a search of a hug... by amesbury Engager in Splunk Search 11-04-2019 1 2	1	2
Can Splunk pull the contents of a lookup created in a search head cluster via rest command search into a non-cluster search-head? I created a Splunk Health Dashboard for myself on the server that runs my Monitoring Console. The MC server is not ... by esalesapns2 Communicator in Splunk Search 11-04-2019 1 1	1	1
Help charting or displaying multiple fields I'm working on creating either a report with a table or a dashboard to visualize the status of my Windows Audit Polic... by danielransell Path Finder in Splunk Search 11-04-2019 0 8	0	8
Stats search in SDK: Receiving task cancelled error Hi Team, I am trying to run stats splunk search using c# SDK and getting task cancelled error. Kindly help me on th... by gsureshkumarcse New Member in Splunk Search 11-04-2019 0 0	0	0
Is there a programmatic method to list and analyze which objects/resources (indexes, macros, lookups) are used by scheduled searches? Hello fellow Splunkies, is there a method to programatically list the objects/resources used by (scheduled) searches... by Olli1919 Path Finder in Splunk Search 11-04-2019 2 9	2	9
Comparing two searches from separate time ranges while still having a clean chart Hello, I am trying to compare two time windows in the same index but I would like the chart comparing them to be ba... by bencooper1 Engager in Splunk Search 11-04-2019 0 3	0	3
How to get the earliest and latest for the last full hour Hello, How would I set the earliest and latest to the last full hour? Example: current time 5:19 pm I want earliest=... by damucka Builder in Splunk Search 11-04-2019 1 2	1	2
getting error for regex "exceeded configured match_limit, consider raising the value in limits.conf" Below is the regex I am using \|rex field=_raw "\d\-\d\s\d\:\d\:\d\.\d\s(?<Primary_Server>[^\s]+)\s*(?<Primary... by vrmandadi Builder in Splunk Search 11-04-2019 1 3	1	3
Search String for Connection hangs I have been toying around with the task of identifying servers on our network with abnormal connection times . We hav... by jsproesser New Member in Splunk Search 11-04-2019 0 5	0	5
How to get tstats results independent of time range Hi All, is it possible to get list of sourcetype by host and index irrespective of time range? I just want the list ... by gaurav_maniar Builder in Splunk Search 11-04-2019 0 5	0	5
Highlight entire row in table after the row is clicked I want to highlight an entire row in a table when its clicked. I want this to be persistent so when I click outside t... by lyderhansen Engager in Splunk Search 11-04-2019 0 2	0	2
Splunk query for sum of fields Hi i have a field A B C D for example with following data A B C D 1 2 3 4 1 2 2 3 2 3 3 4 I want a result ... by NAVEEN_CTS Path Finder in Splunk Search 11-04-2019 0 1	0	1
How to add a column to a stats table using rex I'm fairly new to splunk and have just learned how to use the rex/regex. I am trying to add a column in my string se... by harshparikhxlrd Path Finder in Splunk Search 11-04-2019 0 3	0	3
How to sort table by total errors in descending order? Hi, I have this search and basically it shows a table with the channel. Error type, total error, and the sum total ... by lsy9891 Engager in Splunk Search 11-03-2019 0 1	0	1
How to determine if duplicate logs are sent There was an issue with our Splunk forwarders and it appears our application sent duplicate logs. I am seeing a sudd... by balash1979 Path Finder in Splunk Search 11-03-2019 0 3	0	3
Is the search concurrency and limits.conf too high? Hi! I'm wrestling with performance on our Production Splunk installation and have been reading on Search Concurren... by skirven Communicator in Splunk Search 11-03-2019 1 1	1	1
Performance issue on dashboard : Base search query and data model acceleration assistance required Hello Experts Actually I am trying to show the usage trends across one application on different platforms (Online, M... by gopiven Explorer in Splunk Search 11-03-2019 0 1	0	1
How to run a search only if the panel is visible The panel depends is been ignored and is still running the query which causes performance issues. How can you only r... by jjwallaby Engager in Splunk Search 11-03-2019 0 5	0	5
Help with script to make Splunk status up automatically if Splunk is down Please help me with the script below. This script is not running in Unix and Windows machine. Please help tweak and ... by rajaguru2790 Explorer in Splunk Search 11-03-2019 1 2	1	2