Splunk Search

Start a Conversation

Discussions

Start a Conversation

Thread Info

Why are my multi-line events getting split?

I am trying to prevent my multi-line events from being broken into individual rows. My logs are similar to this: 2...

by Explorer in

How do I change the font color in a chart depending on a value?

Hello, I try to change the font colour within a chart. Unfortunately I can only create dashboards and don't have a...

by New Member in

How do I get the total and percentage on each row on the following table?

Hello there, My current code is giving me the following (if the screenshot is not clear, I provide the numbers lat...

by Explorer in

how to combine/merge multiple generic fields/columns in one field/column with average calculation per generic field/column values in Splunk?

hi, I have following situation in splunk (see picture below). I need following pattern in Splunk (see pic...

by New Member in

Can you help me with a subsearch across two indexes?

Hi Folks, I'm using Splunk version 4.0 (with App verion 6.6.1) and I'm pretty new to Splunk — I've been using it f...

by New Member in

Can you help me to create a join in a lookup file?

Hi all, I need your help. I created a lookup file (hierarchy_lookup.csv) with this layout I would like ...

by Engager in

How to disable the app icon background color in Splunkbase later on?

In our inital release version 0.9.0 (https://splunkbase.splunk.com/app/4317/) we intentionally adjusted the app navig...

by Engager in

Is there any way to fix cut-off Sparklines?

Hello all, I have been adding sparklines to my tables. I noticed that sometimes the sparklines look cut off at the...

by Motivator in

C# SDK separate field notation

Hey, i would like to send fields separate from raw data, so its not displayed in normal search result eventtext, o...

by New Member in

columns with fwdtype

i am looking for ideas how to generate report in the following format Clustername HF UF cl01 hf-1 uf-1 hf2 ...

by New Member in

How to remove one field to be shown in column chart

I have created a query which have 4 columns in statistics and want to show column chart as well but with 3 columns. h...

by Engager in

Export to dump with wrong values in fields

Hi, I'm trying to export some data with the dump command, the data from the dump is not exported correctly, some valu...

by New Member in

How do you manipulate table results from a combined results?

Hi, I am stuck trying to manipulate my table when using a subsearch. Please see below query. search .... | sta...

by Explorer in

How do I query the percentage of unique sessions seeing errors?

I'm trying to come up with a query that's a percentage of users (via session ids) experiencing errors. i can find the...

by New Member in

Ignore a row to calculate Summary total in Table?

Data is like below: Is there any way to enable Total Summary but ignore "%" row to calculate Total?

by Motivator in

Create a table that contains 'ALERTS'. User will verify the alerts, click on the specific event and the particular event will disappear.

Hi all, I would like to create a table that contains 3 scenarios. ( Low, High, Severe) The table will keep appen...

by Explorer in

How do you search one way between two deployments/environments?

I have inherited an deployment that has multiple environments: PROD, FTI, and oldFTI. I am needing to search from FTI...

by Contributor in

splunk admin system admin - lab is closed same day??

Hi I was participating today to system admin course and found out at the end of the course the lab will be active on...

by Path Finder in

How would I divide this table into hours?

source=****** "Result from operation" | rex field=message ".*?returnCode=(?<code>\d+).*" | eval status=if(code=0000,"...

by Engager in

How to convert string to date?

I have an existing column "Date" and I need to convert it from a string like 4/2/2018 to a date of 4/2/2018. I've ...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why are my multi-line events getting split?

How do I change the font color in a chart depending on a value?

How do I get the total and percentage on each row on the following table?

how to combine/merge multiple generic fields/columns in one field/column with average calculation per generic field/column values in Splunk?

Can you help me with a subsearch across two indexes?

Can you help me to create a join in a lookup file?

How to disable the app icon background color in Splunkbase later on?

Is there any way to fix cut-off Sparklines?

C# SDK separate field notation

columns with fwdtype

How to remove one field to be shown in column chart

Export to dump with wrong values in fields

How do you manipulate table results from a combined results?

How do I query the percentage of unique sessions seeing errors?

Ignore a row to calculate Summary total in Table?

Create a table that contains 'ALERTS'. User will verify the alerts, click on the specific event and the particular event will disappear.

How do you search one way between two deployments/environments?

splunk admin system admin - lab is closed same day??

How would I divide this table into hours?

How to convert string to date?

Splunk Observability Cloud | Customer Survey!

Happy CX Day, Splunk Community!

.conf23 | Get Your Cybersecurity Defense Analyst Certification in Vegas

help on could not load lookup message

searching for specific result

How to Add Datamodel Fields in Search and Reportin...

AD servers with indexing delays when evt_resolve_a...

Using comparison function within mstats