Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
2,000 results
Sorted by:
07-24-2018
02:24 AM
Hi all,
I have below query and the results like below table, is there a way that only search and display total count for the Users who have error(User1, User2, User3)?
index=aaa sourcetype=...
- Tags:
- appendcols
- stats
- total
2 weeks ago
Hello,
Help me please. I'd like to define multiple search or subsearch to merge all relevant information about alerts.
Interesting fields in search are the hosts - as managed_host field a...
Labels
- Labels:
-
subsearch
08-05-2018
09:06 AM
index="_internal" user!=admin | [search index="_internal" | stats count by user]
I am trying to run above query but it fails with an error that "Error in 'SearchParser': Subsearches are only v...
- Tags:
- subsearch
02-06-2015
07:36 AM
...ourcetype=ironport mailto=%form_var%
which will result in a fields that I can use (icid) to then find the mailfrom field. So I am thinking about a subsearch like:
index=email sourcetype=i...
11-05-2018
05:37 PM
I'm trying to sort smartsheets by certain combinations of row/column values. If I remove one of the 'foreach' blocks, the search works, outputting a new field. With both, however, the search returns ...
08-15-2014
08:10 AM
...o go about this?
I tried using Map and the following, but neither seemed to work.
index=voice [search index=voice "ani" "8005558508"
| rex field=_raw "{\"ani\",\"(?<ani>\d*)\"}"
| rex f...
03-27-2019
06:55 AM
...as to use subsearch so firstly I search for the DNSRequests then search the Process information.
event_simpleName=ProcessRollup2 [search event_simpleName=DnsRequest
| fields + C...
08-30-2016
07:37 AM
...n the metadata results but I need to have them show in the final results.
I was thinking a subsearch would work but it fails to match up all the records. I only get about 20 matching records but it d...
12-16-2015
03:28 AM
1 Karma
Hello,
I would like to run a scheduled report once. A very log time search, I don't care about performance or time to complete.
I set in local limits.conf
[subsearch]
# maximum number of r...
