Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search
Splunk Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
1,000 results
Sorted by:
07-24-2018
02:24 AM
Hi all,
I have below query and the results like below table, is there a way that only search and display total count for the Users who have error(User1, User2, User3)?
index=aaa sourcetype=...
- Tags:
- appendcols
- stats
- total
03-27-2019
06:55 AM
...as to use subsearch so firstly I search for the DNSRequests then search the Process information.
event_simpleName=ProcessRollup2 [search event_simpleName=DnsRequest
| fields + C...
11-05-2018
05:37 PM
I'm trying to sort smartsheets by certain combinations of row/column values. If I remove one of the 'foreach' blocks, the search works, outputting a new field. With both, however, the search returns ...
02-06-2015
07:36 AM
...ourcetype=ironport mailto=%form_var%
which will result in a fields that I can use (icid) to then find the mailfrom field. So I am thinking about a subsearch like:
index=email sourcetype=i...
08-05-2018
09:06 AM
index="_internal" user!=admin | [search index="_internal" | stats count by user]
I am trying to run above query but it fails with an error that "Error in 'SearchParser': Subsearches are only v...
- Tags:
- subsearch
05-27-2020
07:06 AM
...020 03:05:37) has appeared against SyncGroup03.
I also had to use different field names in the query as Splunk complained about the presence of ‘last’ in ‘latest(_time) AS "Last Change"’ once the subsearch...
12-16-2015
03:28 AM
1 Karma
Hello,
I would like to run a scheduled report once. A very log time search, I don't care about performance or time to complete.
I set in local limits.conf
[subsearch]
# maximum number of r...
08-30-2016
07:37 AM
...n the metadata results but I need to have them show in the final results.
I was thinking a subsearch would work but it fails to match up all the records. I only get about 20 matching records but it d...
08-15-2014
08:10 AM
...o go about this?
I tried using Map and the following, but neither seemed to work.
index=voice [search index=voice "ani" "8005558508"
| rex field=_raw "{\"ani\",\"(?<ani>\d*)\"}"
| rex f...
