Community
Splunk Answers
Splunk Administration
Deployment Architecture
Getting Data In
Installation
Security
Knowledge Management
Monitoring Splunk
Using Splunk
Splunk Search
Dashboards & Visualizations
Splunk Dev
Alerting
Reporting
Other Usage
Splunk Platform Products
Splunk Enterprise
Splunk Cloud Platform
Splunk Data Stream Processor
Splunk Data Fabric Search
Splunk Premium Solutions
News & Education
Blog & Announcements
Community Blog
Product News & Announcements
Practitioner Resources
Adoption Boards
Community Office Hours
Splunk Tech Talks
Great Resilience Quest
Training & Certification
Training + Certification Discussions
Training & Certification Blog
Community Lounge
Getting Started
Welcome
Feedback
SplunkTrust
User Groups
Splunk Love
Apps and Add-ons
All Apps and Add-ons
User Groups
Resources
SplunkBase
Developers
Documentation
Splunk Ideas
Sign In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Search
Splunk Community
All community
Knowledge base
Users
Products
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
Ask a Question
Search
Search
Search the Community
Showing results for
Search instead for
Did you mean:
Search Options
Subscribe to RSS Feed for this Search
Advanced
Hide Advanced
Posts
Users
Places
Products
Advanced Search Options
Search Modifiers:
You can apply modifiers to the terms you enter in the search field.
Use quotes to search for an "exact phrase".
Use the plus sign to search for +one +or +more +words.
Use the minus sign to -exclude -certain -words from your search.
View results by
Topics
Specific posts
Results per page
10 results
20 results
30 results
40 results
50 results
Topics with no replies
Limits search results to topics that have no replies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
in Splunk Answers
2,000 results
Sort by:
Best Match
Date
Views
Karma
Replies
Best Match
How to calculate percentrank in Splunk?
by
LearningGuy
in
Splunk Search
11-07-2023
07:47 PM
11-07-2023
07:47 PM
...xc Percentrank inc Student 1 10 91% 100% Student 2 9 82% 89% Student 3 8 73% 78% Student 4 7
6
4%
6
7% Student 5
6
55% 56% Student
6
5 45% 44% Student 7 4 3...
Labels
Labels:
other
Show results in replies (1)
This example will calculate those ranks from the base data of Student+Score, which uses eventstats ...
How to calculate through bin command ?
by
Jouman
in
Splunk Search
11-29-2022
06:25 PM
11-29-2022
06:25 PM
...xe_time Substage_time Count 10 8 11 2 21 9 12 2 32 8 1 43 9 19 4 54 9 12 3
6
5 8 11
6
6
6 9 19 7
6
7 8 11
6
70 9 12
6
71 8 11 5 80 7 4 8...
Labels
Labels:
stats
Show results in replies (1)
10 is the maximum, not the minimum - 3 does not exceed the 10 so is a valid way of dividing up the ...
Is Splunk 8.2
.5
supported on Red Hat 7.9 ?
by
rayar
in
Installation
05-08-2022
12:02 AM
05-08-2022
12:02 AM
Is Splunk 8.2
.5
supported on Red Hat 7.9 ?
Labels
Labels:
Linux
Show results in replies (1)
...niversal Forwarders 8.2
.5
and 8.2.6 are certified for kernels 3.x+ but only at
6
4 bits. As you can s...
How to display top 5 and replace the rest with oth...
by
LearningGuy
in
Splunk Search
01-29-2024
07:44 AM
01-29-2024
07:44 AM
...t; number didn't match Before Expense Name Score 1 Rent 2000 2 Car 1000 3 Insurance 700 4 Food 500 5 Education 400
6
U...
Labels
Labels:
Dashboard Studio
table
Show results in replies (2)
...00,4000,40000
6
,Utility,200,2000,30000 7,Entertainment,100,1000, 10000 8,Gym,70,700,70000 9,Charity,5...
...otal | where row <= 7 | eval Score=case(row ==
6
, total - running + Score, row == 7, total, true(), S...
Upgrade plan and path From 7.2 to 8.0
by
abhic25
in
Deployment Architecture
04-06-2021
01:12 AM
04-06-2021
01:12 AM
...NA 8.0 Indexer 7.2.6 NA 8.0 Heavy Forwarder
6
.5
.2 7.2 8.0 Heavy Forwarder
6
.5
.2 7.2 8.0 Universal Forwarders
6
.5
.2 7.2 8.0 U...
Tags:
upgradepath8.0
Labels
Labels:
heavy forwarder
indexer
search head
universal forwarder
Show results in replies (1)
Hi @abhic25 to upgrade the HF you need to stop and reinstall the new version. ...
how to sort rows result in descending order
by
mmouse88
in
Splunk Search
01-05-2017
06:02 PM
1 Karma
01-05-2017
06:02 PM
1 Karma
Happy New Year!!! my splunk query --> search command | timechart sum(quantity) as total span=1week by user limit=5 | sort -total here's the row results I have which is total: 8 4
6
1 3...
Tags:
row
sort
timechart
Show results in replies (1)
Try this workaround which will keep the column order but the column names will have a serial number...
Splunk search command- How to get table?
by
dj56
in
Splunk Search
10-18-2022
08:58 AM
10-18-2022
08:58 AM
...get 1.1.1
.5
4 get 1.1.1.6 4 get 1.1.1.7 5 get 1.1.1
.8
7 get What's could be the search to get following table number of r...
Labels
Labels:
count
other
stats
Show results in replies (1)
Just add something like: | stats count as clientcount by count
Why is stanza for inputs conf is not working?
by
Naa_Win
in
Deployment Architecture
07-11-2023
08:44 AM
07-11-2023
08:44 AM
...priority =
6
[source::/mysource/ToSplunk/*.SBS*.xml.edi] SHOULD_LINEMERGE=false LINE_BREAKER=([\r\n\s])+\<Policy\s+ NO_BINARY_CHECK=true TRUNCATE=999999 CHARSET=UTF-8 priority = 7 [s...
Tags:
inputs.conf
props.conf
stanza
Labels
Labels:
other
Show results in replies (1)
pipes ( OR ) in the monitoring stanza doesn't works. so i had used blacklist & whitelist concep...
When will there be Splunk Free/Enterprise support ...
by
clopmz
in
Installation
06-03-2022
01:28 AM
06-03-2022
01:28 AM
Good morning, When RHEL9 will be supported in Splunk Free/Enterprise?
Labels
Labels:
Linux
Show results in replies (2)
Hi @clopmz, as you can read at https://docs.splunk.com/Documentation/Splunk/8.2.6/Installation/Sys...
Hi @clopmz, as you can read at https://docs.splunk.com/Documentation/Splunk/8.2.6/Instal...
How do you move duplicate rows in a table?
by
rohanmiskin
in
Dashboards & Visualizations
02-08-2019
01:03 AM
02-08-2019
01:03 AM
...|2 |3 |4 1 |2 |3 |4 5 |
6
|7 |8 5 |
6
|7 |8 5 |
6
|7 |8 5 |
6
|7 |8 The result i want is field1|field2|field3|field4 1...
Tags:
duplicated
duplicates
duplication
splunk-enterprise
Show results in replies (1)
Use dedup: mySearchCriteria | table field1,field2,field3,field4 | dedup field1,field2,field3,fie...
«
Previous
1
2
Next
»