Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Setting static timechart Y-Axis maximum value on command line.

I haven't found a question/answer specific to this issue timechart y-axis issue. I have a timechart where I want t...

by Path Finder in

How can I get a text value in my search result to be considered as a numeric value?

Hi, I have a search result of a JSON file. " { [-] number: 58 result: SUCCESS } " How can I consider...

by Communicator in

How to edit my search to display users from my Windows logs that are not found in a lookup table?

Hi, I have my Windows logs with all users and I have a lookup which has few user names. I need to display the user...

by New Member in

My search returns results, but why are alerts not being triggered?

I've set up an alert based on a search that I know returns results. However, the alerts aren't firing. Here is th...

by Explorer in

How to add filters on a dashboard?

Someone plz explain how to add filters on a dashboard. I got a link in this portal, but there is no answer in it. Plz...

by New Member in

How to find blocks where response time is 0 from ping data?

Hello all, I receive ping data into my Splunk environment. Everything is filtered so that I can plot the response ...

by Path Finder in

extract command

Hi, This is sample event. I tried to explore extract command. index=* sourcetype=orange | extract pairdelim=";"...

by Communicator in

Splunk search throws "Your Splunk license expired or you have exceeded your license limit too many times" even after extension of my free trail license

My free license has expired. I have requested to extend and they extended the trail license. Below is the error I am ...

by New Member in

How to search for unused Exchange distribution lists?

Is there a search that can identify stale Exchange 2010 distribution lists that haven't been used recently (e.g., >90...

by New Member in

How do I display and email search results from two different result sets?

How do I edit my current search? index=myindex sourcetype=A OR sourcetype=B earliest=-72h ERROR_CODE=5014 AND TXN_...

by New Member in

Returning field from subsearch to eval displays no returned rows in table

I am attempting to return a field from a subsearch into an eval statement. No errors are thrown, but when the table p...

by Explorer in

How can you use max with streamstats?

I have a list of events which are watermarks for customer activities. The data look like this: Date/Time Cust...

by Path Finder in

Using time range picker does not work in dashboard where report searches are used.

I have a dashboard where we have a reference to a report in a search. In the report we have values for all time range...

by Path Finder in

How to write a search to graph average time by site specific location using my sample data?

I'm trying to graph the average time of an event: July 18, 2016 10:02 -> INFO -> Done with sync of project-high-me...

by Engager in

add multiple spaces for fields

hi i want to add multiple space for a fields i tried to use : | eval fieldname1= fieldname2 . " " . fieldname3 bu...

by Contributor in

Upgraded to 6.4.1 and patterns tab and download button are not appearing after users run searches

Hi, We just upgraded to 6.4.1 and some users are now stating that they are not seeing the "Patterns" tab after sea...

by Champion in

Search not working after upgrade to 6.2

I have a dashboard that has been working fine while using Splunk version 5. We just upgraded to 6.2 and the search is...

by Path Finder in

subsearch on more than two strings

I have three source types I want to search using a user's username. One of the source types only knows the user's IP ...

by Path Finder in

how can i modify multivalued field?

hi, how can i change the content of multivalued field using regex. i have a multivalued field and i try to modify ...

by Contributor in

How do I search who is exporting aggregate data from my log files?

I am fairly new to Splunk and hoping someone could help with this. I have Index log files loaded onto Splunk, so to b...

by New Member in

Splunk Search

Discussions

Setting static timechart Y-Axis maximum value on command line.

How can I get a text value in my search result to be considered as a numeric value?

How to edit my search to display users from my Windows logs that are not found in a lookup table?

My search returns results, but why are alerts not being triggered?

How to add filters on a dashboard?

How to find blocks where response time is 0 from ping data?

extract command

Splunk search throws "Your Splunk license expired or you have exceeded your license limit too many times" even after extension of my free trail license

How to search for unused Exchange distribution lists?

How do I display and email search results from two different result sets?

Returning field from subsearch to eval displays no returned rows in table

How can you use max with streamstats?

Using time range picker does not work in dashboard where report searches are used.

How to write a search to graph average time by site specific location using my sample data?

add multiple spaces for fields

Upgraded to 6.4.1 and patterns tab and download button are not appearing after users run searches

Search not working after upgrade to 6.2

subsearch on more than two strings

how can i modify multivalued field?

How do I search who is exporting aggregate data from my log files?

Tstats with Sparkline limiting values

Query Duo security for disabled, non-authenicated ...

_time column always moves to end after rendering s...

Comparing 2 Atrributes in different indexes

Changes to user or group privileges