Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Search
Splunk Community
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Search
Search
Search the Community
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
27 results
Sort by:
04-18-2012
01:42 AM
Hi,
Can I change the operator in the result of format command for subsearch? I actually want to pass the subsearch format result with "greater than (>) operator" in a particular field.
E...
- Tags:
- search-help
11-23-2010
08:49 PM
...essageid ) over a set amount of time I get over 15,000 results. When I change this search to make it a subsearch
index=smtp sourcetype=smtp [search index=smtp sourcetype=smtp rule=x | fields + m...
02-02-2010
06:40 PM
1 Karma
Hi,
I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value and then modify that search slightly to put the rest of the results in a column c...
09-02-2010
02:14 AM
Is there anyway of emulating a nested subsearch? I know its sometimes possible to rewrite a search to factor-out a subsearch, but I'm hitting a wall.
Yes, I know this could be possible using l...
- Tags:
- search-help
- subsearch
11-09-2016
05:13 AM
...able toto titi tata
the time range is based for the first index
but the second one need to change the date time to get the correct results.
i tryed someting using gentimes but unsuccessful.
c...
07-13-2016
07:26 PM
...hat they are.
Here is the search. The list of macs in the search below are actually populated via another subsearch. I removed that subsearch and replaced with the actual result of the subsearch i...
01-07-2020
01:52 AM
...eleted:
| from datamodel:"Change_Analysis"."Account_Management" | where 'tag'="delete" | search NOT "changed: /usr*" | stats max(_time) as "lastTime",latest(_raw) as "orig_raw",values(result) as "signature",v...
05-08-2017
02:55 AM
Hi Splunk community,
For Log A, I would like to extract out all the values of a specific field that matches a specific condition.
Then with the values extracted from Log A, I would like to u...
- Tags:
- filtering
05-28-2010
12:13 PM
3 Karma
I seem to be stuck with the 100 result limit for a subsearch. I've changed maxout= to 10000 in limits.conf (and restarted Splunk), but still no luck.
Any ideas on what else to try? We are on 4.1.2, b...
