Search

melonman · ‎04-18-2012

Hi, Can I change the operator in the result of format command for subsearch? I actually want to pass the subsearch format result with "greater than (>) operator" in a particular field. E...

pravusnex · ‎02-02-2010

Hi, I am creating a custom view dashboard. In that I'm trying to utilize the same search to extract a single value and then modify that search slightly to put the rest of the results in a column c...

castle1126 · ‎11-23-2010

...essageid ) over a set amount of time I get over 15,000 results. When I change this search to make it a subsearch index=smtp sourcetype=smtp [search index=smtp sourcetype=smtp rule=x | fields + m...

Lowell · ‎09-02-2010

Is there anyway of emulating a nested subsearch? I know its sometimes possible to rewrite a search to factor-out a subsearch, but I'm hitting a wall. Yes, I know this could be possible using l...

sprooit · ‎07-13-2016

...y are. Here is the search. The list of macs in the search below are actually populated via another subsearch. I removed that subsearch and replaced with the actual result of the subsearch in an a...

sfatnass · ‎11-09-2016

...oto titi tata the time range is based for the first index but the second one need to change the date time to get the correct results. i tryed someting using gentimes but unsuccessful. can a...

TheFloorIsJava · ‎09-05-2017

.... However, if i shorten the timespan to 7 days, then I do get some results (approx 12,000) which is strange? Maybe I am reaching the limit for time/number of events in the subsearch. I am j...

celdridge1988 · ‎01-07-2020

...eleted: | from datamodel:"Change_Analysis"."Account_Management" | where 'tag'="delete" | search NOT "changed: /usr*" | stats max(_time) as "lastTime",latest(_raw) as "orig_raw",values(result) as "signature",v...

tanyongjin · ‎05-08-2017

Hi Splunk community, For Log A, I would like to extract out all the values of a specific field that matches a specific condition. Then with the values extracted from Log A, I would like to u...

simonattardGO · ‎02-03-2012

...ields - _* | outputcsv results.txt The problem is that each time the search runs, results.txt gets overridden. I would like to automatically append the time and date to the name of the file Eg. results3-2-1...

Search

Search the Community

Can I change the operator in the result of format ...

View dashboard subsearches using HiddenSearch

Am I bumping into limits issue with subsearch resu...

How can you emulate a sub-subsearch?

Nested Subsearches - How do I return a list of web...

how to use subsearch with different date time?

Common field in JSON array, two different hosts

Multisearching

Custom Filtering across multiple Logs

Variable File Name in outputcsv