Splunk Search

Discussions

Thread Info

Why am I getting error "The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'"?

I have this data below and I want a flow chart of start time and end time on the x-axis and cmd1, cmd2......on the y-...

by New Member in

How to split events into multiple rows in a table?

I have the following search result which has multiple values in a cell: I would like to split table to raws. loo...

by Path Finder in

How to use detect numeric outlier to detect cpu utilization outlier

My objective is to collect cpu utilization and then use detect numeric outlier to find out the odds one. However the ...

by New Member in

Using search keyword or where keyword

Hi All I have data in the below fomat Country={UK}, Question=Where do you live, Answer=London Country={USA}, Q...

by Path Finder in

Sorting/Arranging chart results

Hi, I have the below query which is used to find the total and used diskspace of a linux server. I need to arrang...

by Explorer in

"search NOT" not working - not excluding the expected results

Hi All, Trying to figure this one out - suspect it's going to be something simple - just not sure what it is. H...

by Path Finder in

Using AND, OR to find 2 `devices` where i want to filter in some of the `adj` on each device.

I am trying to just show the devices that are X and Y and the devices that are X and have adj that meet this filter ...

by Motivator in

How to make a multiple condition IF statement work?

Hi, This should be easy but for some reason, my brain is making it hard. I'm trying to get a 2-condition IF statem...

by Motivator in

How to extract a heavily nested JSON data?

Hey everyone, I am very new to Splunk and many of the examples I see use relatively simple data. I am trying to extra...

by New Member in

Calculate mailbox growth comparing previous week

I have the below search that shows the total mailboxSize in GB and I would like to compare this with a week ago to de...

by Communicator in

Why is the timechart coming up blank?

Hi, I have this query that works query wize but the resulting timechart is blank and I don't know why earliest=...

by Motivator in

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

Hi, I'm sure this is really simple but I've been unable to figure out the exact regex to capture the hostname value f...

by Motivator in

How can I view daily/monthly job query search average times?

Given an initial search query, I'm trying to view daily and monthly job search query runtimes, then average the times...

by New Member in

Sorting column header is based on ASCII and its not based on case senstitve

Hi, I have a saved search with the below code snippet to sort irrespective of case. index=indexname | eval so...

by Communicator in

Why is the sum of all events on transaction giving the wrong value?

I'm calculating sum of all the events in the transaction but the sum displayed is different from actual sum. What am ...

by New Member in

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

source="logA" [search source="logB" "valueA" | return fieldA] 上記のように検索する時、もしサブサーチ内でvalueAの検索結果が無い時、サブサーチで何も値が返されない...

by New Member in

How do I formulate a regex so that I can search different types of events?

event 1: 31.138.204.1 | ssh | o*1N0HIQQx434x12481145x1 | ZI53713 | 2018-05-28 07:14:47,848 | SSH - piv-receive-pa...

by Contributor in

How to get max value from each columns that are created dynamicly based on time range

search query | timechart span=1m count by A1 the above query gives me below output: _time column1 column2 colum...

by Path Finder in

How can I compare two fields that I get from my search result?

I want to compare the two columns that I get dynamically from my search result. I want to compare both fields. Sou...

by Explorer in

rex Named extraction for acronyms that have 4 letters and are all capital letters

Hello, I'm trying to create a named extraction and want to use regex to find all instance of 4 letter acronyms th...

by Communicator in

How to expand the dates between two dates?

I want to display the date between two date range EX. 3/11 -3/19 Field : SDate= 3/11/2018 EDate=3/19/2018 I nee...

by Loves-to-Learn in

rex sed strings different length

Hi! Can somebody please explain me WTF is happening here? My question is quite simple. I want to substitute [áéíóú...

by Path Finder in

How can I integrate D3/Google Charts in my Splunk Dashboards?

I have seen the splunk document to integrate D3 sankey visualization into splunk and to be honest, not being a javasc...

by Contributor in

How to apply the predict function for the most varying field?

I'm trying to do something like from my output I just need to apply predict function on most varying field. For examp...

by SplunkTrust in

how to sub headding in table column in dashboard

Column1 | Day1 | Day 2 | --------- | Shift1 | Shift2 | Shift1 | Shift2 | ABCD | X | N | Y | X | XYZA | X | N | Y | ...

by Explorer in

Get Updates on the Splunk Community!

Splunk Search

Discussions

Why am I getting error "The lookup table 'mylookuptable' does not exist. It is referenced by configuration 'my_lookuptype'"?

How to split events into multiple rows in a table?

How to use detect numeric outlier to detect cpu utilization outlier

Using search keyword or where keyword

Sorting/Arranging chart results

"search NOT" not working - not excluding the expected results

Using AND, OR to find 2 `devices` where i want to filter in some of the `adj` on each device.

How to make a multiple condition IF statement work?

How to extract a heavily nested JSON data?

Calculate mailbox growth comparing previous week

Why is the timechart coming up blank?

How to figure out the exact regex to capture the hostname value from the event logs for transforms.conf?

How can I view daily/monthly job query search average times?

Sorting column header is based on ASCII and its not based on case senstitve

Why is the sum of all events on transaction giving the wrong value?

サブサーチで何もヒットしない時、メインサーチのソースで全検索されてしまいます。　If subsearch is no result, Mainsearch execute Full Search

How do I formulate a regex so that I can search different types of events?

How to get max value from each columns that are created dynamicly based on time range

How can I compare two fields that I get from my search result?

rex Named extraction for acronyms that have 4 letters and are all capital letters

How to expand the dates between two dates?

rex sed strings different length

How can I integrate D3/Google Charts in my Splunk Dashboards?

How to apply the predict function for the most varying field?

how to sub headding in table column in dashboard

What’s New & Next in Splunk SOAR

Your Voice Matters! Help Us Shape the New Splunk Lantern Experience

September Community Champions: A Shoutout to Our Contributors!

In Splunk studio, is it possible to populate a tex...

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

Splunk Search

Are you a member of the Splunk Community?

Discussions