Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
4,000 results
Sorted by:
12-16-2017
10:58 AM
I'm trying to divide my query into two parts, D>8000 as X and D<=8000 as Y, so i put it .... my search | eval count(if(D<=8000)) AS Y, count(if(D>8000)) AS X | transpose.....................
10-23-2013
02:12 AM
I would like to index less data into Splunk by modifying several XML sources so that I'm only including certain fields and formatting it as a key-value pairs. I believe I can do this by creating a s...
05-09-2016
12:54 PM
Hi...here is my search:
sourcetype="isc:dhcp" earliest=-10m@s latest=now | stats count as dhcp_count by _time | where dhcp_count<5000
I'll usually get returned stats:
4800
10,0...
09-14-2022
10:13 AM
I'm working on a search that evaluates events for a specific index/sourcetype combination; the events reflect SSO information regarding user authentication success as well as applications the user ha...
Labels
- Labels:
-
table
08-09-2014
05:01 PM
1 Karma
Hi Splunk community,
I have this query
source=main |
transaction user_id |
chart count as Attempts, count(eval(isp_event_type!="authentication_succeeded")) as Failed, count(eval(isp_event_t...
04-05-2018
04:23 PM
...hatever.
So in short, if _time is less then 10min, set field Syncoff to "Out of Sync".
Can anybody help me with this, please?
- Tags:
- _time
12-30-2015
08:59 AM
Hi everyone
Is it a way to use less css pre processor in splunk simple xml views?
Any link or ressource on how to use less in splunk will be welcome.
Thanks
08-16-2017
09:04 AM
I have logs with to and from email address like so:
..... from=<mickey.mouse@disney.com> .....
..... to=<minnie.mouse@disney.com> .....
As you can guess, Splunk nicely parses the...
05-14-2013
07:21 PM
1 Karma
I have a search using the splunk table commands, but the text in one fields is too long so that I can't see the whole result in one screen, is there a way to show only the first 30 characters in that...
- Tags:
- customize
04-20-2017
07:17 AM
Hi,
let's say I want to create a 5 step-funnel for customers depending on their max step.
My first approach would be like
...
| stats max(funnel_step) AS max_step BY customer
| stats dc(...
Show results in replies (3)
-
...econd model. It's slightly less concise, but it solves the issue generally for up to 50 steps, and if y...
-
...hem rather than using dc . This code isn't significantly less complex than your existing c...
-
Give this a try ... | stats max(funnel_step) AS max_step BY customer | stats count by max_ste...
