Hi team, when I use stats command to group and aggregration. For example: <base query here> | bin span=1d _time | stats count(eval(autosave=1)) as autosave count(eval(a...
When I run transaction command, some transaction may be more than 500 events but splunk split it to a set of 500 events and show message below :
Show most relevant lines (Exceeds 500 l...
Hello, I am trying to figure out how to expand multivalue fields after using the streamstats command.
I have an event called "Set Range" that happens frequently and sometimes there is an error a...
I am basically dealing with huge set of records where i am ending in mvexpand memory limit error. I want to extract data from below table without using mvexpand command.
if you notice the below t...
Hi,
After upgrading to Splunk ES version 6.0.0 we got the Investigation Overview dashboard, but we have some problems when running it. If we try to look for investigations far back in time, the s...
Hi Splunkers, I am currently trying to create a pie chart that gets its data from a token: host=* | eval $Overview$ | chart sum(Warning) as "Warnings" sum(Violation) as V...
Hi, I am currently receiving an alert where the license consumption is exceeding 80%.
I need to know which index is consuming more license in the last 30 days or last 7 days.
This query shows the...
...nds up in ServiceNow is "Host With A Recurring Malware Infection ($signature$ On $dest$)". The signature and dest tokens do not get expanded. How can I tell it to recursively expand any tokens n...
Only the saved APP saved-search list is displayed.
How do I get other APP saved-search listings?
command : $SPLUNK_HOME/bin/splunk list saved-search
Do not display saved-search of o...
I am trying to add fields from a lookup table. However, the matching field is a multivalue field. I need to expand the matching field but do not know how to group the lookup command with a m...