Splunk Search

Discussions

Thread Info

How to expand table based on click to the column

Hello there, I've generated a table with data as below showing the % of data computed for various type of products...

by Path Finder in

Splunk Realtime report

I am trying to create a dashboard in realtime , a savedsearch that ouputcsv then used that in the dashboard (20panel)...

by Builder in

How can I remove the fields X which has all zero values? OR how do I show only fields with non-zero values?

This is may sample search and ample dataset: | makeresults | eval data = " 1 2017-12-01 00:00:00 ...

by Motivator in

Can I just do a timewrap on just 1 field/column?

docs http://docs.splunk.com/Documentation/Splunk/6.5.0/SearchReference/Timewrap Can I just do a timewrap on just 1...

by Motivator in

About spliting events

For example, the following logs are available. 2018-05-17 10:00:00.000 columnA columnB columnC 1111111 2222222 33...

by New Member in

How to stop field extractions from within path and url fields

How do you stop Splunk pulling fields out of paths and url fields like this one path="/portal.php?mod=portalcp&ac=...

by Contributor in

Scheduled Base Search only showing several hours of events.

I have a base search ("BaseSearch-SyslogsBro") that is scheduled to run daily in the morning which is utilized within...

by New Member in

How to calculate start and end time from two different searches

Hello, I am trying to calculate the total time it takes for a request to be processed. I have two searches, the ...

by New Member in

how to display only those rows which have the fillnull values

index=abc |chart sum(" Views") by "Site" ,"Event Date" | fillnull value=0 how can I display only those rows which...

by Builder in

average calculation

sourcetype="MATIZ" host=A OR host=B or host=C | base search | timechart span=1d eval(round(avg(response_time),2)) by ...

by Contributor in

How to search logs for values on multiple lines?

I have a log (IPs and user name altered): Time - ID - Command - Argument 2018-05-16T18:06:23.680096Z 225 Connect Acce...

by Path Finder in

Sorting the legend in a graph newest date to oldest from top to bottom

This is my search. It is multiple timecharts timewraped per week SEARCH: index=... earliest=@w1 latest=+7d@w1|...

by Motivator in

Is there a list of unusable field names?

Note: The question is not "how do I search for a field with the name of tag", but "what other field name(s) behave li...

by Path Finder in

Regex string end of the url and in between

10.1.151.100 [18/May/2018:09:09:57 +0200] "GET http://example.com/DCQ/templates/GetAggregated?channel=TV&contentId=4e...

by New Member in

how to replace a lookup part in the splunk query with a saved search?

I have a query as below which gives some output index="summary" search_name="ABC" | dedup hostname | join type=o...

by Builder in

query help inputlookup map

| rest /services/authentication/users splunk_server=local | search [| rest /services/authentication/current-con...

by Communicator in

passing host field in custom script in alert.

I am trying to run a custom shell script with the hostname returned in my results. How to get the hostname field pass...

by Explorer in

I am not seeing all my indexes with this REST call, what am I missing?

All, I am using this command to read in my indexes.conf into Search. But for some reason it's not showing my inde...

by Builder in

Output lookup

Hi, Im trying to output another column from a lookup table i have created named "threatlist.csv". The problem im ...

by Observer in

Why am I getting this error "External search command 'WinAD' returned error code 1" ?

I'm trying to 'Custom search command starter example' on the splunk's site. So, I'm getting this error "External sear...

by New Member in

What is an easy way to display the last 30 days _time in a table?

I just wanna display last 30days _time in a table I am using Index=_internal earliest=-30d | bucket _time spa...

by Explorer in

Use of Outputlookup results in further search

I am trying to find the list of packages installed in all hosts. if any host doesnt have that package installed, I am...

by New Member in

Splunk shows "The lookup table does not exist"

My splunk show the following message suddenly but I don know how to solve it. I tried to search 'ns_log' and 'ns_msg_...

by Explorer in

How to extract a field with special characters?

Hi, I have a log statement that prints service execution time like - Service Response : {"entity":"{\"transact...

by Engager in

How to use the earliest and latest date in Metadata, metasearch, and tstats command?

I was wondering whether Splunk supports earliest and latest date in Metadata, metasearch, and tstats command? I tr...

by New Member in

Get Updates on the Splunk Community!

Splunk Search

Discussions

How to expand table based on click to the column

Splunk Realtime report

How can I remove the fields X which has all zero values? OR how do I show only fields with non-zero values?

Can I just do a timewrap on just 1 field/column?

About spliting events

How to stop field extractions from within path and url fields

Scheduled Base Search only showing several hours of events.

How to calculate start and end time from two different searches

how to display only those rows which have the fillnull values

average calculation

How to search logs for values on multiple lines?

Sorting the legend in a graph newest date to oldest from top to bottom

Is there a list of unusable field names?

Regex string end of the url and in between

how to replace a lookup part in the splunk query with a saved search?

query help inputlookup map

passing host field in custom script in alert.

I am not seeing all my indexes with this REST call, what am I missing?

Output lookup

Why am I getting this error "External search command 'WinAD' returned error code 1" ?

What is an easy way to display the last 30 days _time in a table?

Use of Outputlookup results in further search

Splunk shows "The lookup table does not exist"

How to extract a field with special characters?

How to use the earliest and latest date in Metadata, metasearch, and tstats command?

Can’t make it to .conf25? Join us online!

Community Content Calendar, September edition

Splunkbase Unveils New App Listing Management Public Preview

Leveraging Automated Threat Analysis Across the Splunk Ecosystem

Help me with splunk query to monitor CPU and Memor...

How can i export a list of all services in APM

Splunk Answers Content Calendar May 2025!

MLTKC how should i check jupyter notebook func in ...

ITSI thresholds: adaptive vs static

Splunk Search

Are you a member of the Splunk Community?

Discussions

Can’t make it to .conf25? Join us online!