Splunk Search

Community Activity

Charting Total Index Size vs Used Space Inside Index Hello to all, We have a few indexes that are configured with different max MB's. I want to be able to create a das... by aferone Builder in Splunk Search 09-18-2019 0 3	0	3
Arrange non-null values in a field Hi, I have the below events 100, ABC, , , 110, DEF, , , , , , , , ,120 ,GHI, 130, JKL, , , , , , , , ,140 ,MNO , ... by rupesh26 Path Finder in Splunk Search 09-18-2019 0 2	0	2
The system is approaching the maximum number of historical searches that can be run concurrently. current=7 maximum=8 I am not searching anything why above message display very frequently? While I have deleted all saved search. by jangid Builder in Splunk Search 09-18-2019 1 13	1	13
Retrieving unique values of an indexed field Is there a quick way to retrieve the list of all unique values of an indexed field? I know I could search for the fi... by NancyCunningham Engager in Splunk Search 09-18-2019 3 7	3	7
How to extract data from Splunk to get the allowed and blocked events count separately for each firewall I have few firewall logs coming into the Splunk. I need to extract the data from Splunk to get the allowed and blocke... by anshubathla New Member in Splunk Search 09-18-2019 0 2	0	2
How to count stats by grouping substring from an URI Here is my search: index=app sourcetype=access context=PL uri=/PL/data/2.0/space/* and I have the following logs ... by prakashpnvs Engager in Splunk Search 09-18-2019 0 2	0	2
Eval condition in props.conf using mvindex? I have a field which contains 2 values for every event as shown below: Field Name :- Username Example Values :- A,B... by pavanae Builder in Splunk Search 09-18-2019 0 4	0	4
Column not appending to first search I have read a lot of similar questions to mine but I still can't get the results to work as needed. I have two searc... by l0gik Explorer in Splunk Search 09-18-2019 0 2	0	2
How to get stats from log and display src,dest from another log having uniqueId is common I have a set of logs... log1 is task startingtime log having taskbegin ,uniqueID, src ,dest and log2 is task endTime... by arjun_krishna Explorer in Splunk Search 09-18-2019 0 4	0	4
Regex command causing the search to not work - unknown search command Hi People, I am trying to run a regex command to cut out a part of the REQ field, On regex 101 it is working fine, ... by ssjabid Explorer in Splunk Search 09-18-2019 0 5	0	5
How to divide each line and data row? ServiceTitle KPITitle ... by htramtran83 Explorer in Splunk Search 09-18-2019 0 5	0	5
Is there a way to recover a dataset? Someone accidentally deleted a dataset - a lookup from the app's Datasets section. Is there a way to recover it? It's... by danielbb Motivator in Splunk Search 09-18-2019 0 2	0	2
Search Factory: Why am I getting unknown search command 'tag' only in Javascript while it works in classic Search? My search starts with this: tag=kpi earliest=1521504000 latest=1521849600 \| table _time enterprise_id facility_id sh... by seva98 Path Finder in Splunk Search 09-18-2019 0 3	0	3
Field Alais created were not working We have created several Field aliases based on different source and source types in our splunk query. Most of the F... by Gowtham0809 New Member in Splunk Search 09-18-2019 0 3	0	3
Receiving "OR OR" error message Hello, My colleague and I noticed an issue in the following SPL. If there is data, the SPL works. If there isn't any ... by genesiusj Builder in Splunk Search 09-18-2019 0 10	0	10
How to convert base search query that uses stats into a timechart? Hi, I want to display this query in my dashboard in two different charts. So this is my base search query: search ba... by lsy9891 Engager in Splunk Search 09-18-2019 0 3	0	3
How to count one field multiple times with different condition? Since I am new to Splunk is there is demo query for calculating this will be helpful,Basically, i want to count one f... by rj12 Loves-to-Learn Lots in Splunk Search 09-18-2019 0 1	0	1
How to fix this datamodel error ? "Error decompressing zstd block: Corrupted block detected" This error appears when I search with datamodel but this... by arahf Loves-to-Learn in Splunk Search 09-18-2019 0 1	0	1
How to use time picker to display the data in this query with appendcols? Hi, I have this query: host="NETAPPA" sourcetype="WinEventLog:Application" AND AppDomainName= "EcomSubscription."A... by lsy9891 Engager in Splunk Search 09-18-2019 0 4	0	4
Json parsing - event breaks Below is my event : [ [-] { [-] created_at: 2019-08-28T13:48:48.722Z credibility_sco... by Nadhiyaa Path Finder in Splunk Search 09-18-2019 0 7	0	7
When searching a CSV import via a lookup, what should I do to work around the line limit? Hi team! I import a CSV file via lookup and use this search. index=cesa_paloalto sourcetype="pan:traffic" type=TRAF... by christianubeda Path Finder in Splunk Search 09-17-2019 0 4	0	4
how do you comment in splunk? how do you comment in splunk? I have tried the below from the below ref, but cannot get it to work, (apologies I can... by HattrickNZ Motivator in Splunk Search 09-17-2019 0 1	0	1
Query For Earliest Logon and Latest Log Offs Hello! I need to build a Splunk query that displays the earliest log on and and latest log off times for a user in th... by johann2017 Explorer in Splunk Search 09-17-2019 0 7	0	7
Redirect to dashboard using wildcard I have a dashboard in my app located at myApp/local/data/ui/html/ticket_guru.html This file is returned when I hit: m... by delewis13 Explorer in Splunk Search 09-17-2019 0 1	0	1
Can't make join to compare the presence of a field value Hello, i'm trying to make a dashboard for a client, the dashboard consists basically in a table, which should show a ... by 3DGjos Communicator in Splunk Search 09-17-2019 0 2	0	2